5 Manage Roles, Users, and Access

As the functional administrator or security administrator, you manage users and their access to subject areas and data.

About Managing Roles, Users, and Access

As an administrator, one of your initial tasks is to ensure that users have appropriate access to use Oracle Fusion Analytics Warehouse.

Access to subject areas and data depends on the roles assigned to the users.

About Roles

Oracle Fusion Analytics Warehouse provides four role types:

  • Duty roles – Define the duties of a job as an entitlement to perform a particular action, such as access to an AP Transactions subject area.
  • Data roles – Provide access to the transactional data in the tables. Data roles group the users based on the functional access they have through a particular job role and a particular dimension of data. For example, a group of users based on invoices relevant only to their business unit.
  • System roles – Provide a set of privileges that allows users to perform system tasks after signing into Oracle Fusion Analytics Warehouse, such as administering system settings, performing functional setup, managing security, and modeling data.
  • Job roles – Inherit duty roles, data roles, and application roles that are assigned to users. A job role defines a user business function such as Vice President of Sales, Human Resources Analyst, and Procurement Buyer. Job roles and users are synchronized from Oracle Applications Cloud to Oracle Identity Cloud Service. The job roles are mapped as groups in Oracle Identity Cloud Service. You can also create custom job roles based on your business requirements.
Job Roles

Job roles synchronized from Oracle Applications Cloud into Oracle Identity Cloud Service are:

Job Role Code Job Roles Name Description Associated Data Role, Duty Role, and Application Role Functional Area
ORA_GL_FINANCIAL_ANALYST_JOB Financial Analyst Has Author privileges

Author

OA4F_FIN_AP_BUSINESS_UNIT_DATA

OA4F_FIN_AR_BUSINESS_UNIT_DATA

OA4F_FIN_GL_ACCESS_SET_DATA

OA4F_FIN_GL_ACCOUNT_ANALYSIS_DUTY

OA4F_FIN_GL_BALANCE_SHEET_ANALYSIS_DUTY

OA4F_FIN_GL_BUDGETS_ANALYSIS_DUTY

OA4F_FIN_GL_DETAIL_TRANSACTIONS_ANALYSIS_DUTY

OA4F_FIN_GL_PROFITABILITY_ANALYSIS_DUTY

GL
ORA_GL_GENERAL_ACCOUNTANT_JOB General Accountant Has Author privileges

Author

OA4F_FIN_AP_BUSINESS_UNIT_DATA

OA4F_FIN_AR_BUSINESS_UNIT_DATA

OA4F_FIN_GL_ACCESS_SET_DATA

OA4F_FIN_GL_ACCOUNT_ANALYSIS_DUTY

OA4F_FIN_GL_BALANCE_SHEET_ANALYSIS_DUTY

OA4F_FIN_GL_BUDGETS_ANALYSIS_DUTY

OA4F_FIN_GL_DETAIL_TRANSACTIONS_ANALYSIS_DUTY

OA4F_FIN_GL_PROFITABILITY_ANALYSIS_DUTY

GL
ORA_GL_GENERAL_ACCOUNTING_MANAGER_JOB General Accounting Manager Has Author privileges

Author

OA4F_FIN_AP_BUSINESS_UNIT_DATA

OA4F_FIN_AR_BUSINESS_UNIT_DATA

OA4F_FIN_GL_ACCESS_SET_DATA

OA4F_FIN_GL_ACCOUNT_ANALYSIS_DUTY

OA4F_FIN_GL_BALANCE_SHEET_ANALYSIS_DUTY

OA4F_FIN_GL_BUDGETS_ANALYSIS_DUTY

OA4F_FIN_GL_DETAIL_TRANSACTIONS_ANALYSIS_DUTY

OA4F_FIN_GL_PROFITABILITY_ANALYSIS_DUTY

GL
ORA_AP_ACCOUNTS_PAYABLE_MANAGER_JOB Accounts Payable Manager Has Author privileges

Author

OA4F_FIN_AP_AGING_ANALYSIS_DUTY

OA4F_FIN_AP_BUSINESS_UNIT_DATA

OA4F_FIN_AP_EXPENSES_ANALYSIS_DUTY

OA4F_FIN_AP_HOLDS_ANALYSIS_DUTY

OA4F_FIN_AP_INVOICES_ANALYSIS_DUTY

OA4F_FIN_AP_LIABILITIES_ANALYSIS_DUTY

OA4F_FIN_AP_PAYMENTS_ANALYSIS_DUTY

AP
ORA_AP_ACCOUNTS_PAYABLE_SPECIALIST_JOB Accounts Payable Specialist Has Author privileges

