1. Application Developer's Guide
  2. Defining Business Areas for Visualizations
  3. Defining Generic Visualization Business Areas
  4. Assigning Security Privileges to Business Area Data

Assigning Security Privileges to Business Area Data

Unlike other Business Areas, which are installed in their Work Area's schema, Oracle LSH installs each Generic Visualization Business Area instance in its own schema outside the Work Area schema. There are simplified security requirements for data in this schema.

Users can log in to the integrated visualization tool using an Oracle LSH database account. The system checks if there is an Oracle LSH user account linked to the database account. If there is a linked user account, the system uses it to determine the user's privileges. If there is no linked user account, the system uses the database account itself to determine the user's privileges.

The database account can have one or two privileges assigned:

  • Read Data. This privilege allows the user to view data that was never blinded and dummy data in Table instances that are currently blinded. All database accounts that should have access to the Business Area instance data should have this privilege.

  • Read Unblind. This privilege allows the user to view data that has been permanently unblinded.

If a user should be able to view currently blinded data, he or she must have an Oracle LSH user account with all the required Blind Break privileges and a linked database account. An administrator must set up the user account and appropriate privileges.

If you have the Manage GVA BA Database Access operation on Business Area instances and belong to a user group assigned to a Business Area instance, you can grant or revoke Read Data and Read Unblind privileges database accounts for the Business Area instance. Oracle LSH audits all changes to these permissions.

To grant privileges to database accounts on Business Area instance data:

  1. In the Business Area instance Properties page, select Manage DB Privileges from the Actions drop-down list. Select Go.

    You see the the privileges Read Access and Read Unblind Access. You can expand either privilege to view the database accounts currently assigned to that privilege.

  2. To change assignments, select the plus (+) icon in the Manage column for either Read Access or Read Unblind Access. A screen opens displaying available accounts for assignment and those already selected for the privilege.
  3. Use the arrow icons to grant or revoke the selected privilege to one or more accounts:

    • To grant an account the privilege you selected, double-click or use the arrow icons to move the account from Available Users to Selected Users.

    • To revoke the privilege, double-click or use the arrow icons to move an account from Selected Users to Available Users.

  4. Click Apply.

Parent topic: Defining Generic Visualization Business Areas