Manage Access to Business Intelligence

Oracle Partner Relationship Management provides many locations where your sales users can access business intelligence. In most cases, you must first enable these analytics before your users can leverage these tools.

This topic is meant for the administrator who manages security for all users, including users with the Channel Operations Manager role. As the administrator, you must grant the right permissions so that your users can access the analytics made available to them, or so that they can add their own.

Manage Page Composer Access for the Channel Operations Manager

The Channel Operations Manager is typically the role who enables analytics for all Partner Relationship Management roles. Assign the right level of access so that the user assigned with this Channel Operations Manager role can modify analytics for others using Page Composer.

In OIM, assign the Channel Operations Manager role to your users who modifies analytics.

You must also assign the required external job roles for whom the channel operations manager is modifying analytics. Assign the required external job roles so that these users can enable analytics for those roles.

For example, if a certain user typically modifies BI content for partners, then you must assign all partner external job roles to that user. Once assigned, that user can access the Edit Pages option on a page enabled for Page Composer, select a partner external job role, and change BI content for that page and role.

Tip:
After the modification of analytics is completed, you can remove the partner external job roles from the channel operations manager. Or, you can keep this user with all roles for the purposes of future modification needs, and create a separate user with only the Channel Operations Manager role who can execute true channel operations manager activities.
Grant Page Composer access to the Channel Operations Manager role.

Enable the Add Content button so that users with the Channel Operations Manager role can use Page Composer to embed analytics on a page.

To make the Add Content button visible, navigate to APM or the Security Console and assign the functional security policy (privilege) to the Channel Operations Manager.

The user with the Channel Operations Manager role can now see the Add Content button when entering into Page Composer mode on any Analytics side tab, or on the Sales Infolets page.

Grant Access to the Sales Infolets Page

The Sales Infolets page isn't automatically visible to most of your users. Instead, you must grant access to the specific roles who will use the Sales Infolets page.

To make the Sales Infolets page visible, navigate to APM or the Security Console and assign the functional security policy to the roles who need access to this page.

For Channel Account Managers, this Sales Infolets page is already visible and automatically displays with prepackaged infolets.

Manage Access for Customer-Defined Partner Roles

If you created your own partner roles or need to create them, then review these steps to ensure that your unique partner roles have the correct privileges to view BI content.

Partner Relationship Management provides the below roles for partners.

The following table shows the partner external job roles that are delivered, including the Partner Administrator, Partner Sales Manager, and Partner Sales Representative job roles and application roles. Both the Partner Organization Transaction Analysis BI duty role and the BI Consumer BI application role are assigned to each of these partner roles.

Job Role (External)	Application Role	BI Duty Role	BI Application Role
Partner Administrator	Partner Administrator	Partner Organization Transaction Analysis Duty	BI Consumer
Partner Sales Manager	Partner Sales Manager	Partner Organization Transaction Analysis Duty	BI Consumer
Partner Sales Representative	Partner Sales Representative	Partner Organization Transaction Analysis Duty	BI Consumer

If you need to create your own partner roles, then you should follow these steps:

Create an external job role in Oracle Identity Management and assign it to users.
Create a CRM application role in the Security Console.
1. In the Security Console, map this application role to the external job role.
2. In the Security Console, map this application role to the required duty role.
  
  The duty role selection depends on what you need this unique role for.
Create an OBI application role In the Security Console.
1. In the Security Console, map this application role to the external job role.
2. In the Security Console, map this application role to a BI Duty Role.
  
  For example, to create a customer-defined partner external job role, map this application role to the Partner Organization Transaction Analysis Duty role.
3. In the Security Console, map this application role to one of these roles:
  - Transactional Business Intelligence Worker
  - Business Intelligence Applications Worker

If you already have a customer-defined CRM application role created In the Security Console, perform the below steps so that the OBI application role is mapped to the same external job role that the existing CRM application role is mapped to.

Create an OBI application role In the Security Console.
1. In the Security Console, map this application role to the external job role.
2. In the Security Console, map this application role to a BI duty role.
  
  For example, to create a customer-defined partner external job role, map this application role to the Partner Organization Transaction Analysis Duty role.
3. In the Security Console, map this application role to one of these roles:
  - Transactional Business Intelligence Worker
  - Business Intelligence Applications Worker

You can now use this new OBI application role to secure BI content in OTBI. Securing BI content means:

Only partners can see BI content meant for partners.
Partners can see only partner content related to their respective partner organizations, and nothing else.

That process is described in "Enabling Partner Access to BI Content: Explained."