Author

OA4F_FIN_AP_AGING_ANALYSIS_DUTY

OA4F_FIN_AP_BUSINESS_UNIT_DATA

OA4F_FIN_AP_EXPENSES_ANALYSIS_DUTY

OA4F_FIN_AP_HOLDS_ANALYSIS_DUTY

OA4F_FIN_AP_INVOICES_ANALYSIS_DUTY

OA4F_FIN_AP_LIABILITIES_ANALYSIS_DUTY

OA4F_FIN_AP_PAYMENTS_ANALYSIS_DUTY

AP
ORA_AP_ACCOUNTS_PAYABLE_SUPERVISOR_JOB Accounts Payable Supervisor Has Author privileges

Author

OA4F_FIN_AP_AGING_ANALYSIS_DUTY

OA4F_FIN_AP_BUSINESS_UNIT_DATA

OA4F_FIN_AP_EXPENSES_ANALYSIS_DUTY

OA4F_FIN_AP_HOLDS_ANALYSIS_DUTY

OA4F_FIN_AP_INVOICES_ANALYSIS_DUTY

OA4F_FIN_AP_LIABILITIES_ANALYSIS_DUTY

OA4F_FIN_AP_PAYMENTS_ANALYSIS_DUTY

AP
ORA_AR_ACCOUNTS_RECEIVABLE_MANAGER_JOB Accounts Receivable Manager Has Author privileges

Author

OA4F_FIN_AR_ADJUSTMENTS_ANALYSIS_DUTY

OA4F_FIN_AR_AGING_ANALYSIS_DUTY

OA4F_FIN_AR_APPLICATIONS_ANALYSIS_DUTY

OA4F_FIN_AR_BUSINESS_UNIT_DATA

OA4F_FIN_AR_CREDITMEMO_ANALYSIS_DUTY

OA4F_FIN_AR_TRANSACTIONS_ANALYSIS_DUTY

OA4F_FIN_AR_REVENUE_ANALYSIS_DUTY

AR
ORA_AR_ACCOUNTS_RECEIVABLE_SPECIALIST_JOB Accounts Receivable Specialist Has Author privileges

Author

OA4F_FIN_AR_ADJUSTMENTS_ANALYSIS_DUTY

OA4F_FIN_AR_AGING_ANALYSIS_DUTY

OA4F_FIN_AR_APPLICATIONS_ANALYSIS_DUTY

OA4F_FIN_AR_BUSINESS_UNIT_DATA

OA4F_FIN_AR_CREDITMEMO_ANALYSIS_DUTY

OA4F_FIN_AR_TRANSACTIONS_ANALYSIS_DUTY

OA4F_FIN_AR_REVENUE_ANALYSIS_DUTY

AR
ORA_FND_INTEGRATION_SPECIALIST_JOB Integration Specialist Individual responsible for planning, coordinating, and supervising all activities related to the integration of enterprise information systems. Has author privileges.

Author

OA4F_COMMON_DATA_ADMIN_ANALYSIS_DUTY

Common
ORA_PER_HUMAN_RESOURCE_ANALYST_JOB Human Resource Analyst Has Author privileges

Author

OAF4_HCM_GAINS_LOSS_TRANSACTION_ANALYSIS_DUTY

OA4F_HCM_HR_ANALYST_VIEW_ALL_DATA

OA4F_HCM_WORKFORCE_CORE_ANALYSIS_DUTY

Workforce
ORA_PER_LINE_MANAGER_ABSTRACT Line Manager Has Author privileges

Author

OAF4_HCM_GAINS_LOSS_TRANSACTION_ANALYSIS_DUTY

OA4F_HCM_LINE_MANAGER_DATA

OA4F_HCM_WORKFORCE_CORE_ANALYSIS_DUTY

Workforce
ORA_PER_HUMAN_RESOURCE_SPECIALIST_JOB Human Resource Specialist Has Author privileges

OA4F_HCM_VIEW_ALL_DATA

OA4F_HCM_WORKFORCE_CORE_ANALYSIS_DUTY

OAF4_HCM_GAINS_LOSS_TRANSACTION_ANALYSIS_DUTY

Author

Workforce
ORA_PER_HUMAN_RESOURCE_MANAGER_JOB Human Resource Manager Has Author privileges

OA4F_HCM_VIEW_ALL_DATA

OA4F_HCM_WORKFORCE_CORE_ANALYSIS_DUTY

OAF4_HCM_GAINS_LOSS_TRANSACTION_ANALYSIS_DUTY

Author

Workforce
ORA_IRC_RECRUITER_JOB Recruiter Has Author privileges

OA4F_HCM_REC_REQ_DATA

OA4F_HCM_REC_ANALYSIS_DUTY

Author

Talent
ORA_IRC_RECRUITING_MANAGER_JOB Recruiting Manager Has Author privileges

OA4F_HCM_REC_REQ_DATA

OA4F_HCM_REC_ANALYSIS_DUTY

Author

Talent
ORA_IRC_HIRING_MANAGER_ABSTRACT Hiring Manager Has Author privileges

OA4F_HCM_REC_REQ_DATA

OA4F_HCM_REC_ANALYSIS_DUTY

Author

Talent
Duty Roles

Duty roles to secure subject areas are:

