nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Oracle Communities

Oracle Analytics and AI

Child Item

Ability to turn off/on security permissions at a report level.

Cade Johnston

We are currently rolling out reports to our production environment and the biggest concerns that are being asked are due to security concerns. As we understand, once you assign a security to a user it transgresses over everything in the system. This causes some hindrances when creating reports due to some end users wanting security permissions on some reports when other ones the security is not needed. For example, a few people in our organization that utilizes salary data need to only see their entity (we have a custom security dimension tied to this), but when seeing any other related data they are wanting to see it from an organization view rather than being filtered (secured) based on entity. We are currently using a workaround and having multiple copies of the report already filtered to those entities and not allowing the end user to change. I think this idea would benefit this application tremendously because I know there are many people within organizations that have certain privileges and it is rather difficult to tie certain security permissions to that individual and having the ability to turn on and off security privileges on a report might help this problem.

Find more posts tagged with

Security

FDI

Needs Votes

Status: Needs Votes

Comments

Kristen Arner

this is much needed functionality.

Krishna Prasad Kotti-Oracle

This requirement can be handled by designing your security. You can have different security (Groups + Roles) assigned to a set of users vs another set of users. This should handle the requirements of data level security to be applied to certain sets of users.

Cade Johnston

@Krishna Prasad Kotti-Oracle The problem is when a user is in two or more groups and has too much security when viewing a report.

Krishna Prasad Kotti-Oracle

@Cade Johnston In general users will either be part of one of the groups. They should not be part of both groups.

Group1 - Secure the data

Group 2 - Do not secure the data

Cade Johnston

Maybe I'm not demonstrating the problem correctly.

Report #1 - Group A (Security Applied)

Report #2 - Group B (No Security Applied)

Obviously the reports were designed for the created groups but it's understandable if a user from Group A wanted to view the report #2 at a view where no security is being applied. Like I said this is an idea that I think could benefit this application tremendously.

Krishna Prasad Kotti-Oracle

Security is applied to the report based on groups.

So you can design the security such that when user from Group A run the Report1 - security is applied. When the user from Group B run the same Report 1, then security is not applied.

Santhosh_N

@Cade Johnston - we have the same requirement and we are able to achieve it by making changes in RPD.

Create a two separate Logical tables, one joined to custom security dimension and other without join. Then add them to the presentation layer.

Create two different reports, users with limited entity access are assigned to the report created from the security dimension source and users who need wide open access should be assigned to other other report which is open.

Cade Johnston

@User_XLJYH Thank you for this! We did the same thing, but we have users that need security for one report and don't need security for others. Does this make sense???

Nupur Joshi-Oracle

@Cade Johnston - Can you please confirm if you are trying to do something like below ?

A user is Line Manager + HR BP of a specific Business Unit ( ABC ) - so user is part of 2 different job groups in FDI

For Salary related Measures - user should only see data of his supervisory organization

But for example , Headcount/ Termination event / Performance/Goals etc. -he should see complete data ( Supervisory Org + Business Unit (ABC))

If my understanding is correct then you need not create separate copy of reports - you can create Data Security such that ( by securing corresponding fact tables )) and achieve this.

Regards,

Nupur

Kristen Arner

@Nupur Joshi-Oracle Where can I get more information on the scenario you described as I have this need where I have a line manager that should only see salary related measures for their supervisory organization but has corporate oversight of a functional business unit and requires headcount, turnover, etc. for the business unit.