Analytics Client Security

The Oracle Analytics Server (OAS) client used for BI reporting and data analysis has additional client-side security measures, mainly for the Retail Insights (RI) application usage.

Authentication for OAS is automatically sourced from OCI IAM; however, the application also uses authorization roles, which are defined within the products themselves (such as Retail Insights). These application roles are linked to OCI IAM user groups, but do not share the same naming structure. For example, the OCI IAM group swef98w4f4nf009-SalesInsights_JOB appears simply as the “Sales Insights” group within OAS. The relationship between OCI IAM groups and OAS application roles is covered in more detail in the Identity Management for OCI IAM Startup Guide.

OAS also provides object-level security within the application UI. Example objects are reports, datasets, dashboards, and connections. Object-level security is managed from the OAS user interface by right-clicking an object and inspecting it for access and sharing permissions. More details can be found in the Oracle Analytics Server User Guides.

Retail Insights includes metadata security in OAS, which restricts the metrics and attributes a user has access to based on their OCI IAM group assignments. For example, the Sales folder of metrics is not available to all users; it requires one of a set list of OCI IAM groups to be assigned first. The mapping between application roles and metadata objects is provided in the Metrics and Attributes Catalog (MAC) document in My Oracle Support (Doc ID 2539848.1).