Duty Role Code Duty Role Name Duty Role Description Functional Area Gets access to Subject Area Display Name OR Associated Role
OA4F_FIN_GL_BALANCE_SHEET_ANALYSIS_DUTY General Ledger Balance Sheet Analysis Duty Object security role to control presentation catalog access to Financials GL Balance Sheet subject area. GL Financials - GL Balance Sheet
OA4F_FIN_GL_PROFITABILITY_ANALYSIS_DUTY Profitability Analysis Duty Object security role to control presentation catalog access to Financials GL Profitability subject area. GL Financials - GL Profitability
OA4F_FIN_GL_DETAIL_TRANSACTIONS_ANALYSIS_DUTY General Ledger Detail Transactions Analysis Duty Object security role to control presentation catalog access to Financials GL Detail Transactions subject area. GL Financials - GL Detail Transactions
OA4F_FIN_GL_BUDGETS_ANALYSIS_DUTY General Ledger Budget Analysis Duty Object security role to control presentation catalog access to Financials GL Budgets subject area. GL Financials - GL Budgets
OA4F_FIN_GL_ACCOUNT_ANALYSIS_DUTY General Ledger Account Analysis Duty Object security role to control presentation catalog access to GL Account Analysis subject area. GL Financials - GL Account Analysis
OA4F_FIN_AP_AGING_ANALYSIS_DUTY Accounts Payable Aging Analysis Duty Object security role to control presentation catalog access to Financials Accounts Payable Aging subject area. AP Financials – AP Aging
OA4F_FIN_AP_INVOICES_ANALYSIS_DUTY Accounts Payable Invoices Analysis Duty Object security role to control presentation catalog access to Financials Accounts Payable Invoices subject area. AP Financials – AP Invoices
OA4F_FIN_AP_LIABILITIES_ANALYSIS_DUTY Accounts Payable Liabilities Analysis Duty Object security role to control presentation catalog access to Financials Accounts Payable Liabilities subject area. AP Financials – AP Liabilities
OA4F_FIN_AP_PAYMENTS_ANALYSIS_DUTY Accounts Payable Payments Analysis Duty Object security role to control presentation catalog access to Financials Accounts Payable Payments subject area. AP Financials – AP Payments
OA4F_FIN_AP_EXPENSES_ANALYSIS_DUTY Accounts Payable Expenses Analysis Duty Object security role to control presentation catalog access to Financials Accounts Payable Expenses subject area. AP Financials - AP Expenses
OA4F_FIN_AP_HOLDS_ANALYSIS_DUTY Accounts Payable Holds Analysis Duty Object security role to control presentation catalog access to Financials Accounts Payable Holds subject area. AP Financials - AP Holds
OA4F_FIN_AR_AGING_ANALYSIS_DUTY Accounts Receivable Aging Analysis Duty Object security role to control presentation catalog access to Financials Accounts Receivable Aging subject area. AR Financials – AR Aging
OA4F_FIN_AR_TRANSACTIONS_ANALYSIS_DUTY Accounts Receivable Transactions Analysis Duty Object security role to control presentation catalog access to Financials Accounts Receivable Transactions subject area. AR Financials – AR Transactions
OA4F_FIN_AR_APPLICATIONS_ANALYSIS_DUTY Accounts Receivable Receipts and Applications Analysis Duty Object security role to control presentation catalog access to Financials Accounts Receivable Receipts and Applications subject area. AR Financials – AR Receipts and Applications
OA4F_FIN_AR_CREDITMEMO_ANALYSIS_DUTY Accounts Receivable Credit Memo Applications Analysis Duty Object security role to control presentation catalog access to Financials Accounts Receivable Credit Memo Applications subject area. AR Financials – AR Credit Memo Applications
OA4F_FIN_AR_ADJUSTMENTS_ANALYSIS_DUTY Accounts Receivable Adjustments Analysis Duty Object security role to control presentation catalog access to Financials Accounts Receivable Adjustments subject area. AR Financials – AR Adjustments
OA4F_FIN_AR_REVENUE_ANALYSIS_DUTY Accounts Receivable Revenue Analysis Duty Object security role to control presentation catalog access to Financials Accounts Receivable Revenue subject area. AR Financials - AR Revenue
OA4F_COMMON_DATA_ADMIN_ANALYSIS_DUTY Data Warehouse Refresh and Usage Tracking Analysis Duty Object security role to control presentation catalog access to Warehouse Refresh subject areas and Usage Tracking subject areas. Common Common - Usage Tracking Statistics

