3 Manage Users, Groups, and Application Roles

As the service administrator or security administrator, you manage users and their access to subject areas and objects.

Topics:

• About Managing Users, Groups, and Application Roles
• Manage Users
• Manage Groups
• Manage Application Roles
• View Activity History

About Managing Users, Groups, and Application Roles

As the service administrator or security administrator, one of your initial tasks is to ensure that users have appropriate access to use Oracle NetSuite Analytics Warehouse.

Users need access to objects and data. Access to objects include subject areas or elements of subject areas such as folders and attributes, key metrics, workbooks, and the legacy Oracle BI Enterprise Edition dashboards and answers. You grant access to the users by assigning groups to them. The groups inherit the permissions from the application roles including the licensed roles (from release Platform 23.R4) mapped to them.You set up your security components on the production environment.

The enhanced security capabilities available from release Platform 23.R4 enable you to use the licensed application roles corresponding to the existing licensed groups made available in this release onwards. You can assign the licensed application roles to your custom groups. These licensed application roles are mapped by default to the existing ready-to-use licensed groups and are associated with the system roles. When you assign these ready-to-use licensed groups and custom groups to users, then the applicable users get the system privileges such as consumer, author, and administrator. You can continue to use the existing security capabilities till Oracle NetSuite Analytics Warehouse automatically applies them as part of the release 24.R2. These changes are mandatory and you can schedule the update sooner to enhance the security of your application.

About Users

Users accessing Oracle NetSuite Analytics Warehouse must exist in Oracle Identity Cloud Service.

You can create the users or synchronize them with the Oracle Identity Cloud Service instance associated with your Oracle NetSuite Analytics Warehouse instance from different sources:

• You can synchronize the Netsuite users with the Oracle Identity Cloud Service instance using the Configuration page for Oracle NetSuite Analytics Warehouse in NetSuite.
• You can manually create users in the Oracle Identity Cloud Service instance using the Oracle NetSuite Analytics Warehouse user interface.
• You can synchronize the users from other 3rd-party systems with the Oracle Identity Cloud Service instance.

Users gain their access to Oracle NetSuite Analytics Warehouse based on the NetSuite Analytics Warehouse-specific system groups assigned to them. They gain access to different functionality, objects, and data in Oracle NetSuite Analytics Warehouse based on the job-specific groups assigned to them.

You can assign the predefined system groups, groups available in the Oracle Identity Cloud Service instance associated with your Oracle NetSuite Analytics Warehouse instance, and custom groups that you create in Oracle NetSuite Analytics Warehouse. See Associate Users and Groups.

About Groups

Oracle NetSuite Analytics Warehouse uses groups to provide users access to subject areas, objects, and data.

Oracle NetSuite Analytics Warehouse uses the following three types of groups:

• System groups created in Oracle Identity Cloud Service specifically for Oracle NetSuite Analytics Warehouse. These system groups are associated with system roles that provide a set of privileges to the users to perform system tasks after signing into Oracle NetSuite Analytics Warehouse, such as administering system settings, performing functional setup, managing security, and modeling data.
• Other groups that are generic groups created in Oracle Identity Cloud Service not specifically for Oracle NetSuite Analytics Warehouse, such as IDCS_Administrators and All_Tenant_Users.

System Groups

Oracle NetSuite Analytics Warehouse creates the system groups in Oracle Identity Cloud Service while provisioning your Oracle NetSuite Analytics Warehouse instance.

System groups are associated with system roles that provide a set of privileges to users. The enhanced security capabilities available from release Platform 23.R4 provide licensed application roles corresponding to the existing licensed groups and are mapped by default to the existing ready-to-use system or licensed groups. The system roles or the licenses application roles (from release Platform 23.R4) serve two purposes:

• Authenticate a user for Oracle NetSuite Analytics Warehouse.
• License a user to use Oracle NetSuite Analytics Warehouse based on the system group they are assigned.

See System Roles and Licensed Roles.

