Manage Data Access through Security Assignments

As a security administrator, you need to map data security assignments to users to enable data level access.

Use the Security Assignments tab on the Security page to search for the currently set up data security assignments. You may either search for all records or narrow your search to a specific security context, security value, or user. You can remove a security assignment that you had set up or add new security assignments to a user.

Topics:

• Create a Security Assignment
• Delete a Security Assignment
• Remove Users from a Security Assignment
• Manage Users for a Security Assignment
• Set Exclusion Rules for Security Assignments
• Download and Upload Data Security Exclusion Rules

Create a Security Assignment

Use these instructions to create a security assignment in a specific security context.

Security contexts are categories that contain values that you can secure a user for. For example, you can define which users have access to which "ledgers" or "departments". In this example, "ledgers" and "departments" are security contexts. Within "ledgers", you can have "ledger A", ledger B", or "ledger C" as values. You first select "ledger", then select a value such as "ledger A", and then select the users to secure for "ledger A". The selected users can access "ledger A".

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
   You see the Security page.
3. On the Security page, click the Security Assignments tab.
   You see all users who have been granted the security assignments in a specific security context.
4. Click New Assignment.
5. In New Security Assignment, under Select Security Assignments, select a security context, and then search for a security value or select from the displayed list.Move the selected security assignments to the column on the right.
6. Under Select Users, search for a user and select the user and move the user to the column on the right.
   Users are filtered based on the role associated with that context.
7. Click Add to Cart and then click View Cart.
8. In Security Assignments, click Apply Assignments.
   You can grant this security assignment to other users as required. Bulk assignments may take some time to process. See the Security Activity tab for details.

Delete a Security Assignment

Use these instructions to delete a security assignment. When you delete a security assignment, Oracle NetSuite Analytics Warehouse removes all users associated with the security assignment.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
   You see the Security page.
3. On the Security page, click the Security Assignments tab.
4. Select a security assignment from the displayed list of assignments or search for a security assignment and select it.
5. Click Delete Assignment.

Remove Users from a Security Assignment

You can revoke the security assignment granted to one or more users.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
   You see the Security page.
3. On the Security page, click the Security Assignments tab.
4. Select a security assignment from the displayed list of assignments or search for a security assignment and select it.
5. In the security assignment details region, select the users from the displayed list of users or search for and select the users.
6. Click Remove User.
7. In Revoke User Assignment, click Revoke Assignment.

Manage Users for a Security Assignment

As a security administrator, you can manage users for existing data security assignments. In the Manage Users dialog, you can revoke users for an existing assignment or add new users for that assignment.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
   You see the Security page.
3. On the Security page, click the Security Assignments tab.
4. Select a security assignment from the displayed list of assignments or search for a security assignment and select it.
5. In the security assignment details region, click Manage Users.
6. In Manage Users:
   1. Under Add User, search for a user and select the user.
   2. Under User, click the Delete icon to revoke the user from the assignment.
7. Click Save.

Set Exclusion Rules for Security Assignments

You can set up data security to exclude access for specific users within a security context for specific security assignments.

For example, you can grant access to all security assignments but the business unit ABC. This enables you to have a single rule for a single user within a security context. You can also remove the indirectly derived security assignments of the specific user. Ensure that the users for whom you want to exclude assignments are members of a group related to the security context. You can automate the application of the security exclusion rules by downloading the DataSecurityExclusionAssignments_csv.zip, making changes, and then uploading it; see Download and Upload Data Security Exclusion Rules.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
3. On the Security page, click Security Assignments, and then click Exclusion Rules.
4. On the Set Exclusion Rules for Security Assignments page, select the security context such as Ledgers in Security Context, select a user to exclude security assignments in Users, and then in Security Values, select the assignments that you want to exclude from the selected user within the selected security context.
   
   

   

   
   
5. Click Save.

Download and Upload Data Security Exclusion Rules

If you want to automate the application of the security exclusion rules, then download the file to make the changes and upload it.

Note:

Replace existing configuration settings deletes existing data security assignments.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Uploads under Application Administration.
3. On the Uploads page, click Download File and select Data Security Exclude Assignments, and then select the sample or current type of file that you want to download.
   
   

   

   
   
4. Unzip the DataSecurityExclusionAssignments_csv.zip file you downloaded and edit the csv file as required.
   When you're done updating the file, save your changes.
5. On the Uploads page, click Upload File and select Data Security Exclude Assignments in File Type.
   
   

   

   
   
6. Select whether you want to Merge to the existing settings or Replace existing configuration settings.
7. Select the file you want to upload and click Upload File.
   You can review the status of the upload on the Uploads tab.
8. Use Actions next to the file name to perform actions on a specific upload file:
   • Click Properties to check the upload statistics.
   • Click Download to download the file you just uploaded in the event you want to upload the file again.
   • Click Delete if a file fails to process and you want to remove the file history.