Categories
- All Categories
- Oracle Analytics Learning Hub
- 25 Oracle Analytics Sharing Center
- 17 Oracle Analytics Lounge
- 234 Oracle Analytics News
- 45 Oracle Analytics Videos
- 15.9K Oracle Analytics Forums
- 6.2K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 87 Oracle Analytics Trainings
- 15 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
Row Level Filtering/Security at the Datasource level
We are on OAS (2025 version), in case that matters.
We have a requirement that we need to create a project dashboard, to be distributed to our various project managers, each of whom have their own login and project assignments. We want to show each PM only the data applicable to their specific project. We have a DB table available that has those mappings, and there is a separate DB table that has the project data we want to report on.
Our issue comes in the filtering. If we try to filter the data to the PM at the Data Source level (via VALUEOF(NQ_SESSION.USER)), we get an error that Session Variables are not supported.
If we use the "User" entity directly, without NQ_SESSION, on the Data Source Level then the data source maintains only the data for the user who creates the workbook, regardless of who logs in. That's not what we want at all
We can implement the NQ_SESSION at the Workbook level via an expression filter, however all of the data is still available to the workbook, so if the PM were to delete/modify that filter, they'd have access to all of the data, which we do not want.
Is there a way to enforce the filtering at either the Data Source level (some other call to the user's identity, perhaps?), or disable the user's ability to modify the filter, or push the data pull logic to the DB level, passing the user's identity to the DB call for data (we're willing to forgo caching, this data updates frequently enough that caches aren't important to us, performancewise).
Answers
-
As you are working on a workbook I assume you are working in DV and no "classic" object is involved.
I also assume that you are either using database tables directly or something like that to create a DV dataset that is used as source for your workbook.A dataset like this has a limited "filtering by user" available. It does work at the application role level. This means that if you create an application role for each of your projects or PMs, then it will work as you expect.
If you want to filter the data "at the source" (the user will have no way to access the whole dataset) at the user level then you should use the semantic modeler to model your data, and there you can set row-level security based on the user itself and using your mapping table between user and project.
I'm sure there are ideas in to request a more powerful row-level filtering in a dataset, if you find it, upvote it. I didn't check the roadmap but it's maybe also a feature that is already planned, just not implemented/delivered yet (there was a way to do it, but it was a bug in OAC, and it has been fixed in a following release).
1 -
Check this posted thread and see if it works for you
https://community.oracle.com/products/oracleanalytics/discussion/24609/using-session-variables-in-data-filters-for-datasets-oac#latest1 -
To add, OAS 2025 can Use Role-Based Filters in a Dataset if you are not using a Semantic Model with row-level security feature.
0