You must add the users to the corresponding system groups based on the tasks they perform in Oracle NetSuite Analytics Warehouse. See Assign Users to a Group and Assign Groups to Users. Use the Users or Groups tabs on the Security page to add users to these system groups:

System Group Code	System Group Name	Description	Associated System Role*	Associated Licensed Application Role from release Platform 23.R4 Onwards
NAW_Licensed_Authors	NAW Licensed Authors	NetSuite Analytics Warehouse Licensed Users	Author	NAW Licensed Authors Role
NAW_Licensed_Users	NAW Licensed Users	NetSuite Analytics Warehouse Licensed Users	Author	NAW Licensed Authors Role
NAW_Licensed_Viewers	NAW Licensed Viewers	NetSuite Analytics Warehouse Licensed Viewers	Consumer	NAW Licensed Viewers Role
NAW_Service_Admin	NAW Service Admin	NetSuite Analytics Warehouse Service Administrators	ServiceAdmin	NAW Service Admin Role

Other Groups

The Other Groups category refers to groups created in Oracle Identity Cloud Service for purposes such as administrating Oracle Cloud Infrastructure and Oracle Identity Cloud Service.

These groups aren't necessarily Oracle NetSuite Analytics Warehouse-specific but you can use them in Oracle NetSuite Analytics Warehouse. Examples of this category are the "IDCS_Administrators" and "All_Tenant_Users" groups.

About Application Roles

Application roles in Oracle NetSuite Analytics Warehouse consist of duty roles.

Duty roles define the duties of a job as an entitlement to perform a particular action; for example, access to a Sales functional area-related subject areas.

Duty Roles

The predefined duty roles to secure the predefined subject areas and the predefined front-end objects are:

Duty Role Name	Duty Role Description	Functional Area	Gets access to Subject Area Display Name OR Associated Role
NetSuite Analytics Warehouse Sales Duty	Object security role to control presentation catalog access to Sales functional area.	Sales	All subject areas under the Sales functional area.
NetSuite Analytics Warehouse Purchases Duty	Object security role to control presentation catalog access to Purchases functional area.	Purchases	All subject areas under the Purchases functional area.
NetSuite Analytics Warehouse Inventory Duty	Object security role to control presentation catalog access to Inventory functional area.	Inventory	All subject areas under the Inventory functional area.
Data Warehouse Refresh and Usage Tracking Analysis Duty	Object security role to control presentation catalog access to Warehouse Refresh and Usage Tracking subject areas.	Not applicable	Warehouse Refresh and Usage Tracking subject areas.
NetSuite Analytics Warehouse Financials Duty	Object security role to control presentation catalog access to Financials functional area.	Financials	All subject areas under the Financials functional area.
NetSuite Analytics Warehouse Manufacturing Duty	Object security role to control presentation catalog access to Manufacturing functional area.	Manufacturing	All subject areas under the Manufacturing functional area.
NetSuite Analytics Warehouse Payroll Duty	Object security role to control presentation catalog access to Payroll functional area.	Payroll	All subject areas under the Payroll functional area.

Licensed Roles

The licensed application roles corresponding to the existing licensed groups made available in release Platform 23.R4 onwards are as follows.

The licensed application roles are by default associated with the applicable system roles described in System Roles.

Licensed Role	Associated System Role	Mapped to Licensed Group
NAW Service Admin Role	Service Administrator	NAW Service Admin
NAW Licensed Authors Role	Author	NAW Licensed Author
NAW Licensed Viewers Role	Consumer	NAW Licensed Viewer

System Roles

The system roles for Oracle NetSuite Analytics Warehouse available in Oracle Identity Cloud Service through provisioning of Oracle NetSuite Analytics Warehouse are:

