Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 15 Oracle Analytics Lounge
- 208 Oracle Analytics News
- 41 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 76 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
Row-Level Security, OBIEE Privileges, and Data Filtering
Answers
-
That's seriously strange. Just creating app roles like admin should not have any impact whatsoever on data level security
0 -
Well, after a bit of research it appears that the policy - resource name: oracle.bi.server.manageRepositories allows users to bypass data filters on roles. Since it is a permission on the policy belonging to the BIAdministrator grant, any others created like it will inherit it. Of course, it does enable quite a few other activities (editing the RPD, refreshing metadata, accessing the Administration page) so caveat emptor! :-)
0 -
An Admin needs to be able to see it all and do it all ... seems like you've got multiple people in Admin roles for which they really aren't admins. Who are your admins? Why?
OOTB there is Admin, Author, Consumer ... 99% of the time I find myself on day one of security planning suggesting an in-between role below Admin and above Author.
I also strongly suggest planning out the security model using 'real' roles and functions and applying the rules of EFFECTIVE permissions to each so you know what's going on long before you configure and implement.
0 -
Hi Thomas,
Yes, we have custom "Admins" who really don't need all of the privileges of an OOTB administrator. Essentially, they are a type of "Super Author," as you suggest, who may, one day, be allowed to work in the RPD, but are still proving themselves.
Thanks,
Chad
0 -
It's that middle role that will make or break you!
0 -
Good find. hence my Q about inheritance. Hadn't remembered that "create like" actually deep-cascades the whole malarkey!
0