About Data Access Security

After developing your semantic model, you need to set up a data security architecture to control source data access.

Set up data access security to meet data security requirements such as:

• Protect business data from unauthorized access.

• Protect your semantic model's metadata such as measure definitions.

• Prevent individual users from damaging overall system performance.

You can set up three types of data security: row-level security, object permissions, and query limits (governors).

In the semantic model, you set up object permissions and query limits, which are then enforced by the Oracle Analytics query engine. You can add row-level data security, which is also enforced by the Oracle Analytics query engine, to both the semantic model and the database.

It's best practice to implement row-level security in the database and object permissions and query limits in the semantic model. Although it's possible to provide database-level object restrictions on individual tables or columns, objects that users don't have access to are still visible in all clients even though queries against them fail. It's better to set up object permissions in the semantic model so that objects that users don't have access to are hidden in all clients.

To control user access to workbooks, dashboards, or analyses, set up access and read and write permissions at the workbook, dashboard, or analyses object level.

If you implement security only in workbooks, dashboards, or analyses, then the deployed semantic model and database are exposed to SQL injection hacker attacks and other security vulnerabilities. Implementing object-level security and data and row-level security in the semantic model prevents these attacks and vulnerabilities. This security applies to all incoming clients.