Monday Feb 24, 2014

How to Implement Object Security in Project Analytics in OBIA 11.1.1.7.1

Author: Vijay Rajgopal

Introduction

This blog details the steps needed to implement object security for any custom objects which the Customer has created in the Project Analytics Module in OBIA 11.1.1.7.1 onwards.

Object-level security controls the visibility to logical objects based on a user's duty/application roles. The access to following objects can be restricted using object level security: Presentation tables, Presentation table columns, Subject Areas, Reports, Dashboards, and Project Specific shared folders.

To apply object security over subject area, individual tables or individual column the default access for authenticated user application role must be set to No Access.

We need to explicitly grant read access to duty roles (which are based on adaptor as explained above) which can access/view the particular subject area or individual table or individual column.

Supported OBIA release: 11.1.1.7.1 onwards

  1. Project Analytics Application Roles used for enforcing object security –

In Enterprise Manager select WebLogic -> Domain -> bifoundation_domain -> Security -> Application Roles, Select obi application stripe and search for role name which starts with OBIA and you will see the list of all application roles that start with OBIA.


Following is the list of OOTB duty roles by adaptor

EBS Adaptor Duty Roles –

OBIA_EBS_PROJECT_EXECUTIVE_ANALYSIS_DUTY

OBIA_EBS_PROJECT_MANAGEMENT_ANALYSIS_DUTY

PSFT Adaptor Duty Roles –

OBIA_PSFT_PROJECT_EXECUTIVE_ANALYSIS_DUTY

OBIA_PSFT_PROJECT_MANAGEMENT_ANALYSIS_DUTY

Fusion Adaptor Duty Roles –

OBIA_PROJECT_EXECUTIVE_ANALYSIS_DUTY

OBIA_PROJECT_MANAGEMENT_ANALYSIS_DUTY

  1. Project Analytics object security implementation -

2.1 Subject Area:

Eg: Project - Cost GL Reconciliation is a newly added area for EBS and PSFT adaptors. We want to ensure that this subject area is not seen by Fusion Adaptor customers.

Bring down the OBIEE Server, backup the existing rpd and open the rpd in the Admin tool.

Double click Project - Cost GL Reconciliation à Permissions


As you can see read access has been granted explicitly to duty roles associated with EBS and PSFT adaptors. All other duty roles would inherit the default access from Authenticated User application role which is set to No Access. This ensures that this subject area is not visible for Fusion adaptor users

2.2 Presentation Table:

Eg: Dim – Analysis Type is supported only for PSFT adaptor. We hide this presentation table from EBS and Fusion Adaptor customers.

Under Project - BillingAnalysis Type Permissions


As it can be seen above only users associated to PSFT duty roles would be able to view Analysis Type table. For EBS and Fusion adaptor users this table would be hidden.

2.3 Individual Columns:

Eg: Interproject Billing Amount metric in Project-Billing subject area is supported only for EBS and Fusion adaptors. We hide this individual column from PSFT customers.

Under Project - Billing Fact – Project Billing Interproject Invoice Amount à Permissions


As it can be seen above this metric would be viewed by EBS and Fusion adaptor users and hidden from PSFT adaptor users.

Save the rpd, do a consistency check and deploy the updated rpd in the OBIEE server.

  1. Additional Information –

General Details about 11.1.1.7.1 OBIA can be found here

About

Oracle Blogs Admin-Oracle

Search

Categories
Archives
« March 2015
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
    
       
Today