Service Authorization and User Privileges
Oracle Visual Builder Add-in for Excel does not have access to the user identity or any kind of privilege/role/authorization information and can't check authorization prior to an operation. Instead, it is the service that enforces authorization and returns an error if the current user is not authorized to perform the requested operation.
If the workbook is configured to allow an operation the business user is not authorized for, the user may see an error such as an 403 Forbidden error. For these cases, the business user should follow up with the REST service owner or system administrator in order to be granted the appropriate privileges.
For an example of the privileges for REST API for Oracle Procurement Cloud, see Privileges in REST API for Oracle Procurement Cloud.
Stored Data
Oracle Visual Builder Add-in for Excel fetches information from REST services and stores it in the workbook. Some of this information is visible in the worksheets associated with the layouts. Some of this information is stored in non-visible caches inside the workbook. Cached information may include business data, choices for lists of values, error messages from upload, and so on. Some of this data might be considered sensitive and/or confidential.
Note:
Before sharing a copy of your workbook with another person, consider whether that person should have any access to this data!
You can use Publish an Integrated Excel Workbook to clear both visible and non-visible information from the published copy of the workbook before distributing it. This step is recommended prior to sharing an integrated workbook publicly.
Additionally, some REST service may implement data access controls that filter data based on the privileges of the current user. For example, a given user may get fewer rows on Download than a different user. This behavior is outside the control of the Excel add-in. If you are not seeing the data you expect, consult the corresponding REST services team.