Oracle Analytics Cloud and Server

Home Oracle Analytics Oracle Analytics Forums Oracle Analytics Cloud and Server Oracle Analytics Cloud and Server

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

How to set permissions By bank branches In Oracle OBIEE

1
Views
3
Comments
3361337
3361337 Rank 1 - Community Starter
edited Aug 13, 2024 6:09PM in Oracle Analytics Cloud and Server

Hello, Nice to meet you all! My name is Wai Yan Phyo and information security officer at a bank in Myanmar. I would like to know one issue in Oracle OBIEE which is currently using in my organization. Honestly, I am not so familiar with Oracle application and database technologies. Currently, my bank has so many branches across the country. As the result of security and risk assessment in Oracle OBIEE application during this period, I found each branch can access to all other branches report without any hidden information. For security purpose, I would like to set permission by each branch, I mean if the user is accessing Oracle OBIEE in New York Branch, he could only view the reports concern with New York and not the other branches' reports. I discussed with Oralce administration team in my bank and they told that they currently set the permissions by roles (Depend On Job Requirements) and it is not possible to limit access by each branch. Please kindly help me fix this issue and really appreciate for all of your kind support.

Comments

  • Gianni Ceresa
    Gianni Ceresa Mod

    Hi,

    There are many ways to manage this requirement in OBIEE.

    First you need to be able to identify for each user which branch they will be allowed to see (by querying a database table of employees locations or something like that).

    The idea is to have a session variable defined for every user in your system and use that variable to filter your branch dimension (or organization dimension based on how you setup your model).

    Assuming all your data are related to a branch by adding a filter on that dimension based on the session variable you achieve what you look for.

    That's what row-level security is used for in OBIEE.

    You define it in the RPD setting the rules on your subject areas or business models.

    Look in the doc for row-level security and there is also ton of content online on how to define it.

  • 3361337
    3361337 Rank 1 - Community Starter

    Thanks a lot for your kind and helpful support bro! Now I think I got a way to make it happen! Again, thanks in advance bro!

  • Thomas Dodds
    Thomas Dodds Rank 8 - Analytics Strategist

    Make it happen in a spreadsheet FIRST applying the rules of EFFECTIVE permissions ... plan before you implement.  Also DESIGN FOR PERFORMANCE ... if you have a large set of users and many rows of data to secure performance can kill your whole show.  There are many ways to skin this cat -- find the best that works for your organization in terms of manageability, performance, etc.