Role Name	Role Description	Purpose	Permissions
Service Administrator	Oracle NetSuite Analytics Warehouse service administrator	Customer facing (Snapshots, Connections, System Settings) administrator access to Oracle NetSuite Analytics Warehouse.	Can't create snapshots or modify the data model file (RPD) Can access the Data Pipeline user interface Can access the Data Security user interface Has no access to the Job Monitoring console Can access the Console menu Can access the user and group administration pages Can access the Semantic Model Extensions user interface Has read-only access to the ready-to-use Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses) Requests from Oracle NetSuite Analytics Warehouse to Oracle Analytics Cloud are routed through the Service Administrator user Can create, update, and delete the Oracle Analytics Cloud content Has read-only access to the ready-to-use KPIs Can create, update, and delete KPIs Can create, update, and delete decks and cards Can share decks and cards Can create Oracle Analytics Publisher reports Has no access to data modeling Has access to create Oracle Analytics Cloud connections to other non-Oracle Applications sources, such as Excel files and Google drive Has access to create Oracle Analytics Cloud datasets
Author	Oracle NetSuite Analytics Warehouse author	Create and edit KPIs, cards, decks, visualization projects, reports, and dashboards.	Has no access to the Data Pipeline user interface Has no access to the Data Security user interface Has no access to the Job Monitoring console Has no access to the Console menu Has no access to user and role administration Has no access to the Semantic Model Extensions user interface Has read-only access to the ready-to-use Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses); if you need a change, then create a copy using "Save As" Has read-only access to the ready-to-use KPIs Can edit the custom Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses) Can edit the custom KPIs Can change the filter values for existing visualization projects Can add filters for existing visualization projects Can create and edit Oracle Analytics Cloud content, KPIs, decks, and cards Can delete custom KPIs, decks, and cards Can consume KPIs, cards, and decks created by other users on which they have access permissions Can share decks and cards Can create Oracle Analytics Publisher reports Has no access to data modeling Has no access to create Oracle Analytics Cloud connections Has access to create Oracle Analytics Cloud datasets
Consumer	Oracle NetSuite Analytics Warehouse consumer	Read access to Oracle Analytics Cloud content and can create cards and decks.	Has no access to the Data Pipeline user interface Has no access to the Data Security user interface Has no access to the Job Monitoring console Has no access to the Console menu Has no access to user and role administration Has no access to the Semantic Model Extensions user interface Has read-only access to the ready-to-use Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses) Has read-only access to the ready-to-use KPIs Has read-only access to the custom Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses) Has read-only access to the custom KPIs Can change the filter values for the existing visualization projects Can't add filters for the existing visualization projects Can't create any Oracle Analytics Cloud content Can't create any KPIs Can create, update, and delete decks and cards Can share decks and cards Has read-only access to Oracle Analytics Publisher Has no access to data modeling Has no access to create Oracle Analytics Cloud connections Has access to create Oracle Analytics Cloud datasets

About Data Access through Security Assignments

You grant the data security assignments at the user-level.

Data security assignments apply data filters to display only the data corresponding to the security assignment values assigned to the users. For example, John Smith and Marie Pierce are both Accounts Payable Manager in an organization, but John Smith needs to see only the US business unit-specific data and Marie needs to see only the UK business unit-specific data. Even though both have the same functional role, their data security assignments differ. John is assigned all the US business units and Marie is assigned all the UK business units only.

You ensure data-level security with a combination of data roles, security context, and security assignments assigned to the user. Oracle NetSuite Analytics Warehouse maps a security context 1:1 onto a data role. You grant the data security assignments within a security context. The user must have the data role through the group assigned to them in order to have access to the security context and its corresponding list of values to pick from. You assign a user one or more job-specific groups. The groups have data roles mapped to them, and when querying data, the semantic layer applies the data filters.

Manage Users

As a service or security administrator, you must ensure that you add users with applicable permissions to work with Oracle NetSuite Analytics Warehouse.

