nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Oracle Communities

Oracle Analytics and AI

Child Item

Restrict User to create OTBI or BIP reports

Shashank Verma-Oracle

Summary:

Requirement is that Users should not be able to create any OTBI reports from his account. We have already restricted the Permission for the user to access other folders. However he is able to create OTBI reports. Any specific role which allows the user to create OTBI Reports ? and if we can revoke them.

Content (required):Requirement is that Users should not be able to create any OTBI reports from his account. We have already restricted the Permission for the user to access other folders. However he is able to create OTBI reports. Any specific role which allows the user to create OTBI Reports ? and if we can revoke them.

Version (include the version you are using, if applicable):

Code Snippet (add any code snippets that support your topic, if applicable):

Find more posts tagged with

Accepted answers

All comments

Raghavan p-Oracle

Keep BI Consumer role and remove BI administrator/ BI Publisher Data Model Developer roles from the user.

Shashank Verma-Oracle

Hi,

We are not giving BI Consumer role and BI Admin role both to that User

Nathan CCC

Hi,

When you say "OTBI reports" we are assuming you mean an object of type "Report" (yellow) (not "Analysis" (blue))

"We are not giving BI Consumer role and BI Admin role both to that User"

Yes that is ok. But if you have granted a user "BI Author Role" then your user is a "BI Consumer". You do not need to grant "BI Consumer Role" because it is already granted to "BI Author Role". Yes you do NOT need to grant "BI Administrator".

As Raghavan said the behaviours are controlled by whether your user is just an "Author" or both an "Author and a Data Model Developer". A user with only role "BI Author Role" can create an analysis etc but not a data model. A report must have a data model. Therefore an author cannot create a report other than a report on a data model that someone else has created. An author user who also has "BI Publisher Data Model Developer" can create a data model and therefore a new report using that data model.

Delete the role highlight in yellow and I cant create reports anymore - data model icon is hidden on my create menu (circled in red in the screenshot of the create menu above)

Vijay Ramani VJ

Are you using custom role or seeded role? That specific role could be having BI Author which allows them to create the OTBI report, but it depends on your folder security, if they can save it or not.

In our case, we restricted the folder security so they will not be able to save the reports in the shared folder, but on their personal folders.

Shashank Verma-Oracle

Thanks for sharing. Appreciate your help.

Girish_Kulkarni_123

BI Consumer role ,BI Author role, BI admin role seems to apply only to BIP reports but not to OTBI. Kindly guide,

Praveen Kumar Akkala-Oracle

HI Shashank/Girish,

Who ever has the BI Author or BI Admin roles can see the create option for OTBI.

If you do not want the user to create the reports, Please give them only the BI Consumer role.

Thanks,

Praveen

Girish_Kulkarni_123

Hi Praveen,

Thanks, for BIP, is there an option to only allow the user to archive/unarchive the BIP/OTBI but not create BIP/OTBI?

Thanks,

Girish

Nathan CCC

In OTBI exist 4 roles out of the box; BIConsumer, BIAuthor, BIPDataModelDeveloper, BIAdministrator.

In summary with the out of the box default configuration

Consumer lets you interact with existing analytics and reports in OTBI (role code "BIConsumer")
Author lets you build new content like new prompts, analysis, agents, actions, publisher reports using existing data models in OTBI (but you cannot create new data models) in OTBI ( role code "BIAuthor")
Data Model Devleoper lets you create new data models for publisher reports in OTBI (role code "BIPDataModelDeveloper")
Administrator gives you full access (role code "BIAdministrator")

To review then change which role has which privilege

as administrator go to page Manage Privileges /analytics/saw.dll?PrivilegeAdmin

For example, out of the box only administrator has privilege archive catalog but if you want you can edit that by user or role

So to meet this requirement based on the default out of the box config a user granted Consumer (but not Author, nor Data Model Developer, not Administrator) will NOT be able to create new Analysis, new Dashboard Prompt, new Report, new Data Model, new Agent, new Action etc in OTBI. And this user will NOT be able to Archive / Unarchive to catalog in OTBI.

Girish, If you ethen edit in manage privileges "Archive Catalog" / "Unarchive Catalog" to grant this to an additional user or role then they will be able to "archive/unarchive to the catalog" but if all they have is on top of that Consumer then they still can NOT create analysis, data model, report etc in OTBI".