Working with Permissions
Permissions secure access to applications, dimensions, data chain objects, and data.
Videos
Your Goal | Watch This Video |
---|---|
Learn about permissions. |
Setting Up Roles and Permissions in Oracle Enterprise Data Management Cloud |
Permission Levels and Data Objects
The following table lists the permissions that you can assign to data objects and the actions that can be performed. For more information on the permission levels and cascading, see Permission Cascading.
Table 24-1 Data Object Permissions and Actions
You must have at least this permission | On this data object | To perform these actions: |
---|---|---|
Metadata Manager | Application |
|
Owner | Application | Delete an application |
Metadata Manager | Dimension |
|
Metadata Manager | Dimension | Archive and unarchive a dimension |
Data Manager | Application | Import or export data for all dimensions in the application |
Data Manager or Metadata Manager | Application |
|
Data Manager or Metadata Manager | Dimension |
|
Data Manager | Dimension | Import, export, and update data for this dimension |
Participant (Write) | Application | Create a new request or act as a request assignee for any dimension in an application |
Participant (Write) | Dimension | Create a new request or act as a request assignee for requests that use this dimension |
Participant (Write) Note: The user or group can perform only the request actions that their data access permits. |
Hierarchy Set | Create a request or act as a request assignee for requests that insert, move, remove, and
reorder nodes in a hierarchy set
Note: When you grant a user Participant (Write) permission on a hierarchy set, that user is also granted implicit Participant (Read) permission on any node type in that hierarchy set. |
Participant (Write) Note: The user or group can perform only the request actions that their data access permits. |
Node Type | Create a request or act as a request assignee for requests that add or delete nodes or that
update node properties
Note: When you grant a user Participant (Write) permission on a node type, they are not granted any implicit permissions on the hierarchy sets that use that node type. Thus, that user cannot add or delete nodes in a hierarchy set unless they are also granted Participant (Write) permission to that hierarchy set. |
Participant (Read) | Application | Browse a viewpoint that contains data for any dimension in the application |
Participant (Read) | Dimension | Browse a viewpoint that contains data for this dimension |
Participant (Read) | Hierarchy Set | Browse a viewpoint that contains data for this hierarchy set and the node types in this
hierarchy set
Note: When you grant a user Participant (Read) permission on a hierarchy set, that user is also granted Participant (Read) permission on the node type in that hierarchy set. |
Participant (Read) | Node Type | Browse a viewpoint that contains data for this node type in a list only |
Adding, Removing, and Editing Permissions
You add, remove, and edit permissions to a data object from the Permissions tab of the object inspector. You must have Owner or Metadata Manager permission on the application or dimension that contains the data object in order to do so.
Note:
You can run a report to determine the permissions that have been assigned across all applications. For more information, see Working with Reports.
To add permissions to a user or group on a data object:
- Open the object inspector for the data object. See, for example:
- On the Permissions tab, click Edit.
- In the Add a user or Add a group drop down list,
select the user or group that you want to grant permission to.
Note:
Groups that do not currently contain any users are indicated by a icon. Service Administrators can assign users to the groups in Access Control. See Overview of Access Control in Administering Access Control for Oracle Enterprise Performance Management Cloud. - (Optional) To display the users in a group, click .
- In the Permission drop down list, select the permission level to grant to
the user or group.
- (Optional) For the Participant permission, you can also specify data access. See Configuring Data Access.
- Click Save.
To remove a permission from a user or group on a data object:
- Open the object inspector.
- On the Permissions tab, click Edit.
- Navigate to the permission that you want to remove, click in the Actions column, and then select Remove.
- Click Save.
To edit a permission on a data object:
- Open the object inspector.
- On the Permissions tab, click Edit.
- In the Permission drop down list, select a new value for the permission that you want to edit.
- Click Save.
To see how roles and permissions work together, see Security Examples.