Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 17 Oracle Analytics Lounge
- 218 Oracle Analytics News
- 44 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 81 Oracle Analytics Trainings
- 15 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
Security issue in BICS
Hi,
In Oracle BICS, I am trying to setup permission for an user in such a way that he will have access to create only "VA Project", and not a new "Analysis" or "Dashboard".
I chose the application role "BI Discovery Content Author" and added the user as a member to this role.
But, user is still able to create "Analysis" and "Dashboard" along with "VA Project".
Is there any other way to put a restriction to this?
Answers
-
May be you would check the other application roles related to consumer not the content author.content author will give privileges to create and edit analyses.
Thanks
DNK
0 -
Inheritance is at work ...
The documentation shows
- the primary member of the BI Content Author role is BI Discovery Content Author role
I strongly suggest you don't attempt to undo that built in inheritance, but rather build and use your own (with it's own inheritance if needed).
0 -
Thanks for your reply.
There is only one consumer role available under BICS which is "BI Consumer". This gives read-only access to analyses, dashboard and visual analyzer. This will not help to achieve my requirement.
0 -
Thank you for your reply.
Can you please elaborate on your statement "but rather build and use your own (with it's own inheritance if needed)"?
Currently, I am using a trial version of BICS which does allow me to create new application role and add it as member of other existing application roles but does not give any option to set the privileges as per my requirement.
Can you please suggest the inheritance I can create for my requirement, i.e., giving access to create only "VA Project", and not a new "Analysis" or "Dashboard"?
0 -
Inheritance is optional (I don't have a trial BICS to formulate a plan) ... you might have to get creative and try to force the issue with custom roles and explicit Deny (if I'm not mistaken it reigns supreme over the least-restrictive rule).
Also, have your Oracle sales rep put you in contact with a sales engineer who can technically guide you on this. If this requirement is make-or-break for a sale - then they'll do what they can to get you over the hurdle.
Else - you might have to look at an on-prem solution - where this requirement is easily achieved.
0 -
Thanks for your response.
We already have a on-premise system up and running where we have these kind of ad-hoc rules implemented. We are trying to migrate that system to cloud and hence, doing a POC with the trial version.
We can create custom roles but we are not sure how to enforce a custom rule (e.g. explicit deny as you mentioned) on that role as we can't find any such option in cloud. Any idea how that can be done?
0 -
Not off the top of my head ... I suggest you reach out to your Oracle Rep and have them coordinate a session with a sales engineer - a technical person that can help you truly vet the tool to your specifications.
0 -
From OBIEE to BICS?
Can I ask why? Why not OAC?
0 -
SaaS vs PaaS ... wasn't thinking of that - thanks for the extra eyes!
0