Transactional Business Intelligence data security relies heavily on the Oracle Fusion Application concept of data security. It is through the various applications' implementation of the Oracle Fusion BI Security model that Transactional Business Intelligence realizes its own data security model. Transactional Business Intelligence administrators must understand Oracle Fusion Application data security and how it relates to Transactional Business Intelligence security administration.
Oracle Fusion Application data security is based on data security roles and privileges stored in FND_GRANTS as the security component providing data security services of the Oracle Fusion Application. This content encodes the role (which spans all applications), the application-specific privileges, which indicate which action can be performed against which entity (where an entity is a logical business object that may be comprised of multiple OLTP tables in the database schema), and a specification of the actual tables and SQL WHERE clause that filters the data base rows constituting the logical entity.
Privileges are assigned to job roles in FND_GRANTS. This security implementation model means that the same privilege can be specified by any number of roles for any number of row sets (which define the logical entities).
An Oracle Fusion Business Intelligence View Object (BI view object)–the type of Oracle ADF view object defined by Oracle Fusion Applications on behalf of Oracle BI (and Transactional Business Intelligence in particular)–enforces OLTP data security by looking up its security specification at runtime, from FND_GRANTS.
An existing FND_GRANT security specification is referenced indirectly through a single Oracle ADF view criteria object attached to the BI view object. The BI view object's view criteria is the security filter of the BI VO and is given a name of the form FNDDSxxx_Privilege_ObjectName_ObjectAlias. The text of the name in this format directly references a FND_GRANTS specification.
The ATG runtime logic uses the BI view object's view criteria name to find the relevant FND_GRANTS specification and uses that specification in the generation of a declarative-mode SQL WHERE clause that enforces data security while also implementing the intended business functionality of the BI view object.
Note: | These BI view object view criteria are initially designed and developed as part of the design and development of Transactional Business Intelligence-targeted content of the Oracle Fusion Application itself, and might not require initial administrative steps. Ongoing administration of Transactional Business Intelligence security is handled within the context of a deployed application and the management of role hierarchies and provisioning of user names and passwords and data security privileges within the Oracle Fusion Application schema is handled through Oracle Platform Security Services. |
As mentioned, users can add job roles, associate new privileges with existing duty roles, and modify the mappings of job roles to duty roles. See the Transactional Business Intelligence User Help.