Categories
- All Categories
- 88 Oracle Analytics News
- 7 Oracle Analytics Videos
- 14.1K Oracle Analytics Forums
- 5.3K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 49 Oracle Analytics Trainings
- 59 Oracle Analytics Data Visualizations Gallery
- 2 Oracle Analytics Data Visualizations Challenge
- 4 Oracle Analytics Career
- 4 Oracle Analytics Industry
- Find Partners
- For Partners
Can we create OAS DV user with create dv report permission without upload file option in dataset
Can we create OAS DV user with create dv report permission without upload file option in dataset. so user can only build dataset and report reports from subject area assigned it to them.
Answers
-
Hi,
You can create an customer role with required permission sets. You can refer below oracle documentation.
Grant or Revoke Permission Assignments (oracle.com)
Regards,
Arjun
0 -
Thank you Arjun, we can get the permission same like BIContentAuthor but we do not want to give all the BIContentAuthor permission to the new application role. we want to give only some specific permission to the new application role
0 -
Hi,
Got it. In this case, you need to create an customer application role similar to BIContentAuthor role and modify the application policies after editing the Customer role from EM page.
Reg. Steps you can refer below - Its an old version document but the process is same.
Managing Application Roles and Application Policies Using Fusion Middleware Control (oracle.com)
Regards
Arjun
0 -
At this point in time, the individual policies contained inside the
va.author
permission sets aren't documented.I did ask the Oracle Analytics PM for a documentation of the various policies and they did reply it didn't exist and the policies weren't even used in the code right now (which is false, the policies are used).
This means that you have to "guess" what policy to remove: look at all the policies of the
va.author
set and then guess what you need to grant to your application role. Oracle doesn't have any document helping you, and you can only guess, try and test hoping to find the right policies.There is a feature coming for OAC in the future named "Fine-grain & feature-level permissions" in the roadmap. With some luck it's the equivalent of the manage privileges in "classic" and you will easily be able to authorize or deny a feature in DV to your application roles (for example what you ask about upload files). It's meant to come in OAC at some point. If we are lucky it will be before end of year and there is a chance it will be included in OAS 2024. If we aren't that lucky it will have to wait 2025 for OAS.
This is what makes DV unusable in a real enterprise context right now: your users are either consumer or creator and that's it. No officially documented way to limit/control what your users can really do in DV (but once again Product Management will say it isn't a feature request by customer, just because Gartner never mentioned it as a thing...).
1 -
If you would, please update your user profile with a name, and your organization. It is helpful for replying.
Here are the the Idea Lab Request links. You could up-vote, comment, but they already are marked as 'planned', as mentioned.
https://community.oracle.com/products/oracleanalytics/discussion/10279/improve-security-setup
https://community.oracle.com/products/oracleanalytics/discussion/comment/48097#Comment_48097
A potential hack/workaround may be to set the users storage limit to zero (0).
Note: I haven't had a chance to test this, but just a quick thought that came to mind.
See: How To Manage The Data Set Storage Quotas In Oracle Analytics Server (OAS) and Oracle Analytics Cloud (OAC) (Doc ID 2722590.1)
Hope that helps some.
1 -
Hi All, Thanks for the update. we tried all above options. We created application role and attached all the DVContentAuthor permission but we not able to remove certain permission which are attached to permission set.
Looks like you can not remove the permission from permession set.
We tested by setting the FileUploadLimit = 0 and restrict the user from uploading the files(even user can see the option and allows to select the file at the end user get message about 0 FileUploadLimit). but this option is either at user level or at instance level, nothing we can set at application role level.
Sharad Bote
0 -
Looks like you can not remove the permission from permession set.
I would say you shouldn't try to edit the permission set, mainly because it's a default permission set and you could need it for other things...
You can create a new permission set with only the subset of policies you need, or just attach the policies contained in the permission set to your app role directly instead of the permission set.
The permission set is just a "group of policies", it's a shortcut to not have to add 10+ policies one by one.
0 -
Thanks for this commentary @Gianni Ceresa - do you know if this has been refreshed in the 16 months since original comment? Looking to provide some more useful fine-grain permissions for newly created roles and enhanced reporting with our DV - since it's un-usable at the moment.
OBIEE 10g, 11g & 12c and OAS
0 -
Hi Tim, to be fair I didn't look much into the details of the existing policies and DV privileges. Didn't need them (most people lately me to turn of DV fully or were happy with default settings, therefore I don't remember what policies and permissions exist or what not.
1 -
That's really unfortunate - there are some tremendous visualizations in DV that would be great in dashboards. Are there notes anywhere to fully turn town DV? Documentation hasn't ever proven to be Oracle's strong-suit.
OBIEE 10g, 11g & 12c and OAS
0