Common - Warehouse Refresh Statistics

OA4F_HCM_WORKFORCE_CORE_ANALYSIS_DUTY Workforce Core Analysis Duty Object security role to control presentation catalog access to Workforce Core subject area. Workforce Workforce - Core
OA4F_HCM_WORKFORCE_CORE_DIV_ANALYSIS_DUTY Workforce Core Diversity Analysis Duty Used to prevent access to Diversity related folders from Workforce Core subject area. It cannot be used in conjunction with Workforce Core Analysis Duty. Workforce Workforce - Core
OAF4_HCM_GAINS_LOSS_TRANSACTION_ANALYSIS_DUTY Workforce Gains and Losses Transaction Analysis Duty Object security role to control presentation catalog access to Workforce Gains and Losses subject area. Workforce Workforce Gains and Losses
OA4F_HCM_GAINS_LOSS_TRANSACTION_DIV_ANALYSIS_DUTY Workforce Gains and Losses Diversity Transaction Analysis Duty Used to prevent access to Diversity related folders from Workforce Gains and Losses subject area. It cannot be used in conjunction with Workforce Gains and Losses Transaction Analysis Duty. Workforce Workforce Gains and Losses
OA4F_HCM_REC_ANALYSIS_DUTY Recruitment Analysis Duty Role Object security role to control presentation catalog access to HCM - Talent Acquisition subject area. Talent HCM - Talent Acquisition
Data Roles

Data roles to secure data are:

Data Role Code Data Role Name Description Functional Area
OA4F_FIN_GL_ACCESS_SET_DATA General Ledger Access Set Data Security Data security role to access ledger set based data GL
OA4F_FIN_AP_BUSINESS_UNIT_DATA Accounts Payable Business Unit Data Security Data security role to access accounts payable business unit based data AP
OA4F_FIN_AR_BUSINESS_UNIT_DATA Accounts Receivable Business Unit Data Security Data security role to access accounts receivable business unit based data AR
OA4F_HCM_LINE_MANAGER_DATA Oracle Fusion Analytics Warehouse HR Line Manager Data Role Human Capital Management data security policy for the supervisor hierarchy Workforce
OA4F_HCM_HR_ANALYST_VIEW_ALL_DATA Oracle Fusion Analytics Warehouse HR Analyst View All Data Role Human Capital Management data security policy to view all data Workforce
OA4F_HCM_VIEW_ALL_DATA Oracle Fusion Analytics Warehouse View All Data Role Human Capital Management data security policy to view all data Workforce
OA4F_HCM_LEGAL_EMPLOYER_DATA Oracle Fusion Analytics Warehouse HCM Legal Employer Data Role Human Capital Management data security policy for the legal employer data security context Workforce
OA4F_HCM_DEPARTMENT_DATA Oracle Fusion Analytics Warehouse HCM Department Data Role Human Capital Management data security policy for the department data security context Workforce
OA4F_HCM_BUSINESS_UNIT_DATA Oracle Fusion Analytics Warehouse HCM Business unit Data Role Human Capital Management data security policy for the business unit data security context Workforce
OA4F_HCM_REC_REQ_DATA Recruitment Job Requisition Data Security Recruitment job requisition data security Talent
OA4F_HCM_REC_ALL_REQ_DATA Recruitment Job Requisition View All Data Security Recruitment job requisition to view all data security Talent
System Roles

The system roles for Oracle Fusion Analytics Warehouse available in Oracle Identity Cloud Service through Oracle Fusion Analytics Warehouse provisioning are:

