BI Publisher Security

BI Publisher security can be separated into three categories:

  • Defining reports.

  • Running reports.

  • Viewing reports.

When you are defining Query-based reports, Query security determines which queries you can access and select from to create your BI Publisher report definitions. Security for editing and viewing report definitions is controlled by the Report Category ID attribute, which is set on theReporting Tools > BI Publisher > Setup > Report Category page.

Security for running and viewing BI Publisher reports is controlled by setting options in a number of places. This table illustrates where security can be set:

Activity

Security Settings

Query-based reports

(Non-Bursted)

Query-based reports

(Bursted)

Non-Query-based reports

(Non-Bursted)

Non-Query-based reports

(Bursted)

Running Reports

Query Security

X

X

NA

NA

Running Reports

Application Security

X

X

X

X

Running Reports

Process Scheduler Security

X

X

X

X

Viewing Report Definitions

Report Definition > Security page

X

X

X

X

Viewing Report Definitions

Report Definition > Bursting page

NA

X

NA

X

Application security and Process Scheduler security determine who can run reports. BI Publisher does not provide additional security beyond what Oracle currently provides. That means that the component security of the data extraction program drives access control to the associated reports. For processes, process security prevails and for queries, query security prevails. When you are running a Query-based report, the requester’s row-level security to the underlying data source always applies.

Query-based reports viewed online in real time from the Query Report Viewer respect query access groups for the user’s primary permission list. For non-Query-based reports viewed online in real time, security is controlled by the application.

When you are viewing a report that was run through either the Query Report Scheduler or the Process Scheduler, security is controlled by both the Distribution ID field on theReport Definition > Security page and, when theAllow viewer ID assignment at report runtime check box is selected, by those IDs selected at runtime on theProcess Scheduler Request > Distribution Detail page. Additional viewing security can also be defined for bursted reports on theReport Definition > Bursting page.

If no viewers are designated on the Report Definition > Security page and theAllow viewer ID assignment at report runtime is selected, then the report requestor’s ID is applied as a viewer by default at runtime. This applies to bursted reports as well.

See Setting Up Report Categories, Creating Report Definitions, Scheduling Process Requests.