Oracle Fusion Data Intelligence Idea Lab

Home Oracle Analytics Oracle Analytics Idea Labs Oracle Fusion Data Intelligence Idea Lab

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

Ability to turn off/on security permissions at a report level.

Needs Votes
144
Views
11
Comments
Cade Johnston
Cade Johnston Rank 4 - Community Specialist
in Oracle Fusion Data Intelligence Idea Lab

We are currently rolling out reports to our production environment and the biggest concerns that are being asked are due to security concerns. As we understand, once you assign a security to a user it transgresses over everything in the system. This causes some hindrances when creating reports due to some end users wanting security permissions on some reports when other ones the security is not needed. For example, a few people in our organization that utilizes salary data need to only see their entity (we have a custom security dimension tied to this), but when seeing any other related data they are wanting to see it from an organization view rather than being filtered (secured) based on entity. We are currently using a workaround and having multiple copies of the report already filtered to those entities and not allowing the end user to change. I think this idea would benefit this application tremendously because I know there are many people within organizations that have certain privileges and it is rather difficult to tie certain security permissions to that individual and having the ability to turn on and off security privileges on a report might help this problem.

Tagged:
9
Up
9 votes

Needs Votes · Last Updated

«1

Comments

  • Kristen Arner
    Kristen Arner Rank 3 - Community Apprentice

    this is much needed functionality.

  • Krishna Prasad Kotti-Oracle
    Krishna Prasad Kotti-Oracle Mod

    This requirement can be handled by designing your security. You can have different security (Groups + Roles) assigned to a set of users vs another set of users. This should handle the requirements of data level security to be applied to certain sets of users.

  • Cade Johnston
    Cade Johnston Rank 4 - Community Specialist

    @Krishna Prasad Kotti-Oracle The problem is when a user is in two or more groups and has too much security when viewing a report.

  • Krishna Prasad Kotti-Oracle
    Krishna Prasad Kotti-Oracle Mod

    @Cade Johnston In general users will either be part of one of the groups. They should not be part of both groups.

    Group1 - Secure the data

    Group 2 - Do not secure the data

  • Cade Johnston
    Cade Johnston Rank 4 - Community Specialist
    edited August 2024

    Maybe I'm not demonstrating the problem correctly.

    Report #1 - Group A (Security Applied)

    Report #2 - Group B (No Security Applied)

    Obviously the reports were designed for the created groups but it's understandable if a user from Group A wanted to view the report #2 at a view where no security is being applied. Like I said this is an idea that I think could benefit this application tremendously.

  • Krishna Prasad Kotti-Oracle
    Krishna Prasad Kotti-Oracle Mod

    Security is applied to the report based on groups.

    So you can design the security such that when user from Group A run the Report1 - security is applied. When the user from Group B run the same Report 1, then security is not applied.

  • Santhosh_N
    Santhosh_N Rank 1 - Community Starter

    @Cade Johnston - we have the same requirement and we are able to achieve it by making changes in RPD.

    Create a two separate Logical tables, one joined to custom security dimension and other without join. Then add them to the presentation layer.

    Create two different reports, users with limited entity access are assigned to the report created from the security dimension source and users who need wide open access should be assigned to other other report which is open.

  • Cade Johnston
    Cade Johnston Rank 4 - Community Specialist

    @User_XLJYH Thank you for this! We did the same thing, but we have users that need security for one report and don't need security for others. Does this make sense???

  • Nupur Joshi-Oracle
    Nupur Joshi-Oracle Mod

    @Cade Johnston - Can you please confirm if you are trying to do something like below ?

    A user is Line Manager + HR BP of a specific Business Unit ( ABC ) - so user is part of 2 different job groups in FDI

    For Salary related Measures - user should only see data of his supervisory organization

    But for example , Headcount/ Termination event / Performance/Goals etc. -he should see complete data ( Supervisory Org + Business Unit (ABC))

    If my understanding is correct then you need not create separate copy of reports - you can create Data Security such that ( by securing corresponding fact tables )) and achieve this.

    Regards,

    Nupur

  • Kristen Arner
    Kristen Arner Rank 3 - Community Apprentice

    @Nupur Joshi-Oracle Where can I get more information on the scenario you described as I have this need where I have a line manager that should only see salary related measures for their supervisory organization but has corporate oversight of a functional business unit and requires headcount, turnover, etc. for the business unit.