1. Managing Security for Oracle Analytics Server
  2. Set Up Security With Users, Groups, and Application Roles
  3. Manage Presentation Services Privileges

Manage Presentation Services Privileges

The catalog for your instance includes a security policy for Presentation Services privileges. These privileges determine access permission to Presentation Services functionality and catalog objects.

When you import an application archive (BAR) file, Oracle Analytics Server uses the security policy for the Presentation Services functionality and catalog.

You use application roles to manage privileges. When groups are assigned to application roles, the group members are automatically granted associated privileges in Presentation Services. This is in addition to the Oracle Analytics Server permissions.

Tip:

A list of application roles that a user is a member of is available from the Roles and Groups tab in the My Account dialog.

About Presentation Services Privileges

Presentation Services privileges are managed in the Administration Manage Privileges page, and they grant or deny access to features, such as the creation of analyses and dashboards.

Being a member of an application role that has been assigned Presentation Services privileges will grant those privileges to the user. The Presentation Services privileges assigned to application roles can be modified by adding or removing privilege grants using the Manage Privileges page in Presentation Services Administration.

Presentation Services privileges can be granted to users both explicitly and by inheritance. However, explicitly denying a Presentation Services privilege takes precedence over user access rights either granted or inherited as a result of group or application role hierarchy.

Topics:

Use Presentation Services Administration Page

You use the Administration page to configure user privileges.

As a best practice, you should assign Presentation Services permissions to application roles rather than directly to users.

  1. Log in to Oracle Analytics Server with Administrator privileges.
  2. Select the Administration link to display the Administration page.
  3. Select the Manage Privileges link.
  4. Select a link for a particular privilege to display the Privilege <Privilege name> dialog.
  5. Click the Add users/roles icon (+) to display the Add Application Roles and Users dialog.

    Use the Add Application Roles and Users dialog to assign application roles to this privilege.

Set Presentation Services Privileges for Application Roles

If you create an application role, you must set appropriate privileges to enable users with the application role to perform various functional tasks.

For example, you might want users with an application role named BISalesAdministrator to be able to create Actions. In this case, you would grant them a privilege named Create Invoke Action.

If you create a new application role to grant Oracle Analytics Server permissions, then you must set Presentation Services privileges for the new role.

Explicitly denying a Presentation Services permission takes precedence over user access rights either granted or inherited as a result of group or application role hierarchy.

Existing Catalog groups are migrated during the upgrade process. Moving an existing Oracle Analytics Server Presentation Catalog security configuration to the role-based Oracle Fusion Middleware security model based requires that each Catalog group be replaced with a corresponding application role. To duplicate an existing Presentation Services configuration, replace each Catalog group with a corresponding application role that grants the same Presentation Catalog privileges. You can then delete the original Catalog group from Presentation Services.

  1. Log in to Oracle Analytics Server Presentation Services as a user with Administrator privileges.
  2. From the Home page in Presentation Services, select Administration.
  3. In the Security area, click Manage Privileges.
  4. Click an application role next to the privilege that you want to administer.

    For example, to administer the privilege named Access to Scorecard for the application role named BIConsumer, you would click the BIConsumer link next to Access to Scorecard.

    Use the Privilege <privilege_name> dialog to add application roles to the list of permissions, and grant and revoke permissions from application roles. For example, to grant the selected privilege to an application role, you must add the application role to the Permissions list.

  5. Add an application role to the Permissions list, as follows:
    1. Click Add Users/Roles.
    2. Select Application Roles from the list and click Search.
    3. Select the application role from the results list.
    4. Use the shuttle controls to move the application role to the Selected Members list.
    5. Click OK.
  6. Set the permission for the application role by selecting Granted or Denied in the Permission list.
  7. Save your changes.