X

The Oracle BI Application Blogs provides the latest and tips and tricks on Oracle BI Applications Product (OBIA)

How to Implement Object Security in Project Analytics in OBIA 11.1.1.7.1

Guest Author

Author: Vijay Rajgopal

Introduction

 

This blog details the steps needed to implement object security for any custom objects which the Customer has created in the Project Analytics Module in OBIA
11.1.1.7.1 onwards.

 

Object-level security controls the visibility to logical objects based on a user's duty/application roles. The access to following objects can be restricted using
object level security: Presentation tables, Presentation table columns, Subject Areas, Reports, Dashboards, and Project Specific shared folders.

 

To apply object security over subject area, individual tables or individual column the default access for authenticated user
application role must be set to No Access.

 

We need to explicitly grant read access to duty roles (which are based on adaptor as explained above) which can access/view the particular subject area or
individual table or individual column.

 

Supported OBIA release: 11.1.1.7.1 onwards

 

  1. Project Analytics Application Roles used for enforcing object security –

 

In Enterprise Manager select WebLogic -> Domain -> bifoundation_domain -> Security -> Application Roles, Select obi application stripe and search for role name which starts with OBIA and you will see the list of all application roles that start with OBIA.

 

 

Following is the list of OOTB duty roles by adaptor

 

EBS Adaptor Duty Roles –

 

OBIA_EBS_PROJECT_EXECUTIVE_ANALYSIS_DUTY

 

OBIA_EBS_PROJECT_MANAGEMENT_ANALYSIS_DUTY

 

PSFT Adaptor Duty Roles –

 

OBIA_PSFT_PROJECT_EXECUTIVE_ANALYSIS_DUTY

 

OBIA_PSFT_PROJECT_MANAGEMENT_ANALYSIS_DUTY

 

Fusion Adaptor Duty Roles –

 

OBIA_PROJECT_EXECUTIVE_ANALYSIS_DUTY

 

OBIA_PROJECT_MANAGEMENT_ANALYSIS_DUTY

 

  1. Project Analytics object security implementation -

 

2.1 Subject Area:

 

Eg: Project - Cost GL Reconciliation is a newly added area for EBS and PSFT adaptors. We want to ensure that this subject area is not seen by Fusion Adaptor customers.

 

Bring down the OBIEE Server, backup the existing rpd and open the rpd in the Admin tool.

 

Double click Project - Cost GL Reconciliation -> Permissions

 

 

As you can see read access has been granted explicitly to duty roles associated with EBS and PSFT adaptors. All other duty roles would inherit the default access from Authenticated User application role which is set to No Access. This ensures that this subject area is not visible for Fusion adaptor users

 

2.2 Presentation Table:

 

Eg: Dim – Analysis Type is supported only for PSFT adaptor. We hide this presentation table from EBS and Fusion Adaptor customers.

 

Under Project - BillingAnalysis Type Permissions

 

 

As it can be seen above only users associated to PSFT duty roles would be able to view Analysis Type table. For EBS and Fusion adaptor users this table would be
hidden.

 

2.3 Individual Columns:

 

Eg: Interproject Billing Amount metric in Project-Billing subject area is supported only for EBS and Fusion adaptors. We hide this individual column from PSFT
customers.

 

Under Project - Billing Fact – Project Billing Interproject Invoice Amount -> Permissions

 

 

As it can be seen above this metric would be viewed by EBS and Fusion adaptor users and hidden from PSFT adaptor users.

 

Save the rpd, do a consistency check and deploy the updated rpd in the OBIEE server.

 

  1. Additional Information –

 

General Details about 11.1.1.7.1 OBIA can be found here

 

Join the discussion

Comments ( 1 )
  • James Friday, February 28, 2014

    .......


Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.