Restrict FDI Users who have Author role from dropping a data file.

Bangar Aaloori

Prevent FDI users who have "Author" from dropping a data file.

Navigation:
Home Page > Create > dataset then
User should not be able to drop a datafile.

We are told by FDI Product Expert that we can't customize FDI "Author" role or do not have an option to disable upload of a data file.

Bangar Aaloori

Screenshot:

We would like to have an option where Users will be restricted to upload data files or prevent unauthorized/inadvertent uploads into FDI.

Corrinne Walkaus

The ability to restrict this capability is critical to our implementation roll-out strategy and adoption rate. We are not comfortable granting author access within our production environment since users can upload external data files into FDI that can be mixed with governed data. This then limits users' ability to use the ad hoc reporting capabilities in our production environment since they only have consumer access.

Vivek_Gautam

Hello Oracle,

We have identified a common issue across multiple clients. It would be beneficial to restrict users from uploading external data files in FDI, similar to the functionality available in the OAC ecosystem. We would like to request that Oracle enable this functionality in FDI as well.

Thanks & Regards,

Vivek Gautam

Daniel Chapman

We certainly have a use case where we need to restrict the ability of the "Author" role in FDI and agree there should be an ability to disconnect this privilege to prevent ability to expose FDI to external data. A custom role should be possible to allow customers to manage the privileges of the "Author" role.

Cheryl Gover

It is a good idea to restrict the ability to be able to drop data files to FDI to ensure that the validated data only is available.

T.Robinson

Further segmentation of roles/privileges is an overall them that should be addressed by Oracle. This idea would be helpful.

Jacob at MKL

It would certainly be nice to have further customization of the "FDI Author Role." This fits in well with our use case and overall, we are currently not comfortable having author access within FDI PROD since FDI users could upload external data that could be jumbled in with preexisting validated/governed data.

Linga Murthy

Limiting the capability to drop data files to FDI is a wise decision. This approach guarantees that only validated data is available, thereby improving both data integrity and security.

Thanks

Linga

Oracle Analytics Wizard-Oracle

NOTE: I'm just a messenger 😃

I acknowledge the value of this feature; however, based on my experience, it is preferable to limit the number of authors involved in FDI production to a minimum. This approach compels developments to take place in non-production environments, which can then be migrated after user acceptance testing (UAT). For periodic application updates, it is advisable to implement the updates initially in non-production environments, allowing for thorough testing of all custom developments. By having authors primarily work in non-production, it becomes possible to test, rectify, and validate all custom developments, thereby ensuring that new periodic updates can be applied safely in production, significantly reducing the likelihood of errors or issues.

Establishing a governance and migration strategy will enable the Service Administrators to manage the various environments effectively, especially since major application updates from Oracle are released quarterly. This strategy allows the IT team to identify and resolve most, if not all, issues or errors in a non-production setting, rather than in the production environment where business users operate.

Jamie Anderson-Oracle

I just wanted to note that this idea is still open for votes, and has not been dismissed by the Oracle Product Management team. However, @Oracle Analytics Wizard-Oracle brings up some good points on data governance that may help in the meantime.

A somewhat modified approach to what has been suggested is in your PROD environment, you could have a special folder for "approved" workbooks that have been vetted by a data governance team. That team would be the only ones who have Read-Write access to that folder and containing workbooks, while everyone else has Read-Only access. (I love this blog that explains workbook access here.)
Users could submit their own workbooks to the data governance team to add to the vetted workbooks.

Users would understand that all workbooks in the "approved" folder use governed data, while workbooks in other locations may have data from other sources that aren't necessarily vetted.

Again, this idea is still open for votes, but I wanted to offer a potential solution in the meantime.