Set Presentation Services Privileges for Application Roles

If you create an application role, you must set appropriate privileges to enable users with the application role to perform various functional tasks.

For example, you might want users with an application role named BISalesAdministrator to be able to create Actions. In this case, you would grant them a privilege named Create Invoke Action.

If you create a new application role to grant Oracle Analytics Server permissions, then you must set Presentation Services privileges for the new role.

Explicitly denying a Presentation Services permission takes precedence over user access rights either granted or inherited as a result of group or application role hierarchy.

Existing Catalog groups are migrated during the upgrade process. Moving an existing Oracle Analytics Server Presentation Catalog security configuration to the role-based Oracle Fusion Middleware security model based requires that each Catalog group be replaced with a corresponding application role. To duplicate an existing Presentation Services configuration, replace each Catalog group with a corresponding application role that grants the same Presentation Catalog privileges. You can then delete the original Catalog group from Presentation Services.

  1. Log in to Oracle Analytics Server Presentation Services as a user with Administrator privileges.
  2. From the Home page in Presentation Services, select Administration.
  3. In the Security area, click Manage Privileges.
  4. Click an application role next to the privilege that you want to administer.

    For example, to administer the privilege named Access to Scorecard for the application role named BIConsumer, you would click the BIConsumer link next to Access to Scorecard.

    Use the Privilege <privilege_name> dialog to add application roles to the list of permissions, and grant and revoke permissions from application roles. For example, to grant the selected privilege to an application role, you must add the application role to the Permissions list.

  5. Add an application role to the Permissions list, as follows:
    1. Click Add Users/Roles.
    2. Select Application Roles from the list and click Search.
    3. Select the application role from the results list.
    4. Use the shuttle controls to move the application role to the Selected Members list.
    5. Click OK.
  6. Set the permission for the application role by selecting Granted or Denied in the Permission list.
  7. Save your changes.