Essbase-related actions (permissions) represent operations that a user can perform on Essbase.
Actions granted to oracle.essbase.server or oracle.essbase.application resource types are hierarchical, such that any action listed includes the set of permissions listed beneath it.
For example, granting oracle.essbase.application, /EssbaseCluster-1, read enables the grantee to read multidimensional databases and to restart the applications in EssbaseCluster-1.
Actions on other Essbase-related resource types are not hierarchical and need to be individually granted.
The series of tables below give details on the actions available with each Essbase-related resource type.
The following table lists the supported oracle.essbase.server actions:
| Action | Description |
|---|---|
|
administer |
Full access to administer the server, applications, and databases. |
|
Create |
Ability to create and delete applications and databases within applications. Includes Application Manager and Database Manager permissions for the applications and databases created by this user. |
|
Access |
Ability to log in to Essbase. This is deprecated and the existence of any server or application permission now suffices. |
Note:
A user that creates an application has permission to manage that application within the same session. The same user requires an explicit grant to manage the application in subsequent sessions.
The following table lists supported oracle.essbase.application actions.
| Action | Description |
|---|---|
|
manage_application |
Ability to create, delete, and modify databases and application settings within the particular application. Includes Database Manager permissions for databases within the application. |
|
manage_database |
Ability to manage databases (for example, to change the database properties or cache settings), database artifacts, locks, and sessions within the assigned application. |
|
use_calculation |
Ability to execute calculations, update, and read data values based on the assigned scope, using any assigned calculations and filter. |
|
write |
Ability to update and read data values based on the assigned scope, using any assigned filter. |
|
read |
Ability to read data values. |
|
use_filter |
Ability to access specific data and metadata according to the restrictions of a filter. |
|
restart |
Ability to start and stop an application or database. |
The following table lists supported oracle.essbase.filter actions.
| Action | Description |
|---|---|
|
Apply |
Apply the filter identified by the resource name. |
The following table lists supported oracle.essbase.calculation actions.
| Action | Description |
|---|---|
|
all |
Enables the user to execute any calculation that is contained in the scope referenced by the resource name. |
|
execute |
Enables the user to execute the calculation script that is identified by the resource name. |
The following table lists permissions granted to Oracle Business Intelligence application roles.
| Role Name | Resource Permission | Role Members |
|---|---|---|
|
BIAdministrator |
oracle.essbase.server, /, administrator |
BIAdministrators group |
|
BIAuthor |
not applicable |
BIAuthors group BIAdministrator application role |
|
BIConsumer |
oracle.essbase.server,/,access,use_filter |
BIConsumers group BIAuthor application role |
|
AuthenticatedUser |
not applicable |
BIConsumer |
This application role hierarchy and permission grants are defaults only and the administrator user can change them in Oracle Fusion Middleware Control.
AuthenticatedUser is a member of BIConsumer by default. This means that any successfully authenticated user has BIConsumer role permissions.