Manage Model Administration Tool Privileges
Use Identity Manager in the Model Administration Tool to configure security in the semantic model.
Use Model Administration Tool
You use Model Administration Tool to configure permissions for users and application roles against objects in the semantic model.
If you log in to Model Administration Tool in online mode, then you can view all users from the WebLogic Server.
If you log in to Model Administration Tool in offline mode, you can only view references to users that have previously been assigned permissions directly in the semantic model. The best practice is to assign semantic model permissions to application roles rather than directly to users.
- Log in to Model Administration Tool and open a semantic model in Online Mode.
- Optional: Select Manage, then Identity.
- In the Identity Manager dialog, double-click an application role.
- In the Application Role <Name> dialog, click Permissions.
- In the Object Permissions tab view or configure the Read and Write permissions for that application role, in relation to objects and folders in the Presentation Catalog.
- In the Presentation pane, expand a folder, then right-click an object to display the Presentation Table <Table name> dialog.
- Click Permissions to display the Permissions <Table name> dialog.
Set Semantic Model Privileges for an Application Role
The semantic model for your instance includes a security policy that defines permissions for accessing different parts of the model, such as columns and subject areas.
The author of your data model uses the Model Administration Tool to maintain this security policy including assigning data model permissions to application roles.
When you import an application archive (BAR) file, Oracle Analytics Server uses the security policy for the data model in the archive file.
Best practice is to modify permissions for application roles, not modify permissions for individual users.
To view the permissions for an object in the Presentation pane, right-click the object and choose Permission Report to display a list of users and application roles and the permissions for the selected object.
Manage Application Roles in the Semantic Model - Advanced Security Configuration Topic
Application role definitions are maintained in the policy store. The Administrator uses the Oracle Analytics Server Console to make any needed changes.
The semantic model maintains a copy of the policy store data to facilitate semantic model development. The Model Administration Tool displays application role data from the semantic model's copy; you aren't viewing the policy store data in real time. Policy store changes made while you are working with an offline semantic model aren't available in the Model Administration Tool until the policy store next synchronizes with the semantic model. The policy store synchronizes data with the semantic model copy whenever the BI Server restarts. If a mismatch in data is found, an error message is displayed.
While working with a semantic model in offline mode, you might discover that the available application roles do not satisfy the membership or permission grants needed at the time. A placeholder for an application role definition can be created in the Model Administration Tool to facilitate offline model development. But this is just a placeholder visible in the Model Administration Tool and isn't an actual application role. You can't create an actual application role in the Model Administration Tool.
An application role must be defined in the policy store for each application role placeholder created using the Model Administration Tool before bringing the semantic model back online. If a semantic model with role placeholders created while in offline mode is brought online before valid application roles are created in the policy store, then the application role placeholder disappears from the Model Administration Tool interface. Always create a corresponding application role in the policy store before bringing the semantic model back online when using role placeholders in offline semantic model development.
Manage Session Variables
System session variables are session variables that Oracle BI Server and Oracle Analytics Server Presentation Services use for specific purposes.
System session variables have reserved names that can't be used for other kinds of variables such as static or dynamic semantic model variables and non-system session variables. Every active BI Server session generates session variables and initializes them. Each session variable instance can be initialized to a different value.
Manage Server Sessions
The Model Administration Tool Session Manager is used in online mode to monitor activity.
The Session Manager shows all users logged in to the session, all current query requests for each user, and variables and their values for a selected session. Additionally, an administrative user can disconnect any users and terminate any query requests with the Session Manager.
How often the Session Manager data is refreshed depends on the amount of activity on the system. To refresh the display at any time, click Refresh.
You can also use the Oracle Analytics Server Console to check which users are logged in to the session. See Monitor Users Who Are Signed In.
Use the Session Manager
The Session Manager contains an upper pane and a lower pane:
-
The top pane, the Session pane, shows users currently logged in to the BI Server. To control the update speed, from the Update Speed list, select Normal, High, or Low. Select Pause to keep the display from being refreshed.
-
The bottom pane contains two tabs:
-
The Request tab shows active query requests for the user selected in the Session pane.
-
The Variables tab shows variables and their values for a selected session. You can click the column headers to sort the data.
-
The tables describe the columns in the Session Manager dialog.
Column Name | Description |
---|---|
Client Type |
The type of client connected to the server. |
Last Active Time |
The time stamp of the last activity on the session. |
Logon Time |
The time stamp that shows when the session initially connected to the BI Server. |
Repository |
The logical name of the semantic model to which the session is connected. |
Session ID |
The unique internal identifier that the BI Server assigns each session when the session is initiated. |
User |
The name of the user connected. |
Column Name | Description |
---|---|
Last Active Time |
The time stamp of the last activity on the query. |
Request ID |
The unique internal identifier that the BI Server assigns each query when the query is initiated. |
Session ID |
The unique internal identifier that the BI Server assigns each session when the session is initiated. |
Start Time |
The time of the individual query request. |
-
In the Model Administration Tool, open a semantic model in online mode and select Manage then Sessions.
-
Select a session and click the Variables tab.
-
To refresh the view, click Refresh.
-
To close Session Manager, click Close.
Follow these steps to disconnect a user from a session.
-
In the Model Administration Tool, open a semantic model in online mode and select Manage then Sessions.
-
Select the user in the Session Manager top pane.
-
Click Disconnect.
The user session receives a message that indicates that the session was terminated by an administrative user. Any currently running queries are immediately terminated, and any outstanding queries to underlying databases are canceled.
-
To close the Session Manager, click Close.
Follow these steps to terminate an active query.