Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 16 Oracle Analytics Lounge
- 216 Oracle Analytics News
- 43 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 79 Oracle Analytics Trainings
- 15 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
Object Level Security on SA
Hello Expert,
We have a strange issue that we have implemented Object Level Security on Complete SA based on EM Roles.
Sample Subject Area
Authenticated User - No Access
Test BIAuthor - Read/Write
Test BIConsumer - Read
Rest All Roles - Default
In nqsconfig file:- PROJECT_INACCESSIBLE_COLUMN_AS_NULL = YES
Now the have created a report from Sample Subject Area and placed in default location in shared folder.
User having Test BIAuthor role & Test BI Consumer role can see the report, where as other user are getting blank screen with title name of report.
This is desired behavior which is expected.
Point to catch is there is no inline filter placed in the report. But as soon we make a filter in the report and save it and run the report, the user's who does not have TestBIAuthor & Consumer role are getting below error:-
State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred.
Please have your System Administrator look at the log for more details on this error. (HY000)
State: HY000. Code: 43113. [nQSError: 43113] Message returned from OBIS.
Please have your System Administrator look at the log for more details on this error. (HY000)
State: HY000. Code: 27046. [nQSError: 27046] Inaccessible column: "Source Project"."Project Name".
Please have your System Administrator look at the log for more details on this error. (HY000)
and we remove this report filter and run the report its working without error and user's who doesn't have access are getting only report name
Please let me know is it a default behavior or am i missing something.
Thanks & Regards,
Abhi
Answers
-
-
Hello Christian,
We are using :- 12.2.1.1.0
Package:- 160601.0400.00
MUD Version - 6
Please let me know if any other information is required.
Thanks & Regards,
Abhi
0 -
I think default will be the lowest level which means No Access though i dont remember it clearly. But why cant you set up object level security in catalog, so that it will not be visible at all rather than displaying just the report name?
0 -
asim cholas wrote:I think default will be the lowest level which means No Access though i dont remember it clearly. But why cant you set up object level security in catalog, so that it will not be visible at all rather than displaying just the report name?
In the OBIS (RPDI the most permissive right wins. In the OBIPS (catalog) the most restrictive right wins.
0 -
Hello Christian,
Problem is user can create report and save it at adhoc location.
My main concern is that when we are creating the report without any report filter its working fine (user can see only report name without any error) and incase he want to edit it, an error message getting pop up (no access to subject area).
However, if we create the report with any report filter it getting error message
Here Project Name is the column where we have put the filter as Project Name is in "simple".
State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred.
Please have your System Administrator look at the log for more details on this error. (HY000)
State: HY000. Code: 43113. [nQSError: 43113] Message returned from OBIS.
Please have your System Administrator look at the log for more details on this error. (HY000)
State: HY000. Code: 27046. [nQSError: 27046] Inaccessible column: "Source Project"."Project Name".
Please have your System Administrator look at the log for more details on this error. (HY000)
0 -
First test: Can BIConsumer run the analysis correctly if it's an in-line filter rather than a saved one?
Second test: Recreate the saved filter from scratch.
General question: Why the read/write vs read distinction? Are you REALLY doing something with write-back???
0 -
Thanks Christian for your response really Apprecieated.
User with SalesBIAuthor and SalesBIConsumer role are able to run the report without any error. But the user who does not have SalesBIAuthor & SalesBIConsumer role when they are running the report they are getting error. Ideally they should get a blank screen (which is also coming up when no filters are added in the report).
who does not have SalesBIAuthor & SalesBIConsumer role when they are running the report they are getting error. Ideally they should get a blank screen like this mentioned below
User who does not have sales Author/consumer roles are getting error when filter is added:-
tate: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred.
Please have your System Administrator look at the log for more details on this error. (HY000)
State: HY000. Code: 43113. [nQSError: 43113] Message returned from OBIS.
Please have your System Administrator look at the log for more details on this error. (HY000)
State: HY000. Code: 27046. [nQSError: 27046] Inaccessible column: "Source Project"."Project Name".
Please have your System Administrator look at the log for more details on this error. (HY000)
0 -
Oh ok got you now. Then as I said try with an in-line one. You may be hitting a limitation there with inaccessible columns in saved filter objects since it is anyway weird that you have a use case where a user access an analysis he should be able to access but which contains a filter from a SA he shouldn't access...kind of contradictory don't you think?
0