Overview of Security for Oracle Fusion Cloud SCM Reports
Security for viewing, creating, and editing Oracle Business Intelligence Publisher reports for SCM includes the following concepts:
-
Access to the folders where the reports are stored
-
Access to the data that you want the report to return
-
Access to business intelligence functionality
-
Secured list views
-
Personally identifiable information (PII)
This topic provides an overview of how Business Intelligence Publisher reports are secured so that you understand what security roles or access you must request from your security administrator to create and edit reports.
Access to Reports in the BI Catalog
You can access the delivered reports in the Business Intelligence Catalog (BI Catalog). The folders in the BI Catalog are functionally secured using the same duty roles that secure access to the subject areas. Therefore, a user who inherits the Cost Transaction Analysis Duty can access both the Cost Management folder in the Business Intelligence Catalog and the Cost Management subject areas. Reports are secured based on the folders in which they're stored. You can set permissions against folders and reports for Application Roles, Catalog Groups, or Users.
Functional Area Folder |
Default Job Role |
OTBI Transactional Analysis Duty Role |
---|---|---|
Cost Management |
Cost Accountant |
Cost Transactional Analysis Duty |
Innovation Management |
Product Management VP |
Product Management VP Real Time Transaction Analysis Duty Role |
Order Orchestration and Order Management |
Order Administrator |
Order Transaction Analysis Duty |
Order Orchestration and Order Management |
Order Manager |
Order Transaction Analysis Duty |
Product Management |
Product Data Steward |
Product Catalog Transaction Analysis Duty |
Product Management |
Product Manage |
Product Catalog Transaction Analysis Duty |
Warehouse Operations |
Inventory Manager |
Inventory Transaction Analysis Duty |
Warehouse Operations |
Shipping Manager |
Order Pick Transaction Analysis Duty |
Warehouse Operations |
Warehouse Manager |
|
Reporting Data
The data that's returned in reports is secured in a similar way to the data that's returned in Oracle Fusion Cloud SCM pages. Data access is granted by roles that are linked to security profiles. Each of the Transaction Analysis Duty roles that grants access to subject areas and Business Intelligence Catalog (BI Catalog) folders inherits one or more Reporting Data Duty roles. These duty roles grant access to the data. The Reporting Data Duty roles belong to the SCM application.
Business Intelligence Roles
Business Intelligence roles apply to both Oracle Business Intelligence Publisher (Oracle BI Publisher) and Oracle Transactional Business Intelligence. They grant access to Business Intelligence functionality, such as the ability to run or author reports. Users need one or more of these roles in addition to the roles that grant access to reports, subject areas, Business Intelligence catalog folders, and Oracle Fusion Cloud SCM data.
Secured List Views
When you access data using a BI Publisher data model that uses an SQL Query as the data source, you have two options:
-
Select data directly from a database table, in which case the data you return isn't subject to data-security restrictions. Because you can create data models on unsecured data using BI Publisher, you're recommended to minimize the number of users who can create data models.
-
Join to a secured list view in your select statements. The data returned is determined by the security profiles that are assigned to the roles of the user who's running the report.
PII Data
Personally identifiable information (PII) tables are secured at the database level using virtual private database (VPD) policies. Only authorized users can report on data in PII tables. This restriction also applies to Business Intelligence Publisher (BI Publisher) reports. The data in PII tables is protected using data security privileges that are granted by means of duty roles in the usual way.