Categories
- All Categories
- 89 Oracle Analytics News
- 7 Oracle Analytics Videos
- 14.1K Oracle Analytics Forums
- 5.3K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 51 Oracle Analytics Trainings
- 59 Oracle Analytics Data Visualizations Gallery
- 2 Oracle Analytics Data Visualizations Challenge
- 4 Oracle Analytics Career
- 4 Oracle Analytics Industry
- Find Partners
- For Partners
Personalized Data Permissions (PDP)
Organization Name
Strategic Account
Description
Problem: Currently users can be added to data sets, projects, and other resources from a high level but restricting access on a more granular level is difficult, very manual, and not scaleable to large organizations. It creates clutter, allowing users to see more than what they need. This is beyond what group or role access can provide.
Solution: We would love to see OAC embrace Entitlement Policies. This allows the filtering of a dataset down to the user for a custom experience at each user's level. This eliminates clutter and provides a scalable option for Data Permissions. In other words, the same Dataset can be sliced into three different displays for three different users. This ensures each user only sees their own data.
Use Case and Business Need
This would allow an enterprise to deploy OAC environment across a large number of users and ensure proper data privacy practices can stay in place. Logical examples include sales managers viewing their territory. Marketing analysts working on their LOB's data. Finance team working on only the data given to them.
Example
VP | Manager | Analyst |
David Wallace | Michael Scott | Dwight Schrute |
David Wallace | Michael Scott | Erin Hannon |
David Wallace | Jim Halpert | Pam Beesly |
David Wallace | Jim Halpert | Creed Bratton |
In this scenario you could set three PDP policies for VP level, Manager level, and analyst level {email.value=yourself, direct reports} permissions to view and edit all data under yourself as well as direct reports and their hierarchy.
1. VP Level: David Wallace would be able to see all data in this case as they all report to him
2. Manager Level: Michael Scott can ONLY see Dwight and Erin's data. And manager Jim can see ONLY Pam and Creed's data. But they CANNOT see data from the other manager.
3. Analyst Level: Dwight Schrute can only see Dwight Schrute's data and cannot see anything else as he has no direct reports.
More details
This is something Domo does very well and would be a great feature to have parity with
https://developer.domo.com/docs/dataset/create-personalized-data-permissions-pdp
Original Idea Number: 33c4f6b70f
Comments
-
I agree this entitlement based data level access would be extremely helpful from a security configuration standpoint. The current process for creating data level security is very manual and difficult to scale.
0 -
We have got similar request from our business users asking for more detailed object and data level security, for OAC and OAS installations.
0 -
Absolutely. This would further enable platform security, eliminate unrelated clutter, and help scale adoption. Would a native OAC feature like PDP above solve you particular situation?
0 -
How do you currently control access to your data model?
0 -
Currently working with Verizon, who need to have granular aspects of dataset shared and available. This would allow OAC to be configured per company policy and request.
0 -
Data level group security is a great option to have. It also helps from the performance to leverage the group level caching.
0 -
Thanks Rob!
0 -
To have implemnted "row level security" concept (similar to the one, I can setup in semantic model = RPD) also in "self-service" world - thus when designing data sets is definitelly one of the necessity, allowing to use Data Visualization for real enterprise deployment/usage.
0 -
Great point Michal - Yes RPD can utilize session variables and initialization blocks to, for example, pass through user's email address as a parameter so the dashboard data will be filtered on each users email address and respective access. This is what my colleague informs me. This seems a little bit more complicated even for the self-service aspects. However, this should be more of a native feature and easier to digest, monitor, and deploy
0 -
Yes. We (Verizon) definitely need this functionality especially when dealing with many levels of security pertaining to Data and Users.
0