Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 16 Oracle Analytics Lounge
- 216 Oracle Analytics News
- 43 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 79 Oracle Analytics Trainings
- 15 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
How to provide Granular Shared Folder Access in OAC
I'm trying to implement fine-grained role-based access control in Oracle Analytics Cloud (OAC), specifically regarding shared folder permissions. My use case is:
- I have a shared folder where I'm assigning an application role.
- This application role will be granted to OCI IAM groups.
- Within OAC, I want to ensure that members of a given group assigned to the application role (who will have an 'Admin' privilege within that context) have permissions limited solely to managing access and permissions related to their own group.
- Essentially, they should be able to manage permissions within the shared folder, but they should be restricted from viewing or modifying roles and permissions associated with other groups.
Is there a way to configure OAC to achieve this level of granular control, preventing administrators of one group from affecting the permissions of other groups within the same shared folder?
Answers
-
Hi,
While not sure I got your requirement correctly, it isn't something possible: if a user is allowed to manage permissions on an object in the catalog, you can't limit the security objects it can control the permissions for.
Once a user has access to manage permissions on the catalog folder, they can add or remove any user/group/role from the permissions.
You are requesting an extra level of granularity, allowing to define what security objects (users/groups/roles) can that user "touch", and this isn't an existing feature in the product.
You can post an idea to have such a feature evaluated for implementation.
0
