With Inputs from

Raghavendra Raghunath, Senior Principal Product Manager

Introduction

The content duty roles in Oracle Fusion Analytics aid in securing the catalog objects such as visualizations, workbooks, decks, and KPIs. Users can access all or a subset of the prebuilt workbooks, decks, and KPIs based on the assigned content duty roles.

There are two types of content duty roles:

  • Application–specific duty roles come preconfigured for Oracle Fusion HCM Analytics, Oracle Fusion ERP Analytics, Oracle Fusion SCM Analytics, and Oracle Fusion CX Analytics.
  • Common content duty roles are common to all the analytics applications included in Oracle Fusion Analytics. For example, the Usage Tracking Analysis content duty role is a common content duty role that provides access to the Usage Tracking subject area.

Use Cases

This article describes the configuration of application-specific content duty roles to secure the catalog objects and some of the frequently encountered scenarios observed with customer implementations. 

Use Case 1: Secure a customized version of a prebuilt visualization

As part of setting up an Oracle Fusion Analytics environment, you assign prebuilt content duty roles to users to grant them access to prebuilt visualizations. The Object security content duty role is preconfigured with groups in the Fusion Analytics ready-to-use setup to regulate access to workbooks, visualizations, and prebuilt KPIs in the catalog folder. This scenario explores the security customization of catalog content duty roles.

Note: Check for any seeded Fusion Analytics groups assigned to users. If users in the Fusion Application are assigned to seeded job roles, then security sync functionality brings over the seeded role mapping to Fusion Analytics, in which case the users might get access to prebuilt catalog objects.

Follow these steps to customize a prebuilt visualization:

1. Open a prebuilt visualization, and click Save As to copy it to a custom folder.

Save as

2. Create a custom folder to organize the custom security content.

Picture2

3. Save the prebuilt visualization under a custom folder.

Picture3

4. Create a custom content duty role to secure the analysis under a custom folder.

Picture4

5. Name the custom content duty role to reflect the content to be secured. In this example, the custom role name reflects the AR content that's secured.

Picture5

6. Navigate to the Inspect option on the custom folder to configure security on the custom duty role.

Picture6

7. Query for the custom duty role name and select the content duty role name to configure security.

Picture7

8. Check the radio button to enable respective security privileges (Read-Write Vs. Read-Only) and click Save.

Note: Read-Write privilege grants the user access to edit the visualization. Read-Only privilege gives the user access to only view the visualization.

Picture8

9. Navigate to the security console and then the Groups tab, and click the new group to create a custom group.

Picture8

10. Click the Application Roles tab and then Add Mapping to assign the custom content duty role to the custom Fusion Analytics group.

Picture10

11. Click Assign Users to add them to the custom content group to secure access to the saved analysis under the custom folder.

Picture11

Use Case 2:  Configure object-level security for a cross-subject area visualization

Content duty role object security in Fusion Analytics is segregated by subject area access and presentation catalog visualization projects built against that subject area. If a user is accessing the cross-subject areas analysis with access to specific subject areas, then the analysis displays only columns based on those subject areas. Therefore, to allow them to fully analyze the content, assign each user all the content duty roles associated with each subject area.

As an illustration, the Customer Collections Risk Analysis visualization (referenced in Use Case 1) is based on two distinct subject areas: Financials - AR Aging and Financials - AR Receipts and Applications. The Financials - AR Aging subject area requires the Accounts Receivable Aging Analysis Duty to be secured, whereas the Financials - AR Receipts and Applications subject area requires the Accounts Receivable Receipts and Applications Analysis Duty to be secured. Therefore, assign both duty roles to the user to view and modify the cross-subject area analysis.

Use the FAW custom group created in Use Case 1 to set up the required security for the cross-subject area analysis, query for the group under the Security console, and map the content duty roles, as show in the following image.

Picture12

Use Case 3: Secure a custom-built visualization

If the predefined content duty roles don’t fulfill the business requirements, create custom content duty roles to secure both subject areas and catalog objects. To execute the scenario, follow all the steps listed in Use Case 1 starting from Step 2.

Note: Prebuilt security isn’t inherited by custom objects unless those are specifically granted access.

Call to Action

To meet catalog object-level security requirements, identify the scenario that works for the business use case and follow the corresponding scenario approach described in this article.

For more information, see the Duty Roles security section in Oracle Fusion Analytics documentation.