Topics:

• Create Users in Oracle Identity Cloud Service
• Create Users in Oracle NetSuite Analytics Warehouse
• License the Users to Access Oracle NetSuite Analytics Warehouse
• Update the User Details
• Remove a User’s Access to Oracle NetSuite Analytics Warehouse
• Copy Data Security Assignments
• Assign Groups to Users
• Remove Groups Assigned to a User

About Password Policy for Users Created in Oracle NetSuite Analytics Warehouse

The password policy for the users created in Oracle NetSuite Analytics Warehouse is as follows:

• The enforced password requirements are:
  • Passwords must not contain the user's first name, last name, or username.
  • Oracle NetSuite Analytics Warehouse remembers the 4 previous passwords.
  • Password length (minimum) must be 12.
  • Password length (maximum) must not cross 40.
• The complexity required in the password is:
  • Minimum 1 numeric character.
  • Minimum 1 lowercase character.
  • Minimum 1 uppercase character.
• The account is locked after 5 unsuccessful attempts for a duration of 30 minutes.
• The passwords don’t expire.
• Any user can reset passwords and a user can reset their own passwords.

Create Users in Oracle Identity Cloud Service

Create users in the Oracle Identity Cloud Service instance associated with your Oracle NetSuite Analytics Warehouse instance.

See Create User Accounts in Administering Oracle Identity Cloud Service.

Create Users in Oracle NetSuite Analytics Warehouse

Manually create users in the Oracle Identity Cloud Service instance using the Oracle NetSuite Analytics Warehouse user interface.

When you add a user using the Oracle NetSuite Analytics Warehouse user interface, the user is available in the Oracle Identity Cloud Service instance associated with your Oracle NetSuite Analytics Warehouse instance. You later assign the applicable licensed groups to the user that enable the user to perform certain tasks in Oracle NetSuite Analytics Warehouse.

See System Groups.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
3. On the Security page, click the Users tab, and then click Add User.
4. In Add User, click Create a New User.
5. In Add User, provide the user details and click Next.
6. Select the check box for each of the licensed groups that you want to assign to the user and click Finish.

License the Users to Access Oracle NetSuite Analytics Warehouse

You must assign at least one system group to users to enable them to perform relevant tasks in Oracle NetSuite Analytics Warehouse. System groups provide a set of privileges to perform tasks in Oracle NetSuite Analytics Warehouse.

See System Groups.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
3. On the Security page, click the Users tab, and then click Add User.
4. In Add User, search for a user and select the user or select a user from the displayed list of users.
5. Click Next.
6. Select the check box for each of the licensed groups that you want to assign to the user and click Finish.

Update the User Details

You can update the user details such as first name, last name, and email but the user name is non-editable after specifying it initially.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
3. On the Security page, select a user from the users listed under the Users tab or use the Search option and then click User Profile.
4. In User Details, update the applicable information and click Save.

Remove a User’s Access to Oracle NetSuite Analytics Warehouse

Remove a user's access to Oracle NetSuite Analytics Warehouse by removing their assignment to a system group.

A user assigned to a system group consumes an Oracle NetSuite Analytics Warehouse license. When a user no longer needs to consume the Oracle NetSuite Analytics Warehouse license according to their entitlement, you can revoke the user's assignment to the applicable system groups. The user won't be able to access Oracle NetSuite Analytics Warehouse as the user's access to Oracle NetSuite Analytics Warehouse depends on the system group assigned to them. When you remove all system groups from the user, then the user can no longer be authenticated to Oracle NetSuite Analytics Warehouse.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
3. On the Security page, select a user from the displayed users or use the Search option to search for and select a user.
4. Click Remove User.

Copy Data Security Assignments

As a service or security administrator, you can copy data security assignments from one user to another user.

Copying bulk assignments could take some time to process. Monitor the Activity tab on the Security page.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
3. On the Security page, select a user from the users listed under the Users tab or search and select a user.
4. Click Copy Assignments.
5. In Copy Security Assignments From Another User:
   1. Under Copy From, search for and select a user to copy access from.
   2. Under Copy Security Access, you see the context-specific security assignments that would be copied.
6. Click Copy.

