EPM Workspace allows the global administrator, item owner, or a user with full control privileges on an item to deny access to the item by assigning No Access to the item. No Access applies to users, groups, or roles and works. For example, Bob needs to publish a document for viewing by the sales group which includes Jane and John. Jane is a contractor and should not be able to view the document. John is the sales group’s administrative assistant and may need to modify the item. Bob publishes the document with the following access privileges:
Sales group gets view access
Jane gets no access
John gets modify access
In the example above, if Jane had the global administrator role or was the owner of the document, even though Bob gave her no access, she would still have full control access on the document.
Oracle Enterprise Performance Management Workspace, Fusion Edition determines no access using the following rules:
If an individual user is denied access, then the user cannot access the item in any way, unless the user is the owner or a global administrator
If the No Access is assigned to a group or role, a user that is in that group will have access to the item, if either:
The user is the owner of the item.
The user is granted access privileges to the item at the user level.
The user has the global administrator role.