Row-Level Security, OBIEE Privileges, and Data Filtering - Page 2 — Oracle Analytics

Oracle Business Intelligence Applications

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

Row-Level Security, OBIEE Privileges, and Data Filtering

Received Response
134
Views
16
Comments
2»

Answers

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    That's seriously strange. Just creating app roles like admin should not have any impact whatsoever on data level security

  • Chad H.
    Chad H. Rank 2 - Community Beginner

    Well, after a bit of research it appears that the policy - resource name: oracle.bi.server.manageRepositories allows users to bypass data filters on roles.  Since it is a permission on the policy belonging to the BIAdministrator grant, any others created like it will inherit it.  Of course, it does enable quite a few other activities (editing the RPD, refreshing metadata, accessing the Administration page) so caveat emptor!  :-)

  • Thomas Dodds
    Thomas Dodds Rank 8 - Analytics Strategist

    An Admin needs to be able to see it all and do it all ... seems like you've got multiple people in Admin roles for which they really aren't admins.  Who are your admins?  Why?

    OOTB there is Admin, Author, Consumer ... 99% of the time I find myself on day one of security planning suggesting an in-between role below Admin and above Author.  

    I also strongly suggest planning out the security model using 'real' roles and functions and applying the rules of EFFECTIVE permissions to each so you know what's going on long before you configure and implement. 

  • Chad H.
    Chad H. Rank 2 - Community Beginner

    Hi Thomas,

    Yes, we have custom "Admins" who really don't need all of the privileges of an OOTB administrator.  Essentially, they are a type of "Super Author," as you suggest, who may, one day, be allowed to work in the RPD, but are still proving themselves.

    Thanks,

    Chad

  • Thomas Dodds
    Thomas Dodds Rank 8 - Analytics Strategist

    It's that middle role that will make or break you! 

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    Good find. hence my Q about inheritance. Hadn't remembered that "create like" actually deep-cascades the whole malarkey!