Assign Groups to Users

You can assign one or more users to one or more groups.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
3. On the Security page, select a user from the displayed users or use the Search option to search for and select a user.
4. In the user details region, click Assign Groups.
5. In Assign Groups, search for a group or select from the list of groups displayed in this dialog.
6. Select the check box for one or more groups and click Assign.

Remove Groups Assigned to a User

Remove groups assigned to a user if the user no longer requires the authorization to access Oracle NetSuite Analytics Warehouse, specific permissions for tasks, and functional access.

After you remove a group from a user, the applicable user may need to logout for the change to take affect. There could be a gap of around 30 seconds for the refresh to happen.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
3. On the Security page, select a user from the displayed users or use the Search option to search for and select a user.
   You see the groups assigned to the user under the Groups tab in the user details region.
4. Under the Groups tab, select the check box for one or more groups and click Remove Group.

Manage Groups

You must ensure to map application roles to groups and add user memberships to groups. This enables users to access the applicable objects in Oracle NetSuite Analytics Warehouse and perform various tasks.

Topics:

• Create a Group
• Remove a Group
• Add Application Roles to a Group
• Copy Application Roles to a Group
• Remove Application Roles from a Group
• Assign Users to a Group
• Remove Users from a Group
• Copy User Mappings to a Group

Create a Group

As a security administrator, you can create custom groups to meet your business requirements.

You can create them manually in the Oracle Identity Cloud Service instance associated with your Oracle NetSuite Analytics Warehouse instance using the Security pages in Oracle NetSuite Analytics Warehouse.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
3. On the Security page, click the Groups tab, and then click New Group.
4. In Create a New Group , enter a group name and description.
5. Click Save.

Remove a Group

You can remove only the custom groups. When you remove a custom group, Oracle NetSuite Analytics Warehouse removes the associated mappings of the application roles.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
3. On the Security page, click the Groups tab.
4. In the Groups region, search for a group and select it or select a group from the displayed list of groups.
5. Click Remove Group.

Add Application Roles to a Group

As a security administrator, you can map the application roles available for Oracle NetSuite Analytics Warehouse with the predefined and custom groups. This enables the groups to inherit the security setup at each application role level.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
3. On the Security page, click the Groups tab.
4. In the Groups region, search for a group and select it or select a group from the displayed list of groups.
5. In the group details region, click the Application Roles tab, and then click Add Mapping.
6. In Add Application Role Mappings, search for an application role and select it or select from the displayed list of application roles.
7. Click Save.

Copy Application Roles to a Group

As a security administrator, you can copy the application roles available from an existing group to another group.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
3. On the Security page, click the Groups tab.
4. In the Groups list, select the group to which you want to apply the application roles
5. On the Groups tab, click Copy Role Mappings.
6. In Copy Role Mappings From Another Group, search for a group that you want to copy roles from.
7. Click the roles in the Copy Roles area to select or deselect them, and then click Copy.
8. Click Save.

Remove Application Roles from a Group

You can remove capabilities inherited by a group from the application roles mapped to it.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
3. On the Security page, under the Groups tab, select a group from the displayed list of groups or search for a group.
4. In the group details region, click the Application Roles tab.
5. Select one or more roles from the displayed list or search for application roles and select the applicable role.
6. Click Remove Mapping.
7. In Remove Role Mapping, click Remove Mapping.

Assign Users to a Group

When you assign users to a group, you create user memberships for the group. You can assign one or more users to one or more groups.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
3. On the Security page, click the Groups tab.
4. Search for a group or select from the list of groups displayed under the Groups tab.
5. Click Assign Users.
6. In Assign Users, search for a user or select from the list of users displayed in this dialog.
7. Select the check box for one or more users and click Assign.

Remove Users from a Group

You can remove one or more users from a group.

After you remove a user from a group, the applicable user may need to logout for the change to take affect. There could be a gap of around 30 seconds for the refresh to happen.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
3. On the Security page, click the Groups tab.
4. Search for a group or select from the list of groups displayed under the Groups tab.
   You see the users assigned to the group under the Users tab in the group details region.
5. Select the check box for one or more users and click Remove User.

