Categories
- All Categories
- 75 Oracle Analytics News
- 7 Oracle Analytics Videos
- 14K Oracle Analytics Forums
- 5.2K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 40 Oracle Analytics Trainings
- 60 Oracle Analytics Data Visualizations
- 2 Oracle Analytics Data Visualizations Challenge
- 3 Oracle Analytics Career
- 4 Oracle Analytics Industry
- Find Partners
- For Partners
New Permission for Exporting Data Flows
Hello all,
Recently, we had a user inquire about exporting Data Flows. Our organization has a strict no export policy, thus the Export Workbooks to Documents permission was disabled for end users. Through testing, I discovered that all export permissions are grouped together and there is no separate permission for controlling the export of Data Flows. Data Flows deal with primarily metadata and don't have the same risk of exposing sensitive information that could be contained in workbooks.
Based on that, I'd like to suggest an enhancement to have a separate permission to control the export of Data Flows so it can be enabled for end users without having to enable global export permissions in OAC DV.
Is there anyone else with a similar use case or completed a workaround to get past this?
Comments
-
Might be interesting for Alan to see if it's part of the granular permission project
0 -
@Benjamin Arnulf-Oracle: Thanks for that suggestion. Do you know what this project entails?
@Alan Lee - Oracle-Oracle: I'd like to know more about this project, is there a link or info you can share regarding this?
Thanks
0 -
@GK48 Ben is referring to the permissions feature which I guess you may be using to control exports.
Adding @Adam Bloom-Oracle who is collecting requirements for new permissions.
0 -
@Alan Lee - Oracle-Oracle I'm familiar with that link, thank you for adding it as reference. I dont see all those permissions (such as Export Workbook Data) in our OAC instance. Have they already been released or is it coming with the July release?
@Adam Bloom-Oracle Please let me know how to send over requirements for potential new permissions or if you need clarification on the one that I have posted about here.
Thanks
0 -
@GK48 Yes, additional permissions are in the July update.
0 -
@Alan Lee - Oracle-Oracle Thanks for confirming that, I'll watch for the July update hopefully coming soon and look forward to hearing feedback from @Adam Bloom-Oracle
0 -
@GK48 The new Export Content permission allows a user to export content to a DVA file. This includes workbooks and data flows and their dependencies (e.g. datasets). We do not have a permission specific to export data flow. You are the first to ask for one! Take a look at the various new permissions added in the July update and let me know if these address your needs.
0 -
@Adam Bloom-Oracle Thanks for this update. Currently, what file type are data flows exported to? I was under the impression it would be a DVA file rather than excel, etc. The thinking behind having a separate data flow export permission is that the risk from a data security perspective is less since data flows are primarily metadata. Exporting content from workbooks would pose a greater risk and need to be locked down as they are currently.
I'll have a look but we dont have the July update released yet. We set up our custom application roles by cloning permissions from out of the box roles (e.g. DVContentAuthor) and then adjusting permissions as needed. Will this export content permission be automatically added to custom application roles?
Appreciate your help!
0 -
Data flow exports are DVA.
When we add a new permission for net new functionality, the new permission is granted to one of the predefined application roles. So you will need to decide whether or not to grant the permission to your user-defined application roles.
When we add a new permission that controls a subset of functionality from an existing permission (e.g. if we split a permission into two) we automatically grant the new permission to all application roles that have a grant for the previously existing permission. So your user-defined app roles should not automatically lose any abilities to use functionality when we add new permissions.
0 -
@Adam Bloom-Oracle Thanks for confirming. July update has come and what we released was the new permissions were automatically applied to some of our custom application role. For example, we have a role called EI_Analysts that was created by cloning DVContentAuthor, but had export permissions removed. With the new update, some of the new export permissions were automatically granted to the role without our knowledge.
Based on what you write, this seems to be expected behaviour as roles won't lose any functionality, but they will gain abilities when adding new permissions. Can you please confirm my understanding is correct around this?
In our case, we immediately removed the export permissions once it was realized they were applied automatically. This does pose a risk due to no advance notice of the updates coming in, is there any way we can prevent new permissions from being automatically added to custom roles or have some sort of alert to indicate a release has been implemented? Currently, this is a gap as users could gain permissions that they are not permitted to have.
Thanks and much appreciated.
0