Role Name Role Description Purpose Permissions
Administrator Tenant administrator for service instances Creates and manages Oracle Fusion Analytics Warehouse instances and administers Oracle Identity Cloud Service users and roles.
  • Creates and manages Oracle Fusion Analytics Warehouse instances
  • Administers Oracle Identity Cloud Service users and roles
  • Has no access to the Data Pipeline user interface
  • Has no access to the Data Security user interface
  • Has no access to the Job Monitoring Console user interface
  • Has no access to the Console menu
  • Has no access to user and role administration
  • Has no access to decks, cards, KPIs, visualizations, projects, and content
Service Administrator Oracle Fusion Analytics Warehouse service administrator Customer facing (Snapshots, Connections, System Settings) administrator access to Oracle Fusion Analytics Warehouse.
  • Can't create snapshots or modify the data model file (RPD)
  • Can access the Data Pipeline user interface
  • Can access the Data Security user interface
  • Has no access to the Job Monitoring console
  • Can access the Console menu
  • Can access the user and role administration pages
  • Can access the Semantic Model Extensions user interface
  • Has read-only access to the ready-to-use Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses)
  • Requests from Oracle Fusion Analytics Warehouse to Oracle Analytics Cloud are routed through the Service Administrator user
  • Can create, update, and delete the Oracle Analytics Cloud content
  • Has read-only access to the ready-to-use KPIs
  • Can create, update, and delete KPIs
  • Can create, update, and delete decks and cards
  • Can share decks and cards
  • Can create Oracle Analytics Publisher reports
  • Has no access to data modeling
  • Has access to Oracle BI Scheduler
  • Has access to create Oracle Analytics Cloud connections to other non-Oracle Applications sources, such as Excel files and Google drive
  • Has access to create Oracle Analytics Cloud data sets
Functional Administrator Oracle Fusion Analytics Warehouse functional administrator Performs functional configuration (pipeline, reporting) in Oracle Fusion Analytics Warehouse.
  • Can access the Data Pipeline user interface
  • Has no access to the Data Security user interface
  • Has no access to the Job Monitoring console
  • Can access the Console menu
  • Has no access to user and role administration
  • Has no access to the Semantic Model Extensions user interface
  • Has no access to the ready-to-use Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses)
  • Has no access to the ready-to-use KPIs
  • Has no access to decks, KPIs, and Oracle Analytics Cloud projects
  • Can't create any Oracle Analytics Cloudcontent and KPIs
  • Can't create, update, and delete decks and cards
  • Can't share decks and cards
  • Has no access to Oracle Analytics Publisher
  • Has no access to data modeling
  • Has no access to Oracle BI Scheduler
  • Has no access to create Oracle Analytics Cloud connections
  • Has no access to create Oracle Analytics Cloud data sets
Security Administrator Oracle Fusion Analytics Warehouse security administrator Administers system roles and data security.
  • Has no access the Data Pipeline user interface
  • Has access to the Data Security user interface
  • Has no access to the Job Monitoring console
  • Can access the Console menu
  • Has access to user and role administration
  • Has no access to the Semantic Model Extensions user interface
  • Has no access to the ready-to-use Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses)
  • Has no access to the ready-to-use KPIs
  • Has no access to decks, KPIs, and Oracle Analytics Cloud projects
  • Can't create any Oracle Analytics Cloud content and KPIs
  • Can't create, update, and delete decks and cards
  • Can't share decks and cards
  • Has no access to Oracle Analytics Publisher and data modeling
  • Has no access to Oracle BI Scheduler
  • Has no access to create Oracle Analytics Cloud connections
  • Has no access to create Oracle Analytics Cloud data sets
Modeler Administrator Oracle Fusion Analytics Warehouse data model administrator Promote data model (RPD) customization to the Oracle Analytics Cloud instance.
  • Has no access to the Data Pipeline user interface
  • Has no access to the Data Security user interface
  • Has no access to the Job Monitoring console
  • Can access the Console menu
  • Has no access to user and role administration
  • Can access the Semantic Model Extensions user interface
  • Can access the ready-to-use Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses)
  • Can access the ready-to-use KPIs
  • Can create KPIs
  • Can createOracle Analytics Cloud content
  • Can't create, update, and delete decks and cards
  • Can't share decks and cards
  • Can create Oracle Analytics Publisher reports
  • Has no access to data modeling
  • Has no access to Oracle BI Scheduler
  • Can create Oracle Analytics Cloud connections
  • Can create Oracle Analytics Cloud data sets
Modeler Oracle Fusion Analytics Warehouse modeler Modify the semantic model to bring in custom dimensions and attributes.
  • Has no access to the Data Pipeline user interface
  • Has no access to the Data Security user interface
  • Has no access to the Job Monitoring console
  • Can access the Console menu
  • Has no access to user and role administration
  • Can access the Semantic Model Extensions user interface
  • Can access the ready-to-use Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses)
  • Can access the ready-to-use KPIs
  • Can create Oracle Analytics Cloud content
  • Can create KPIs
  • Can't create, update, and delete decks and cards
  • Can't share decks and cards
  • Can create Oracle Analytics Publisher reports
  • Has no access to data modeling
  • Has no access to Oracle BI Scheduler
  • Can create Oracle Analytics Cloud connections
  • Can create Oracle Analytics Cloud data sets
Author Oracle Fusion Analytics Warehouse author Create and edit KPIs, cards, decks, visualization projects, reports, and dashboards.
  • Has no access to the Data Pipeline user interface
  • Has no access to the Data Security user interface
  • Has no access to the Job Monitoring console
  • Has no access to the Console menu
  • Has no access to user and role administration
  • Has no access to the Semantic Model Extensions user interface

