Artifact Level Security

The second level of security is the artifact level, in which access permissions are granted to users, groups, or users and groups for:

  • Report packages

  • External Third-Party Content such as PDFs, images and Microsoft Office documents

  • Folders in the library

  • An application

  • Management Reports

Shows keys icon representing grant access to users and groups

When you see the keys in Oracle Narrative Reporting Cloud Service, you can grant access to users, groups, or users and groups.

When you create an artifact (report package, folder, application), you automatically have permission to edit, delete, and maintain that artifact. In addition, you can give other users, groups, or users and groups the ability to maintain or view that artifact by granting access to those users. Users who do not have access cannot see or access that artifact.

The permissions you can grant on an artifact depend on the artifact. For example, you can grant "Administer" or "View" permissions to Third-Party artifacts in a folder, whereas you can grant "Administer", "Write", or "View" permissions on a folder in a library. For an application, you can grant "ADMINISTER" or "USE" permissions. See Learning About Security for details on all the permissions.

Image showing a folder with folders underneath it to represent concept of inherited permissions

You can grant permissions to artifacts in the library using the concept of "inherited permissions". This gives you the ability to easily grant the same permissions that you set at a parent folder to the child folder(s) and artifacts underneath it. By default, folders are created with the Inherit Permissions box checked by default, but you can clear it if you wish. And, you may also individually override the inherited permissions for certain users and/or groups by directly assigning or revoking a permission. Note that the inherited permission check box is not the default for a report package, since granting access allows other users to view it immediately. A report package owner usually waits until a more appropriate time in the report package lifecycle rather than granting access at creation time.

See Granting Access for more details.

Reports Permissions

  1. In order to run a management report, the user must have at least the "View" permission on the artifact.

  2. In order to save a management report as a snapshot the user must have "View" permission on the artifact. Saved management reports can only be written to folders to which a viewer has "Write" access.

  3. When a management report snapshot is created, the system grants that user with the Report Administrator permission on the snapshot.

  4. When a management report snapshot is created from the definition, the snapshot does not get the permissions applied to the management report definition.