You grant filter resource permissions differently when Essbase is installed with Oracle Business Intelligence compared to when Essbase is installed as part of an EPM System.
Bear these guidelines while granting filter resource permissions:
When Essbase is installed with Oracle Business Intelligence.
You grant filter resource permission definitions to an application role, or assign the admin permission to the application role.
When Essbase is installed as part of an EPM System.
You grant filter resource permissions to a group, or assign the admin permission to the group.
Essbase installed with Oracle Business Intelligence grants a user the union of all permissions that are granted directly or through groups and application roles. Unlike an EPM system, with Oracle Business Intelligence there is no restriction that, for example, the oracle.essbase.application filter action must be granted using the same group as the filters. In Oracle Business Intelligence, you can have conflicting roles. See the following table to understand the consequences of these grants.
| Application Role (Group) | Application Grant | Filter Grant |
|---|---|---|
| A | oracle.essbase.application, /EssbaseCluster-1/Demo, use_filter | oracle.essbase.filter, /EssbaseCluster-1/Demo/Basic/read_filter, apply |
| B | oracle.essbase.application, /EssbaseCluster-1/Demo, use_filter | oracle.essbase.filter, /EssbaseCluster-1/Demo/Basic/readFeb_filter, apply |
In this table, user JDoe is a member of groups A and B, and so when querying Basic, JDoe has access to rows defined by read_filter and readFeb_filter. If group A has the application grant removed in an EPM System installation, then users of group A no longer have access to any filters. However, when Essbase is installed with Oracle Business Intelligence, user JDoe continues to have access to rows from both filters because JDoe also inherits the permissions from membership of group B.