  • Has read-only access to the ready-to-use Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses); if you need a change, then create a copy using "Save As"
  • Has read-only access to the ready-to-use KPIs
  • Can edit the custom Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses)
  • Can edit the custom KPIs
  • Can change the filter values for existing visualization projects
  • Can add filters for existing visualization projects
  • Can create and edit Oracle Analytics Cloud content, KPIs, decks, and cards
  • Can delete custom KPIs, decks, and cards
  • Can consume KPIs, cards, and decks created by other users on which they have access permissions
  • Can share decks and cards
  • Can create Oracle Analytics Publisher reports
  • Has no access to data modeling
  • Has no access to Oracle BI Scheduler
  • Has no access to create Oracle Analytics Cloud connections
  • Has access to create Oracle Analytics Cloud data sets
Consumer Oracle Fusion Analytics Warehouse consumer Read access to Oracle Analytics Cloud content and can create cards and decks.
  • Has no access to the Data Pipeline user interface
  • Has no access to the Data Security user interface
  • Has no access to the Job Monitoring console
  • Has no access to the Console menu
  • Has no access to user and role administration
  • Has no access to the Semantic Model Extensions user interface

  • Has read-only access to the ready-to-use Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses)
  • Has read-only access to the ready-to-use KPIs
  • Has read-only access to the custom Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses)
  • Has read-only access to the custom KPIs
  • Can change the filter values for the existing visualization projects
  • Can't add filters for the existing visualization projects
  • Can't create any Oracle Analytics Cloud content
  • Can't create any KPIs
  • Can create, update, and delete decks and cards
  • Can share decks and cards
  • Has read-only access to Oracle Analytics Publisher
  • Has no access to data modeling
  • Has no access to Oracle BI Scheduler
  • Has no access to create Oracle Analytics Cloud connections
  • Has access to create Oracle Analytics Cloud data sets

About Users

Oracle Fusion Analytics Warehouse uses the Oracle Applications Cloud users from Oracle Identity Cloud Service.

You also create job roles in Oracle Identity Cloud Service and then assign the job roles to the users. See Create and Associate Users and Job Roles

About Access

You provide access to subject areas and data by assigning job roles to users in Oracle Fusion Application Services. Job roles are associated with duty and data roles.

Create and Associate Users and Job Roles

If you've provisioned Oracle Fusion Analytics Warehouse with single sign-on, then use the information in this topic to create additional users and assign job roles to them. If you've provisioned Oracle Fusion Analytics Warehouse without single sign-on, then use this topic to create all users and assign job roles to them.

When you set up provisioning with single sign-on, you enable synchronization of users and their associated roles from Oracle Applications Cloud to your federated Oracle Identity Cloud Service instance. After the initial synchronization, if you add users in your Oracle Applications Cloud instance, they'll be available in your federated Oracle Identity Cloud Service instance because you've enabled synchronization. These users are available in your federated Oracle Identity Cloud Service instance according to the schedule that you specified for the synchronization process to run. See Set Up Provisioning with Single Sign-On. You can also add additional users in your federated Oracle Identity Cloud Service instance through Oracle Fusion Analytics Warehouse using the User Management option in the Console.
When you set up provisioning without single sign-on, to access Oracle Fusion Analytics Warehouse, manually create Oracle Applications Cloud users and groups in Oracle Identity Cloud Service and then assign the groups to users in Oracle Identity Cloud Service.

Note:

After provisioning without single sign-on, if you create job roles, job role assignments, and users or revoke existing job roles and job role assignments, or terminate users in Oracle Applications Cloud, then you must also maintain these changes in Oracle Identity Cloud Service each time.

To create users and groups in Oracle Identity Cloud Service, you must be part of the IDCS_Administrators group. The person who ordered Oracle Fusion Analytics Warehouse is added to the IDCS_Administrators group during provisioning. If you're assigned the service administrator role later, then you must be added to the IDCS_Administrators group by a user who's already part of the IDCS_Administrators group before you can create users and groups in Oracle Identity Cloud Service.

  1. Make a list of the users and job roles in Oracle Applications Cloud who need access to Oracle Fusion Analytics Warehouse.

    Note:

    You need the exact user and job role names as they are in Oracle Applications Cloud. The names are case-sensitive.
  2. For users in Oracle Applications Cloud who need access to Oracle Fusion Analytics Warehouse, create equivalent users in Oracle Identity Cloud Service.
    1. In Oracle Identity Cloud Service, navigate to Users and click Add.
    2. Enter the user details as they are in Oracle Applications Cloud and then click Finish.

      Note:

      The user name is case-sensitive.
  3. Create groups in Oracle Identity Cloud Service that correspond to the job roles in Oracle Applications Cloud.

    Note:

    A group in Oracle Identity Cloud Service is the equivalent of a job role in Oracle Applications Cloud.
    1. In Oracle Identity Cloud Service, navigate to Groups and click Add.
    2. Enter the job role name as it is in Oracle Applications Cloud and then click Finish.

