Oracle Transactional Business Intelligence Idea Lab

Home Oracle Analytics Oracle Analytics Idea Labs More Solutions Idea Labs Oracle Transactional Business Intelligence Idea Lab

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

Secured BI Role – need possibility to restrict data access as per security profile

Submitted
1
Views
1
Comments
Kerstin Henriksson
Kerstin Henriksson Rank 2 - Community Beginner
in Oracle Transactional Business Intelligence Idea Lab

Organization Name

Skanska

Description

For us as a global company it is important to be able to allow local units to actively participate in the maintenance. At the same time we need to adhere to legislative regulations and restrict access to data not needed in the role. Therefore, we have a requirement to be able to give Data Model access to country specific administrators, to enable them to write/create reports and get a view of only the data relevant to them as per their security profile.

With the current product capability, a user with BI administrator role, can write adhoc PL/SQL queries and have access to the entire data that resides in the application which doesn’t adhere to the person security profile unlike the case for OTBI reporting.

Hence we see the need to be able to have restrictions based on person security profile also when a user has BI administrator role.

Use Case and Business Need

To be compliant with GDPR and other legislation related to data protection it is important to be able to contextualize access also through BI to fit the persons’ security profile.

Original Idea Number: 350c9b5463

Tagged:
2
Up
2 votes

Submitted · Last Updated

Comments

  • Glen Ryen
    Glen Ryen Rank 4 - Community Specialist

    Agreed, striped data access in BI Publisher would be very useful - and not just for HCM. For now your options for transactional reports are OTBI (which respects data access privileges, like you say) or centrally-deployed BI Publisher data models that have also been coded to respect role security (e.g. querying secured views instead of base tables).

    If you have users to whom you want to grant BI Admin roles but not full data access, I'd suggest considering cloned instances as a possible work around. You could obfuscate some or all of the data in the clone, as needed. It wouldn't get around the need for central PROD deployment of BI objects (after checking the security logic), but that could at least allow a broader population to participate in report development.

    Glen