Oracle^® Business Intelligence Applications Installation and Configuration Guide > Integrated Security for Oracle BI Applications >

Metadata Object-Level Security in Oracle BI Applications

Object-level security controls access to various Analytics objects, primarily metadata and Presentation Services objects.

Metadata Object-Level Security (Repository Groups)

Repository groups control access to metadata objects such as subject areas, tables and columns.

Where is Repository Groups Security Configured?

Metadata object security is configured in the Analytics repository (OracleBIAnalyticsApps.rpd) using the Oracle BI Administration Tool. The User Group Everyone is denied access to each of the subject areas. Each subject area is configured to give explicit read access to selected related responsibilities. This access can be extended to table and column level.

NOTE:  In the shipped product, only permissions at the subject area level have been configured.

The exceptions to the explicit configuration rule are the Communications and Financial Analytics industry applications, where there are tables and columns specific to these two industries scattered throughout the general Siebel operational application subject areas. These industry-specific metadata objects are hidden from other groups.

Oracle Business Intelligence supports hierarchies within the groups in the repository. In the Analytics repository there are certain groups that are parent groups, which define the behavior of all the child groups. Inheritance is used to let permissions ripple through to child groups. The parent groups and their purpose are shown in Table 106.

Metadata Object-Level (Presentation Services) Security in Oracle BI Applications

Presentation Services objects, such as dashboards and pages, are controlled using Presentation Services groups, which have the same name as the Siebel responsibilities. Access to dashboards and pages is controlled using the Presentation Services groups. If you log on as a user who belongs to the Presentation Services group Field Sales Representative Analytics, then you see only the Overview, Forecasting, and Details pages within the Pipeline Dashboard. In a similar fashion, you see only dashboards that allow you access to at least one page within that dashboard. These groups are customized in the Oracle BI Web interface.

For Oracle Business Intelligence integrated with Oracle's Siebel operational applications, Presentation Services security makes use of the following principles:

• Security in Presentation Services has been pre-configured for the groups listed in Table 106 for each application.
• Permissions to each dashboard in Presentation Services are matched with the permissions of each related Siebel operational application view. In the Siebel operational application, views are controlled through responsibilities. However, in Oracle Business Intelligence Presentation Services, access to dashboards for each group is controlled through Web Administration. If the two access setups do not match, both of the following situations can occur:
  • If users have access to a view in the Siebel operational application, but do not have access to the corresponding dashboard, then they receive an error message indicating that they do not have access to the dashboard.
  • If users try to access a dashboard containing reports based on a subject area to which they do not have access, they see a dashboard with no reports.