Oracle Analytics Cloud and Server

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

Can we create OAS DV user with create dv report permission without upload file option in dataset

Received Response
153
Views
10
Comments

Can we create OAS DV user with create dv report permission without upload file option in dataset. so user can only build dataset and report reports from subject area assigned it to them.

Answers

  • Mallikarjuna Kuppauru-Oracle
    Mallikarjuna Kuppauru-Oracle Rank 8 - Analytics Strategist

    Hi,

    You can create an customer role with required permission sets. You can refer below oracle documentation.

    Grant or Revoke Permission Assignments (oracle.com)

    Regards,

    Arjun

  • Sharad Bote
    Sharad Bote Rank 1 - Community Starter

    Thank you Arjun, we can get the permission same like BIContentAuthor but we do not want to give all the BIContentAuthor permission to the new application role. we want to give only some specific permission to the new application role

  • Mallikarjuna Kuppauru-Oracle
    Mallikarjuna Kuppauru-Oracle Rank 8 - Analytics Strategist
    edited September 2023

    Hi,

    Got it. In this case, you need to create an customer application role similar to BIContentAuthor role and modify the application policies after editing the Customer role from EM page.

    Reg. Steps you can refer below - Its an old version document but the process is same.

    Managing Application Roles and Application Policies Using Fusion Middleware Control (oracle.com)

    Regards

    Arjun

  • Gianni Ceresa
    edited September 2023

    @User_LKJ3J ,

    At this point in time, the individual policies contained inside the va.author permission sets aren't documented.

    I did ask the Oracle Analytics PM for a documentation of the various policies and they did reply it didn't exist and the policies weren't even used in the code right now (which is false, the policies are used).

    This means that you have to "guess" what policy to remove: look at all the policies of the va.author set and then guess what you need to grant to your application role. Oracle doesn't have any document helping you, and you can only guess, try and test hoping to find the right policies.

    There is a feature coming for OAC in the future named "Fine-grain & feature-level permissions" in the roadmap. With some luck it's the equivalent of the manage privileges in "classic" and you will easily be able to authorize or deny a feature in DV to your application roles (for example what you ask about upload files). It's meant to come in OAC at some point. If we are lucky it will be before end of year and there is a chance it will be included in OAS 2024. If we aren't that lucky it will have to wait 2025 for OAS.

    This is what makes DV unusable in a real enterprise context right now: your users are either consumer or creator and that's it. No officially documented way to limit/control what your users can really do in DV (but once again Product Management will say it isn't a feature request by customer, just because Gartner never mentioned it as a thing...).

  • @User_LKJ3J

    If you would, please update your user profile with a name, and your organization. It is helpful for replying.


    Here are the the Idea Lab Request links. You could up-vote, comment, but they already are marked as 'planned', as mentioned.

    https://community.oracle.com/products/oracleanalytics/discussion/10279/improve-security-setup

    https://community.oracle.com/products/oracleanalytics/discussion/comment/48097#Comment_48097

    A potential hack/workaround may be to set the users storage limit to zero (0).

    Note: I haven't had a chance to test this, but just a quick thought that came to mind.

    See: How To Manage The Data Set Storage Quotas In Oracle Analytics Server (OAS) and Oracle Analytics Cloud (OAC) (Doc ID 2722590.1)

    Hope that helps some.

  • Sharad Bote
    Sharad Bote Rank 1 - Community Starter

    Hi All, Thanks for the update. we tried all above options. We created application role and attached all the DVContentAuthor permission but we not able to remove certain permission which are attached to permission set.

    Looks like you can not remove the permission from permession set.

    We tested by setting the FileUploadLimit = 0 and restrict the user from uploading the files(even user can see the option and allows to select the file at the end user get message about 0 FileUploadLimit). but this option is either at user level or at instance level, nothing we can set at application role level.


    Sharad Bote

  • Looks like you can not remove the permission from permession set.

    I would say you shouldn't try to edit the permission set, mainly because it's a default permission set and you could need it for other things...

    You can create a new permission set with only the subset of policies you need, or just attach the policies contained in the permission set to your app role directly instead of the permission set.

    The permission set is just a "group of policies", it's a shortcut to not have to add 10+ policies one by one.

  • Tim Ouimet
    Tim Ouimet Rank 3 - Community Apprentice

    Thanks for this commentary @Gianni Ceresa - do you know if this has been refreshed in the 16 months since original comment? Looking to provide some more useful fine-grain permissions for newly created roles and enhanced reporting with our DV - since it's un-usable at the moment.

    OBIEE 10g, 11g & 12c and OAS

  • Hi Tim, to be fair I didn't look much into the details of the existing policies and DV privileges. Didn't need them (most people lately me to turn of DV fully or were happy with default settings, therefore I don't remember what policies and permissions exist or what not.

  • Tim Ouimet
    Tim Ouimet Rank 3 - Community Apprentice

    That's really unfortunate - there are some tremendous visualizations in DV that would be great in dashboards. Are there notes anywhere to fully turn town DV? Documentation hasn't ever proven to be Oracle's strong-suit.

    OBIEE 10g, 11g & 12c and OAS