How to restrict data access in OTBI reports: buyer can only retrieve their own PO

Question

Hi Experts,

(Please advise the category of posting this inquiry, I am choosing OTBI as a start, if it is more suitable to Purchasing category then please help to migrate this post. Thank you.)

I got an Analysis using subject area "Procurement - Purchasing Real Time" which is allowing users with Buyer role to retrieve the PO's approval history.

However, I got the feedback that users found themselves being able to retrieve other buyer's PO approval history. This is not good.

Please refer to below screenshot being a case that I am login as "Chiu, Liwen", but I am able to search for the other Buyer "Chang, Avis" PO and its approval history.

Is there a way to restrict the data access? I.e. I (Chiu, Liwen) can only search for my own PO?

Please kindly advise. Thank you.

Liwen

Liwen Chiu · Answer

Hi team,

May I ask if there's any other advice? Does anyone have similar requirement that each buyer should be restricted to review their own PO content in reports developed using OTBI's Subject Area?

Appreciated your suggestions. Thank you.

Liwen

Liwen Chiu · Answer

Hi @Nathan CCC,

Thanks for your advice.

We do have many departments doing purchasing under a single BU.

E.g. for BU named "Taipei", we have departments of Administration, Legal, Operations…etc all creating Purchase Orders under "Taipei" BU.

However, the purchasing items and the amount is not suitable to be shared across departments.

Thus, is there a way to add another restrictions by using the tools in Fusion's Report and Analytics, so that each user cannot retrieve other buyer's PO approval history?

In fact, in "Manage Orders" function, end users (with Buyer role) won't be able to retrieve other Buyer's PO.

So we are expecting the same behavior is applied to Subject Area in Report and Analytics.

May I ask if you can look into this?

Thank you very much.

Liwen

Nathan CCC · Answer

Hi, Please review My Enterprise work area Setup and Maintenance page "Manage Data Access for Users". If you have granted for example this user with this job role security context to one or more business units then the expected result is that this user may view in analytics all purchase documents in those BU not just the ones for which they are the requester or buyer etc.

To check what data security was done then go to page Manage Sessions /analytics/saw.dll?Sessions or Issue SQL /analytics/saw.dll?IssueRawSQL then View Log. Look at the where clause in the physical SQL(s) to understand what data security was done for that user in that session to restrict data access.