Oracle Communities

Oracle Analytics and AI

Child Item

Object Level Security on SA

user12116294

Hello Expert,

We have a strange issue that we have implemented Object Level Security on Complete SA based on EM Roles.

Sample Subject Area

Authenticated User - No Access

Test BIAuthor - Read/Write

Test BIConsumer - Read

Rest All Roles - Default

In nqsconfig file:- PROJECT_INACCESSIBLE_COLUMN_AS_NULL = YES

Now the have created a report from Sample Subject Area and placed in default location in shared folder.

User having Test BIAuthor role & Test BI Consumer role can see the report, where as other user are getting blank screen with title name of report.

This is desired behavior which is expected.

Point to catch is there is no inline filter placed in the report. But as soon we make a filter in the report and save it and run the report, the user's who does not have TestBIAuthor & Consumer role are getting below error:-

State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred.

Please have your System Administrator look at the log for more details on this error. (HY000)

State: HY000. Code: 43113. [nQSError: 43113] Message returned from OBIS.

Please have your System Administrator look at the log for more details on this error. (HY000)

State: HY000. Code: 27046. [nQSError: 27046] Inaccessible column: "Source Project"."Project Name".

Please have your System Administrator look at the log for more details on this error. (HY000)

and we remove this report filter and run the report its working without error and user's who doesn't have access are getting only report name

Please let me know is it a default behavior or am i missing something.

Thanks & Regards,

Abhi

Find more posts tagged with

Accepted answers

All comments

[Deleted User]

What *exact* version?

user12116294

Hello Christian,

We are using :- 12.2.1.1.0

Package:- 160601.0400.00

MUD Version - 6

Please let me know if any other information is required.

Thanks & Regards,

Abhi

asim cholas

I think default will be the lowest level which means No Access though i dont remember it clearly. But why cant you set up object level security in catalog, so that it will not be visible at all rather than displaying just the report name?

[Deleted User]

asim cholas wrote:I think default will be the lowest level which means No Access though i dont remember it clearly. But why cant you set up object level security in catalog, so that it will not be visible at all rather than displaying just the report name?

In the OBIS (RPDI the most permissive right wins. In the OBIPS (catalog) the most restrictive right wins.

user12116294

Hello Christian,

Problem is user can create report and save it at adhoc location.

My main concern is that when we are creating the report without any report filter its working fine (user can see only report name without any error) and incase he want to edit it, an error message getting pop up (no access to subject area).

However, if we create the report with any report filter it getting error message

Here Project Name is the column where we have put the filter as Project Name is in "simple".

State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred.

Please have your System Administrator look at the log for more details on this error. (HY000)

State: HY000. Code: 43113. [nQSError: 43113] Message returned from OBIS.

Please have your System Administrator look at the log for more details on this error. (HY000)

State: HY000. Code: 27046. [nQSError: 27046] Inaccessible column: "Source Project"."Project Name".

Please have your System Administrator look at the log for more details on this error. (HY000)

[Deleted User]

First test: Can BIConsumer run the analysis correctly if it's an in-line filter rather than a saved one?

Second test: Recreate the saved filter from scratch.

General question: Why the read/write vs read distinction? Are you REALLY doing something with write-back???

user12116294

Thanks Christian for your response really Apprecieated.

User with SalesBIAuthor and SalesBIConsumer role are able to run the report without any error. But the user who does not have SalesBIAuthor & SalesBIConsumer role when they are running the report they are getting error. Ideally they should get a blank screen (which is also coming up when no filters are added in the report).

who does not have SalesBIAuthor & SalesBIConsumer role when they are running the report they are getting error. Ideally they should get a blank screen like this mentioned below

User who does not have sales Author/consumer roles are getting error when filter is added:-

tate: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred.

Please have your System Administrator look at the log for more details on this error. (HY000)

State: HY000. Code: 43113. [nQSError: 43113] Message returned from OBIS.

Please have your System Administrator look at the log for more details on this error. (HY000)

State: HY000. Code: 27046. [nQSError: 27046] Inaccessible column: "Source Project"."Project Name".

Please have your System Administrator look at the log for more details on this error. (HY000)

[Deleted User]

Oh ok got you now. Then as I said try with an in-line one. You may be hitting a limitation there with inaccessible columns in saved filter objects since it is anyway weird that you have a use case where a user access an analysis he should be able to access but which contains a filter from a SA he shouldn't access...kind of contradictory don't you think?