Sharing a data analysis and visualizations with other team members in a safe and secure manner is a key requirement for any analytics solution. Oracle Analytics offers the capability for designers to completely control the way their projects are shared and leveraged with other users.
Data-level security defines what rows or columns are returned to a user inside an analysis or data visualization project view. The same view, when run by two different users, can bring up different data. The structure of the view is the same for all users unless a user does not have access to the subject area, in which case the report displays an error.
Subscribe to the Oracle Analytics Advantage blog and get the latest posts sent to your inbox
There are various situations in which a user can share a project with other users. We're going to explore four scenarios that you can apply. The brief video below illustrates how a user can share projects with other users, and how various rules define user privileges.
There could be various instances where the data used for a project is confidential and cannot be shared with other users. In this scenario, the project should not be accessible to other users on the system. In order to achieve this, the owner of the project would save the project under My Folders instead of Shared Folders. All the objects under My Folders are accessible only to the owner; no one else can see them.
The first prerequisite for sharing a project with other users is to have it saved in Shared Folders. Projects that reside under My Folders directory will not be visible to anyone other than their owner.
Once a project is under the Shared Folders directory, all users with the "DV Consumer" role in Oracle Analytics will be granted read-only access to it by default. The purpose of the "DV Consumer" role is to limit the access to users who can only consume content but not edit it, irrespective of any permission configuration for underlying projects.
Now, if I also want to grant other users with higher roles (like "DV Content Author") read-only access to my project, I need to edit the security configuration of the project using the Share Tab and Access Tab. Share and Access Tabs are accessed by clicking on the project properties and then on the Inspect menu.
In order to make a project read-only, we need to specify these permissions: Share, View and Access, Read-Only.
With that, when a user with a DV Content Author role opens the project, the project will open in Read-Only mode; no Save or Save As option will be displayed.
Two important notes:
The access and share rules must be set to Share Tab: Edit, Access Tab: Read-Only for the project to be opened in edit mode but without Save being enabled.
Users who open the project will have full experience mode but only with the Save-As option enabled. They can therefore not modify your project and will have to save edits under a different name.
The access and share rules must be set to Share Tab: Edit, Access Tab: Read-Write for the project to be opened in full experience mode with both Save and Save As options enabled.
One important point
Even if a project is shared with other users, they will only be able to see results if the data sources of this project are objects they have access to as well. For example, if the project I just shared is using data I uploaded from an XSLX file, I may need to visit the inspect tab of this Oracle Analytics dataset and grant access to respective roles or users.
Catalog folders (under shared folders) containing multiple projects and sub-folders can be secured by configuring Access rules for that folder. Read-Only or Read-Write are the privileges that can be set against a folder. Read-Only will render all the projects in the folder as read-only, and Read-Write will provide edit access to all of the projects in the folder. By default, setting the privilege at the folder level trickles down the permission to all the sub-folders and its objects.
The default behavior can be altered by checking the box "Apply access permissions to this folder only." If this checkbox is checked, then only those projects directly under this folder are affected with the permission settings; the sub-folders and their projects are spared.
Controlling access to projects for other consumers of the analytics system is an important capability. It ensures smooth collaboration between teams and eliminates any unnecessary tampering with projects by other users. Oracle Analytics' security mechanism helps the users safely share projects with other users on the system, while at the same time collaborating in a secure manner.To learn how you can benefit from Oracle Analytics, visit Oracle.com/analytics and follow us on Twitter @OracleAnalytics.