Copy User Mappings to a Group

As a security administrator, you can copy the users mapped to an existing group to a custom group to quickly add users to the new custom group.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
3. On the Security page, click the Groups tab.
4. In the Groups list, search for a group or select the group to which you want to copy the users.
5. On the Groups tab, click Copy User Mappings.
6. In Copy User Mappings From Another Group, search for a group that you want to copy users from.
7. Under Copy Users, verify all the users who'll be copied to the custom group, and then click Copy.
8. Click Save.

Manage Application Roles

Application roles in Oracle NetSuite Analytics Warehouse consist of duty roles for objects security. You can map the ready-to use application roles to groups to define the permissions associated with the group. You can add or remove groups mapped to an application role.

Topics:

• Create an Application Role
• Assign Groups to Application Roles
• Remove a Group Mapped to an Application Role

Create an Application Role

You can create custom duty and data roles to secure subject areas, front-end objects, and row-level data respectively when the predefined application roles don't meet your business needs.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
3. On the Security page, click the Application Roles tab and then click New Application Role.
4. In Create a New Application Role, enter the application role name and specify the role type as data or duty.
5. Click Save.

Assign Groups to Application Roles

Use these instructions to map application roles to groups.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
3. On the Security page, click the Application Roles tab.
4. Search for an application role or select from the displayed list of application roles.
5. In the application role details region, click Assign Groups.
6. In Add Group Mappings, search for a group and select it or select from the displayed list of groups.
7. Click Save.

Remove a Group Mapped to an Application Role

Use these instructions to remove a group mapped to an application role.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
3. On the Security page, click the Application Roles tab.
4. Search for an application role or select from the displayed list of application roles.
5. In the application role details region, select the check box for a displayed group or search for a group and select it, and then click Remove Group.
6. In the Remove Group Mapping? dialog, click Remove Group.

Delete an Application Role

You can delete the custom application roles. Upon deletion of the custom application roles, Oracle NetSuite Analytics Warehouse deletes the mappings to the groups.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
3. On the Security page, click the Application Roles tab.
4. Search for an application role or select from the displayed list of application roles.
5. Click Delete Application Role.
6. In the Delete Application Role? dialog, click Delete Role.

Manage Data Access through Security Assignments

As a security administrator, you need to map data security assignments to users to enable data level access.

Use the Security Assignments tab on the Security page to search for the currently set up data security assignments. You may either search for all records or narrow your search to a specific security context, security value, or user. You can remove a security assignment that you had set up or add new security assignments to a user.

Topics:

• Create a Security Assignment
• Delete a Security Assignment
• Remove Users from a Security Assignment
• Manage Users for a Security Assignment
• Set Exclusion Rules for Security Assignments
• Download and Upload Data Security Exclusion Rules

Create a Security Assignment

Use these instructions to create a security assignment in a specific security context.

Security contexts are categories that contain values that you can secure a user for. For example, you can define which users have access to which "ledgers" or "departments". In this example, "ledgers" and "departments" are security contexts. Within "ledgers", you can have "ledger A", ledger B", or "ledger C" as values. You first select "ledger", then select a value such as "ledger A", and then select the users to secure for "ledger A". The selected users can access "ledger A".

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
   You see the Security page.
3. On the Security page, click the Security Assignments tab.
   You see all users who have been granted the security assignments in a specific security context.
4. Click New Assignment.
5. In New Security Assignment, under Select Security Assignments, select a security context, and then search for a security value or select from the displayed list.Move the selected security assignments to the column on the right.
6. Under Select Users, search for a user and select the user and move the user to the column on the right.
   Users are filtered based on the role associated with that context.
7. Click Add to Cart and then click View Cart.
8. In Security Assignments, click Apply Assignments.
   You can grant this security assignment to other users as required. Bulk assignments may take some time to process. See the Security Activity tab for details.

