1. Securing Sales and Fusion Service
  2. Permissions for Catalog Objects

Permissions for Catalog Objects

The Business Intelligence Catalog stores business intelligence objects such as dashboards, dashboard pages, folders, and analyses. Users can view only the objects for which they're authorized.

Note that the owner of an object or folder can't automatically access the object or folder. To access an object or folder, the user must have the proper permission assigned in the object or folder's permission dialog.

What Are Permissions?

An object's owner or a user who has been given the proper privileges and permissions can assign permissions to catalog objects. Permissions are authorizations that you grant to a user or role to perform a specific action or group of actions on a catalog object. For example, if you work in the sales department and created a dashboard that contains quarterly sales projections, then you can give read access to this dashboard to all sales people, but give read, write, and delete access to sales directors and vice presidents.

Note: Permissions are a part of the Oracle BI EE security model, and how permissions are initially assigned is based on how users, roles, and groups were set up on your application, and which privileges the Oracle BI EE administrator granted those users, roles, and groups.

Permission Definitions

To control access to objects (such as a folder in the catalog or a section in a dashboard), you assign permissions to roles, catalog groups, and users. The permissions that you can assign vary depending on the type of object with which you are working.

The following table shows the main types of permissions encountered for sales users:

Permission

Definition

Full Control

Use this option to give authority to perform all tasks (modify and delete, for example) on the object.

Modify

Use this option to give authority to read, write, and delete the object.

Traverse

Use this option to give authority to access objects within the selected folder when the user does not have permission to the selected folder. Access to these objects is required when the objects in the folder, such as analyses, are embedded in a dashboard or Oracle WebCenter Portal application page that the user has permission to access.

For example, if you grant users the Traverse permission to the /Shared Folders/Test folder, then they can access objects, through the BI Presentation Catalog or embedded in dashboards or Oracle WebCenter Portal application pages, stored in the/Shared Folders/Test folder and stored in sub-folders, such as the /Shared Folders/Test/Guest folder. However, users cannot access (meaning view, expand, or browse) the folder and sub-folders from the Catalog.

Open

Use this option to give authority to access, but not modify, the object. If you are working with an Oracle BI Publisher object, this option enables you to traverse the folder that contains the object.

No Access

Use this option to deny access to the object. Explicitly denying access takes precedence over any other permission.

Custom

Use this option to display the Custom Permissions dialog, where you grant read, write, execute, and delete permissions.

For additional information about catalog object permissions, see Creating Analyses and Dashboards in Oracle Transactional Business Intelligence on Oracle Help Center at http://docs.oracle.com/.