-
This Question pops up on the OTN forum on how to secure Oracle BI Adhoc Analytics & Answers functionality, My recent project was an integration warehouse effort and had more of adhoc analytic’s application approach.
-
This was my approach on this
-
Create an OBI web catalog group named ‘All Functional Area Request Developers’ using ‘Manage Presentation Catalog Groups and Users’. This role will only exist in Presentation Services and be used as a way to consolidate all the individual roles for each functional area.
-
This name has spaces and is mixed case so that it is distinguishable from the roles that are synchronized with the warehouse, similar to the Presentation Server Administrators group.
-
Create a role web catalog group for each functional area. The role should be named ‘BI_REQUEST_DEVELOPER_XXXXXX_RL’ where XXXXXX should be descriptive of the group using answers. The descriptive part (XXXXXX) may be less than six characters, but not more.
-
Each of the functional area roles must now be added to the ‘All Functional Area Request Developers’ web catalog group using ‘Manage Presentation Catalog Groups and Users’.
-
Remove privilege from Subject Area for Everyone. Grant read access to each Subject Area in Answers to the appropriate functional area roles. Dashboard viewers do not need access to the Subject Area.
-
Grant Answers privilege to the ‘All Functional Area Request Developers’ web catalog group.
-
Create a folder:/shared/Functional Area Requests
-
-
Permissions on this folder:All Functional Area Request Developers – Traverse or Read?, Dashboard Developers – Read, Presentation Server Administrators – Full Control
-
-
Create sub-folder for each functional area named: XXXXXX Requests
-
Permissions on this folder: BI_REQUEST_DEVELOPER_XXXXXX_RL – Create/Modify, Dashboard Developers – Read, Presentation Server Administrators – Full Contro
In addition to this we can also come up with an idea to create a role based connection pool to the database to suffice this Business requirement.
-