      Note:

      The group name is case-sensitive.
  4. Assign the group to the users.

    Note:

    A group to user mapping in Oracle Identity Cloud Service corresponds to a user to job role assignment in Oracle Applications Cloud.
    1. On the Groups page, select a group.
    2. For the group specific to the Oracle Applications Cloud job role, in the Users tab, click Assign and select the users that you want to associate with the group (job role).
  5. As the service administrator, if you need to assign additional groups such as service administrator, functional administrator, or security administrator to users, then perform the following steps:
    1. Sign in to Oracle Fusion Analytics Warehouse, open the Application Navigation menu, and then click Console.
    2. On the Console page, click Groups Management. You see the Groups page in Oracle Identity Cloud Service.
    3. On the Groups page, create three groups, namely the OAX Service Administrator group, OAX Functional Administrator group, and OAX Security Administrator group one at a time following these instructions:
      1. Click Add. You see the Add Group page.
      2. In Step 1: Group Details, enter the group name; for example, "OAX Service Administrator" for the first group, "OAX Functional Administrator" for the second group, and "OAX Security Administrator" for the third group. Click Next.
      3. In Step 2: Assign Users to Group (Optional), select the check box next to the name of each user that you want to add and then click Finish. Perform this action for each group.
    4. Return to the Console page in Oracle Fusion Analytics Warehouse and click Roles Management. You see the Job Roles page. Complete the following actions:
      1. On the Job Roles page, search for each group that you newly created. In the search results, select the group and then click Add to open the Add Roles page.
      2. In Add Roles, search for the applicable role and then add the role to the group. For example, in the Add Roles page for the OAX Service Administrator group, search for "service administrator", select the Service Administrator role, and click Add to add this role to the OAX Service Administrator group. Repeat this step to add the Functional Administrator role to the OAX Functional Administrator group and Security Administrator role to the OAX Security Administrator group.
    5. Click Back to Console and then click Apply.
The mappings that you make become available after approximately 20 minutes. The users that you added receive an email to activate their account. After activation, they must sign in to Oracle Fusion Analytics Warehouse and verify their access to data and objects.

Manage Custom Job Roles

Service administrators create custom job roles in Oracle Applications Cloud and synchronize them into Oracle Identity Cloud Service.

Create Custom Job Roles

As a security administrator, you can create custom job roles to meet your business requirements.

You create custom job roles in the Security Console of Oracle Applications Cloud. See Create Roles in the Security Console.

To use the custom job roles from Oracle Applications Cloud in Oracle Fusion Analytics Warehouse, you must either manually create and associate them in Oracle Identity Cloud Service or synchronize them with Oracle Identity Cloud Service. See Create and Associate Users and Job Roles.

Configure Job Roles

As a security administrator, you can map the data, duty, and system roles available for Oracle Fusion Analytics Warehouse with the job roles.

  1. Sign in to your service.
  2. In Oracle Fusion Analytics Warehouse, open the Application Navigation menu, click Console, and then click Roles Management.
    You see the Job Roles page displaying all the available job roles.
  3. On the Job Roles page, click a job role. For example, Accounts Payable Manager.
    You see the job role details page listing the various data, duty, and system roles.
  4. On the job role details page, to remove an existing data, duty, or system role mapped to a job role, select the check box for the existing role, and then click Remove.
  5. On the job role details page, to add a data, duty, or system role, click Add.
    You see the Add Roles dialog displaying available roles that haven't been assigned to this job role.
  6. Select the data, duty, or system role that you want to add to the job role and click Add.
    You see the Job Roles page with pending alerts for changes to the job roles that you updated.
  7. Click Discard Changes to abandon the planned changes or click Apply to confirm the changes.

Assign Job Roles to Users

Assign job roles to users to define their business functions such as Vice President of Sales, Human Resources Analyst, and Procurement Buyer.

  1. Sign in to your service.
  2. In Oracle Fusion Analytics Warehouse, open the Application Navigation menu, click Console, and then click User Management to access the Oracle Identity Cloud Service console for assigning roles to users.
  3. In the Oracle Identity Cloud Service console, expand the Navigation menu, and then click Users.
  4. Click the user account that you want to modify.
  5. Click Groups.

    Note:

    Groups are equivalent to job roles. See Understand Groups.
  6. Click Assign.
    To search for groups to assign to the user account, in the Search field, enter all or part of the beginning of the group names or descriptions that you want to locate, and then click Enter.
  7. In Assign Groups, select the check box for each group that you want to assign to the user account.
  8. Click OK.

Manage Data Security Assignments

As a security administrator, you need to map data security assignments to users to enable them to access content.

Topics:

Use the Data Security page to search all currently setup data security assignments. You may either search for all records or narrow your search to a specific security context, security value, or user. You can remove a security assignment that you had set up or add new security assignments to a user.

