Categories
- All Categories
- 75 Oracle Analytics News
- 7 Oracle Analytics Videos
- 14K Oracle Analytics Forums
- 5.2K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 40 Oracle Analytics Trainings
- 59 Oracle Analytics Data Visualizations
- 2 Oracle Analytics Data Visualizations Challenge
- 3 Oracle Analytics Career
- 4 Oracle Analytics Industry
- Find Partners
- For Partners
Mapping Licensed and Unlicensed Groups in IDCS
We have been leveraging group to group mappings in Fusion ERP Analytics when the switch was made from managing security in the FAW security console to IDCS.
We received a confirmation that this functionality is still supported but have not been able to figure out where in IDCS group to group mappings are managed.
Has anyone else had this issue and been able to implement the same in IDCS?
This is an image of what the mapping looks like in the security console
- Licensed Group FAW Functional Administrator was mapped to custom groups called IVZ FAW FDAC Power User and IVZ FAW FDAC Administrator
Looking at the licensed group FAW Functional Administrator in IDCS, there doesn't seem to be any way to map the group to another group
Thanks!
Duane
Best Answer
-
@User_9STVF - The flow of security management is as follows: Users are assigned to Groups, which in turn are assigned to Application Roles. These Application Roles or Groups can then be used to handle further authorization aspects as required. Your understanding of this process is correct.
0
Answers
-
@User_9STVF - This seems to be same query as in the below thread created by you.
In the current scenario or with the latest security features provided in the newest version, do you experience any difficulties compared to the previous versions? If yes, please share a specific business scenario, and we will assist you in achieving the same. Thank you.
0 -
Hi Sumanth - thanks for the response and inquiry.
The original question you referenced - the goal was to confirm that the capability to map unlicensed groups to licensed groups was still supported - and the thread did confirm that the capability is still supported.
Based on that response - we have attempted to map groups together in IDCS.
This question is - how do you do it? We have not been able to find any documentation with instructions and haven't been able to figure it out intuitively in IDCS.
Regarding your request for a business scenario - here is an example.
We would like to configure a group of people to be "developers" who can perform
- Dashboard Development
- Data Validations
- Data Augmentation development
- Semantic Model Development (non-security)
Rather than configuring these developers individually each time a developer is onboarded, we would like to create a custom group called "IVZ Developers".
When someone is added to the IVZ Developers group - they should inherit the following licensed roles
- FAW ERP Licensed Author (Dashboard development)
- FAW Functional Administrator (Data Augmentation development and data validation)
- FAW Modeler (semantic model development - non-security)
In this way - we will simplify user setup and also assure that everyone who is supposed to be an IVZ Developer is configured the same because their rights are inherited from that group rather than being assigned manually.
This is how we had configured security via the FAW security console originally using group to group mappings. We are just not able to figure out how to do the same things via IDCS - where the security management functionality has moved.
Hope that helps.
0 -
Adding a bit of additional information.
Our security console has been updated - and it appears that there are some differences that I was not aware of.
My recollection is that on the previous version, FAW Functional Administrator was a group, but not an application role - so there was this ability to link a licensed group to an unlicensed group.
It looks like - as part of this security change - there is an FAW Functional Administrator application group - so the group to group mappings are no longer needed as the functionality previously provided through the FAW Functional Administrator group can be provided through the FAW Functional Administrator application role.
Can you confirm that my understanding is correct?
0 -
Thanks for confirming, Sumanth. In my view at least - this is a better/more intuitive approach than mapping groups together. We will test/confirm this approach.
0 -
Hi Sumanth - where a "specific business scenario" is concerned -
We want to have a custom group of developers.
This group have the following capabilities
- Data Validation
- Data Configuration
- Semantic Development
- Data Augmentation Development
- Dashboard Development
We do not want to have to manually assign all of these roles each time someone is onboarded, so we want to create a custom group called "IVZ Developers".
When someone is added to the IVZ Developers role, they should also inherit the following licensed roles
- FAW ERP Licensed Author (for dashboard development)
- FAW Modeler (for semantic development)
- FAW Functional Administrator (for data augmentation and data validation)
When we review users and we see they are included in the "IVZ Developers" group, we know what their configuration is and we know that everyone who is in that role is configured the same because those rights are inherited through the group and not assigned manually to each person.
This is how we had configured security through the FAW Security console via group to group mappings and we can't figure out how to configure the same through IDCS (where the security management functionality has moved).
Hope that example helps.
0