nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Oracle Communities

Oracle Analytics and AI

Child Item

OAC default User access

VijayDC

HI All,
In IDCS when a new user is added looks like the user is by default have BI consumer Role and 'Authenticated user' in OAC. User is able to see all the content in shared folder.

in our case if user logins similar to OAC we like to have user getting warning message. like below. but it is not the case currently.

please let us know what change required in OAC or Oracle Cloud domain

Find more posts tagged with

Security

OAC

FDI Security

permissions

object Level security

Accepted answers

GayathriAnand-Oracle

In IDCS the general best practice is to assign Groups to Roles (Not assign users to Roles directly).

So if the former is the setup you have, then what you need to do is to remove the Group membership from ServiceViewer Role in IDCS. This will in turn remove the BIConsumer App Role membership for the users who belong to this group.

All comments

RanaAshutosh-Oracle

You will need to either update the permissions on the /shared folder or remove the user from the assigned IDCS role.

Refer to:

OAC: How to Associate a User to an Application Role and the Mapping Between IDCS Application Roles and OAC OBIEE Application Roles (Doc ID 2349434.1)
KB1127: OAC – Associating Users to Application Roles and Understanding Role Mapping Between IDCS and OBIEE

VijayDC

HI @RanaAshutosh-Oracle Thak you for the reply, so we can remove the BI consumer for all the new users.

remove the user from the assigned IDCS role —> looks like we need to deselect serviceViewer role for new users ..I have to work with Architect on this.

Could you please share more details on this… how to remove BI consumer role for all the users by default

GayathriAnand-Oracle

In IDCS the general best practice is to assign Groups to Roles (Not assign users to Roles directly).