About Data Security Assignments

Data security assignments apply data filters to display only the data corresponding to the security assignment values assigned to the users.

You ensure data-level security with a combination of data roles and security assignments assigned to the user. You assign a user one or more job roles. The job roles have data roles mapped to them, and when querying data, the semantic layer applies data filters by data roles.

For Enterprise Resource Planning, the ledger, payables business unit, and receivables business unit values are restricted by the ledgers that you selected while setting up the report parameters. To establish the security permissions, you'd need to map users to security assignments. If a user doesn't have security assignment values mapped, then the user doesn't get to see any data sets corresponding to the job role (and implicitly data role) assigned to them. When you add data security assignments to a user, you ensure that the user can access specific data within a security context, such as ledger, payables business unit, or receivables business unit. See Set Up the Report Parameters for Enterprise Resource Planning.

For Human Capital Management, the data security is based on the line manager hierarchy defined in Oracle Applications Cloud for the user having the Line Manager role. A user with the HR Analyst role has access to all Human Capital Management data and no security restrictions are applied to the Human Capital Management data set.

Add Security Assignments to a User

The security assignment values that you can assign to a user are based on the user’s access to the appropriate context. You can assign a single user multiple security assignment values or multiple users to a single or multiple assignment values.

  1. Sign in to your service.
  2. In Oracle Fusion Analytics Warehouse, open the Application Navigation menu, click Console, and then click Data Security.
  3. On the Data Security page, click Add Assignments.
  4. In Add Security Assignments:
    1. Select the security context for which you want to add data security assignments to the user. For example, ledgers or a business unit.
    2. From the list of security assignments that you see based on the security context that you selected, select the values that you want to add to the user and move them to the right.

      Note:

      Previously added security assignments remain in place. The Add Security Assignment process adds only the new values.
    3. From the list of users that you see, select a user or multiple users to whom you want to assign the data security assignments and move them to the right. You can search for the users by providing a minimum 3-character search string.
    4. Click Add Assignments.

Manage Data Security Assignments for a User

As a security administrator, you can manage data security assignments that you had previously assigned. In the Manage Security Assignments page, you can revoke existing assignments for a user or add new assignments.

  1. Sign in to your service.
  2. In Oracle Fusion Analytics Warehouse, open the Application Navigation menu, click Console, and then click Data Security.
  3. The Users tab in the Data Security page lists all users who have assignments. If you want, you can enter a user name in User or select a user from the drop-down list, and click Search.

    You can also filter by the context or security assignments.

  4. From the search results, hover over the appropriate user you want to manage and click Manage Security Assignments.
  5. In Manage Security Assignments:
    1. Select the active assignments you want to revoke for the user.
    2. Click Revoke Assignments.
    3. Select the security context for which you want to add data security for the user. For example, Ledgers or a business unit.
    4. From the list of security values that you see based on the security context that you selected, select the values that you want to add to the user and move them to the right.

      Note:

      Previously added security assignments remain in place. The Add Security Assignment process adds only the new values.
    5. Click Add Assignments.

Copy Data Security Assignments for a User

As a security administrator, you can copy data security assignments from one user to another user.

  1. Sign in to your service.
  2. In Oracle Fusion Analytics Warehouse, open the Application Navigation menu, click Console, and then click Data Security.
  3. The Users tab in the Data Security page lists all users who have assignments. If you want, you can enter a user name in User or select a user from the drop-down list, and click Search.
    You can also filter by context or security value.
  4. From the search results, hover over the appropriate user you want to manage and click Copy Security Assignments.
  5. In Copy Security Assignments:
    1. Select the active assignments that you want to copy.
    2. From the list of users that you see, select a user or multiple users to whom you want to assign the data security values and move them to the right. You can search for the users by providing a minimum 3-character search string.
    3. Click Copy Assignments.

Manage Users for a Data Security Assignment

As a security administrator, you can manage users for existing data security assignments. In the Manage Users dialog, you can revoke users for an existing assignment or add new users for that assignment.

  1. Sign in to your service.
  2. In Oracle Fusion Analytics Warehouse, open the Application Navigation menu, click Console, and then click Data Security.
  3. The Security Assignments tab in the Data Security page lists all security assignments associated with users. If you want, you can enter a user name in User or select a user from the drop-down list, and click Search.
    You can also filter by context or security value.
  4. From the search results, hover over the appropriate assignment you want to manage and click Manage Users.
  5. In Manage Users:
    1. Select the users you want to remove from the assignment.
    2. Click Remove Users.
    3. From the list of users that you see, select a user or multiple users to whom you want to assign the data security values and move them to the right. You can search for the users by providing a minimum 3-character search string.
    4. Click Assign Users.