Working with Permissions

Permissions secure access to applications, dimensions, data chain objects, and data.

Videos

Your Goal Watch This Video

Learn about permissions.

video graphic Setting Up Roles and Permissions in Oracle Enterprise Data Management Cloud

Permission Levels and Data Objects

The following table lists the permissions that you can assign to data objects and the actions that can be performed. For more information on the permission levels and cascading, see Permission Inclusion and Cascading.

Table 20-1 Data Object Permissions and Actions

You must have at least this permission On this data object To perform these actions:
Owner Application
  • Create, update, and delete all data objects
  • Assign permissions for all data objects to other users and groups
  • Modify application registration
Owner Dimension
  • Create, update, and delete node sets, hierarchy sets, and node types in this dimension
  • Assign permissions to data chain objects in this dimension to other users and groups
Data Manager Application
  • Import, export, and update data for all dimensions in the application
  • Create and update a viewpoint for all dimensions in the application

    Note:

    You also need Owner permission on the view that contains the viewpoint.
  • Create and update a viewpoint subscription for all dimensions in the application

    Note:

    You also need Owner permission on the view that contains the viewpoint.
Data Manager Dimension
  • Import, export, and update data for this dimension
  • Create and update a viewpoint for this dimension

    Note:

    You also need Owner permission on the view that contains the viewpoint.
  • Create and update a viewpoint subscription for this dimension

    Note:

    You also need Owner permission on the view that contains the viewpoint.
Participant (Write) Application Create a new request or act as a request assignee for any dimension in an application
Participant (Write) Dimension Create a new request or act as a request assignee for requests that use this dimension
Participant (Write)

Note:

The user or group can perform only the request actions that their data access permits.
Hierarchy Set Create a request or act as a request assignee for requests that insert, move, remove, and reorder nodes in a hierarchy set

Note:

When you grant a user Participant (Write) permission on a hierarchy set, that user is also granted implicit Participant (Read) permission on any node type in that hierarchy set.
Participant (Write)

Note:

The user or group can perform only the request actions that their data access permits.
Node Type Create a request or act as a request assignee for requests that add or delete nodes or that update node properties

Note:

When you grant a user Participant (Write) permission on a node type, they are not granted any implicit permissions on the hierarchy sets that use that node type. Thus, that user cannot add or delete nodes in a hierarchy set unless they are also granted Participant (Write) permission to that hierarchy set.
Participant (Read) Application Browse a viewpoint that contains data for any dimension in the application
Participant (Read) Dimension Browse a viewpoint that contains data for this dimension
Participant (Read) Hierarchy Set Browse a viewpoint that contains data for this hierarchy set and the node types in this hierarchy set

Note:

When you grant a user Participant (Read) permission on a hierarchy set, that user is also granted Participant (Read) permission on the node type in that hierarchy set.
Participant (Read) Node Type Browse a viewpoint that contains data for this node type in a list only

Adding, Removing, and Editing Permissions

You add, remove, and edit permissions to a data object from the Permissions tab of the object inspector. You must have Owner permission on the application or dimension that contains the data object in order to do so.

Note:

You can run a report to determine the permissions that have been assigned across all applications. For more information, see Working with Reports.

To add permissions to a user or group on a data object:

  1. Open the object inspector for the data object. See, for example:
  2. On the Permissions tab, click Edit.
  3. In the Add a user or Add a group drop down list, select the user or group that you want to grant permission to.
  4. (Optional) To display the users in a group, click group information.
  5. In the Permission drop down list, select the permission level to grant to the user or group.
    screenshot shows the application inspector with the fields to add permissions displayed
  6. (Optional) For the Participant permission, you can also specify data access. See Configuring Data Access.
  7. Click Save.

To remove a permission from a user or group on a data object:

  1. Open the object inspector.
  2. On the Permissions tab, click Edit.
  3. Navigate to the permission that you want to remove, click Action in the Actions column, and then select Remove.
  4. Click Save.

To edit a permission on a data object:

  1. Open the object inspector.
  2. On the Permissions tab, click Edit.
  3. In the Permission drop down list, select a new value for the permission that you want to edit.
  4. Click Save.

To see how roles and permissions work together, see Security Examples.