Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 15 Oracle Analytics Lounge
- 208 Oracle Analytics News
- 41 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 76 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
Deactivate the possibility to send an OBI report to anyone

Use Case and Business Need
Hello,
Currently, in OBI, it's possible to send an OBI report to anyone, even if this person is not working for our company.
Indeed, you can enter anyone's email address if you click on the little green cross which is in a grey square.
From a confidentiality data protection point of view, it would be relevant to deactivate this functionality or to configure this functionality so that users could only enter email addresses based on a whitelist.
Thank you
Evelyne
Original Idea Number: 822ef61d6b
Comments
-
Hello
It would be very useful because some OBI reports contain personal data.
This whitelisting should be optionnal. If no domain list is specified, the report could be sent to any e-mail adress.
Best regards
Stephane
0 -
This is an issue for American Express Global HCM implementation as well and it is viewed as a serious security risk that may result in data breaches. Currently anyone with access to a report can schedule it to be delivered to their personal home address. Some reports have sensitive information and forwarding them to personal emails is a risk.
We had to implement a workaround to Audit the scheduled reports that have delivery method of Email and catch any that were submitted to addresses outside company. This workaround however only works for BI Publisher reports. There is no such information available for OTBI reports at the moment.
Our organization views this as a serious security issue.
Our suggested solution would be to add a place under the Admin page that we can specify what domains are acceptable for report and analysis delivery. Similar feature is available for email contents. You can restrict contents from which domains can be used in emails but you cannot currently restrict what domains can be used for report delivery.
Please note in 20A Oracle is adding a feature to restrict who can schedule emails. This was suggested to us as a solution but it does not resolve this issue. As the problem is not who can schedule reports but it is rather what emails can be set as delivery method for reports.
Related Oracle SR:
0 -
Some reports include sensitive information and should not be emailed outside the company. Our email servers have rules that detect and keep record when a file attachment is emailed outside the company. However when the email is sent from Oracle directly it bypasses our servers and this can go undetected. There is a partial workaround possible to write Audit reports for BI Publisher reports. This is risky since the emails can still be sent and only later will be caught in Audit and it won't cover all cases since OTBI Analysis results and HCM Extracts are not covered.
0 -
As there is option available to restrict BIP reports delivery, there should be an option for OTBI restriction as well. Also, once this option is set, all the BIP reports are blocked (Even the customer facing AR Invoices). There should be an option to choose which ones need to be restricted and which ones should not be.
0