Oracle Analytics Forum

Home Oracle Analytics and AI Oracle Analytics and AI Forums Oracle Analytics Forums Oracle Analytics Forum

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

OAS 2025: Data security related question

Received Response
19
Views
2
Comments
Analytics_User
Analytics_User Rank 5 - Community Champion
in Oracle Analytics Forum

Hi, we are using OAS2025, with EBS 12.2.1 OBIA 7.6.4, Oracle 19c on Linux. We have quite a few users who had access to a subject area, they created and saved reports in their 'My Folders'. Now over the years, they moved/transferred and don't have that role(s) which provided access to that subject area but they still have those saved reports in their "My Folders" which they can open and see the data. Is there a way to (1) Identify all such content in users "My Folders". (2) Prevent these users from running the reports whose subject area access they are not allowed now. Any tip is highly appreciated.

Answers

  • SteveF-Oracle
    SteveF-Oracle Mod
    edited Mar 3, 2026 5:33PM

    Hi

    (1) Identify all such content in users "My Folders". 

    One option, you can use Manage Content to search, filter, sort, change ownership of content.

    There is also a REST API
    Get catalog item details

     (2) Prevent these users from running the reports whose subject area access they are not allowed now.

    If you have denied them access (via role or user), they will not be able to execute Analyses, or Workbook queries.

    Work With Object Permissions

    Other comments and recommendations, welcomed.

  • Gianni Ceresa
    Gianni Ceresa Mod

    If you use the catalog manager (runcat.cmd / runcat.sh), you can make a report on the /users branch of the catalog and get a list of objects paths and subject areas used by the analyses. Because you are going to do it in the personal folders you will need to work on the catalog offline to bypass security. Take a snapshot, export the BAR, unzip it (with whatever app able to extract zip files) and there you should find the content/catalog folder on which to point your catalog manager.

    With that report you can find exactly all the analyses in personal folders that are built on the subject areas you are interested in (and ignoring all the others).

    As for (2) it sounds like you were giving these users an author permissions before, and now they are just consumers. You never really touched the permissions on the subject area itself. The question you need to answer is if these users should be able to use some analyses in /shared that are built on that subject area. If the answer is yes, then you should not touch the permissions on the subject area, because if you deny them access to the data, the /shared objects will also fail. If that's the case, delete their objects from their personal folders.