Delete a Security Assignment

Use these instructions to delete a security assignment. When you delete a security assignment, Oracle NetSuite Analytics Warehouse removes all users associated with the security assignment.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
   You see the Security page.
3. On the Security page, click the Security Assignments tab.
4. Select a security assignment from the displayed list of assignments or search for a security assignment and select it.
5. Click Delete Assignment.

Remove Users from a Security Assignment

You can revoke the security assignment granted to one or more users.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
   You see the Security page.
3. On the Security page, click the Security Assignments tab.
4. Select a security assignment from the displayed list of assignments or search for a security assignment and select it.
5. In the security assignment details region, select the users from the displayed list of users or search for and select the users.
6. Click Remove User.
7. In Revoke User Assignment, click Revoke Assignment.

Manage Users for a Security Assignment

As a security administrator, you can manage users for existing data security assignments. In the Manage Users dialog, you can revoke users for an existing assignment or add new users for that assignment.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
   You see the Security page.
3. On the Security page, click the Security Assignments tab.
4. Select a security assignment from the displayed list of assignments or search for a security assignment and select it.
5. In the security assignment details region, click Manage Users.
6. In Manage Users:
   1. Under Add User, search for a user and select the user.
   2. Under User, click the Delete icon to revoke the user from the assignment.
7. Click Save.

Set Exclusion Rules for Security Assignments

You can set up data security to exclude access for specific users within a security context for specific security assignments.

For example, you can grant access to all security assignments but the business unit ABC. This enables you to have a single rule for a single user within a security context. You can also remove the indirectly derived security assignments of the specific user. Ensure that the users for whom you want to exclude assignments are members of a group related to the security context. You can automate the application of the security exclusion rules by downloading the DataSecurityExclusionAssignments_csv.zip, making changes, and then uploading it; see Download and Upload Data Security Exclusion Rules.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
3. On the Security page, click Security Assignments, and then click Exclusion Rules.
4. On the Set Exclusion Rules for Security Assignments page, select the security context such as Ledgers in Security Context, select a user to exclude security assignments in Users, and then in Security Values, select the assignments that you want to exclude from the selected user within the selected security context.
   
   

   

   
   
5. Click Save.

Download and Upload Data Security Exclusion Rules

If you want to automate the application of the security exclusion rules, then download the file to make the changes and upload it.

Note:

Replace existing configuration settings deletes existing data security assignments.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Uploads under Application Administration.
3. On the Uploads page, click Download File and select Data Security Exclude Assignments, and then select the sample or current type of file that you want to download.
   
   

   

   
   
4. Unzip the DataSecurityExclusionAssignments_csv.zip file you downloaded and edit the csv file as required.
   When you're done updating the file, save your changes.
5. On the Uploads page, click Upload File and select Data Security Exclude Assignments in File Type.
   
   

   

   
   
6. Select whether you want to Merge to the existing settings or Replace existing configuration settings.
7. Select the file you want to upload and click Upload File.
   You can review the status of the upload on the Uploads tab.
8. Use Actions next to the file name to perform actions on a specific upload file:
   • Click Properties to check the upload statistics.
   • Click Download to download the file you just uploaded in the event you want to upload the file again.
   • Click Delete if a file fails to process and you want to remove the file history.

View Activity History

View all the security-related activities or filter them by object type and by date for security audit purposes.

The status icon next to each action shows whether it is in progress, in a warning state (if items in a bulk action failed), failed (and therefore incomplete), or completed successfully. You can also hover over error icons to read the full error message that might assist with troubleshooting.

1. Sign in to your service.
2. In Oracle NetSuite Analytics Warehouse Console, click Security under Service Administration.
   You see the Security page.
3. On the Security page, click the History tab.
   You see all the activities by object type and date, by default. You can organize the display by sorting columns, searching for descriptive text, selecting a specific object type, or selecting the number of days from the drop-down lists.