Grant or Revoke Permission Assignments
Use the grantPermissionSetsToBIRole
and revokePermissionSetsFromBIRole
scripts to fine-tune permission assignments.
After you upgrade from Oracle BI EE to Oracle Analytics Server, Oracle Analytics Server automatically assigns any new permissions or permission sets to your application roles to make the new features available to users. Therefore it's important that you review how Oracle Analytics Server assigned these permissions. Use the scripts to make any necessary adjustments.
Certain features work only when permission sets are granted together. If you revoke an individual permission set, you might experience unforeseen side effects.
Note:
Oracle Analytics Server includes standard permissions that are assigned to predefined application roles. For example, the Create and Edit Datasets permission is automatically assigned to the DV Content Author role. These standard permissions are included in the permission sets listed below, and in some cases the standard permission are included when you grant a permissions set. If you want to grant or revoke standard permissions to user-defined application roles, use the Console. See Copy Permissions to an Existing User-Defined Application Role.To grant or revoke permissions for an application role, run the appropriate script:
grantPermissionSetsToBIRole.sh | .cmd
revokePermissionSetsFromBIRole.sh | .cmd
Path: [DOMAIN_HOME]/bitools/bin
Usage:
./grantPermissionSetsToBIRole.sh [-d domainHome] [-s sikey] -r
BIRoleName -p PermissionSets
./revokePermissionSetsFromBIRole.sh [-d domainHome] [-s sikey] -r
BIRoleName -p PermissionSets
-d
: Specify the domain home (including the final
domainName
directory). By default, the DOMAIN_HOME
value is set. If the value isn't set, enter the actual domain home path.
-s
: Specify the key for the service instance. The default
is ssi
.
-r
: Specify the application role name.
-p
: Specify the comma-separated list of permission sets.
./grantPermissionSetsToBIRole.sh -r myAdministrator -p va.author,customScripts.admin
Table 2-1 Permission Sets Available in Oracle Analytics Server
Permission Set Name | Permissions |
---|---|
actio.admin |
Administrator permissions to view and modify all jobs within the server instance, irrespective of the job owner. This permission is required to schedule or view the schedules for various objects (for example, data flows). |
actio.author |
Permissions to view or modify jobs owned by the user. |
actio.operator |
Permissions to restart jobs. Doesn't include permissions to create jobs. |
actio.viewer |
View job scheduling permissions. (Not for Classic or Publisher) |
bilifecycle.admin |
Corresponding functionality not supported in Oracle Analytics Server. |
bip.administrator |
Publisher administration permissions. |
bip.author |
Publisher author permissions. |
bip.consumer |
Publisher consumer permissions. |
bisecurity.admin |
BI security administration permissions. (Internal API) |
bisecurity.author |
BI security author permissions. (Internal API) |
bisecurity.GBUAdmin |
Corresponding functionality not supported in Oracle Analytics Server. |
bisecurity.impersonate |
BI security impersonate permissions. |
bisecurity.lifecycle.admin |
Corresponding functionality not supported in Oracle Analytics Server. |
customScripts.admin |
Advanced analytics custom scripts administration permissions. |
dataReplication.access |
Data replication access permissions. |
infer.administrator |
Required social and storage providers configuration permissions. |
majel.administrator |
Mobile administration permissions. |
obips.administrator |
BI Presentation Server administration permissions. |
obis.administrator |
BI Server administration permissions. |
obis.author |
BI Server author permissions allows a user to send queries to the BI Server (for example, through BIJDBC). |
obisch.administrator |
BI Scheduler administration permissions. (For Classic) |
obisch.author |
BI Scheduler author permissions. |
oracle.bi.dss.CustomKnowledge.admin |
Data preparation custom knowledge administrator permissions. |
oracle.bi.dss.CustomKnowledge.consumer |
Data preparation custom knowledge consumer permissions. |
oracle.bi.dss.SystemKnowledge.admin |
Data preparation custom knowledge administration permissions. |
oracle.bi.tech.dv.consumer |
Data Visualization basic login permissions. |
pod.admin |
System settings administration permissions. |
rdc.admin |
Remote data connections for interoperability with Oracle Analytics Cloud. Corresponding functionality not supported in Oracle Analytics Server. |
rdc.consumer |
Remote data connections for interoperability with Oracle Analytics Cloud. Corresponding functionality not supported in Oracle Analytics Server. |
rdc.monitor |
Remote data connections for interoperability with Oracle Analytics Cloud. Corresponding functionality not supported in Oracle Analytics Server. |
sac.advanced.approle.administrator |
Application role user interface management permissions advanced features. |
sac.approle.administrator |
Oracle Analytics Console administration permissions to manage Users and Roles, Connections, and Virus Scanner configuration pages. |
sac.smtpserver.administrator |
Oracle Analytics Console administration permissions to manage the SMTP server. Corresponding functionality not supported in Oracle Analytics Server. |
sac.snapshot.administrator |
Snapshot administration permissions. |
semanticmodeler.author |
Permissions to manage and deploy semantic models.
Note that assigning this permission set allows users to bypass the Oracle BI Server security filters. |
va.admin |
Data Visualization administration permissions. |
va.author |
Data Visualization author permissions. |
va.interactor |
Data Visualization basic interaction permissions. |