Different projects on one OBIEE enviroment — Oracle Analytics

Oracle Analytics Cloud and Server

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

Different projects on one OBIEE enviroment

Received Response
31
Views
5
Comments
mmajdana1
mmajdana1 Rank 6 - Analytics Lead

Hi , I am using OBIEE 12.2.1.2.0

I already made a project on OBIEE, however now there is a need for another project on the same enviroment,

As we know we can have only one RPD online at the moment so i should make this project on same RPD, but different model , and this is the part where i know how to do that.

My question is when i deploy this RPD how can i make that subject areas that are exposed are unavaillable/hidden to one group of users and vice versa.

Kr, Matija

Answers

  • Joel
    Joel Rank 8 - Analytics Strategist

    You could use Application Roles to manage this. In the rpd, right-click on the subject area in the presentation layer and select the properties menu item.

    pastedImage_0.png

    Click on Permissions, and in here you can select the Application Role which should have access. In WebLogic, you'll need to assign users to the Application Roles.

  • You also have the privileges in the front-end.

    As security is in multiple places and require to be configures everywhere to be effective you maybe want to define a proper security model and strategy (which was supposed to already be implemented even for a single "project" ).

    https://speakerdeck.com/gianniceresa/obiee-security-its-a-jungle-out-there

  • mmajdana1
    mmajdana1 Rank 6 - Analytics Lead

    Thank you very much Joel, i will go with this approach.

    Kr, Matija

  • mmajdana1
    mmajdana1 Rank 6 - Analytics Lead

    I made a row level security and visibility of certain records in dimension tables with session variables, but this was a new thing for me.

    I appreciate your effort.

    Thx, Matija

  • You covered data level security, but don't forget the whole front-end: privileges + catalog permissions. It's worth to setup everything as "clean" and restricted as possible from the beginning so that whatever happen later (like now a new part added in OBIEE or anything else) is covered by default with security already in place.