You enable users to perform specific actions in Essbase and associated tools (for example, read and write, use calculations, use filters, use specific filters) by granting resource permission definitions to application roles.
Appropriate resource permissions must be defined first (see Configuring Data-Level Security Using Essbase Filters and Configuring Access to Essbase Calculations). Resource permissions contain definitions of Essbase actions that a user can perform in an Essbase application. Essbase actions are derived from Essbase resource types, which are linked to resource permissions.
Resources are hierarchical; therefore global, cluster, and application level resources are listed.
Note:
The Essbase actions described here are not the same as actions in Oracle Business Intelligence.
The installation process grants default Essbase resource permissions to existing application roles in Oracle Business Intelligence.
For more details about the default Essbase resource permissions configured by default when you install Essbase with Oracle Business Intelligence, see Resource Permissions Reference for Essbase and Associated Tools.
Note:
The BIConsumer application role is granted to all users, and has oracle.essbase.server /EssbaseCluster-1 access and oracle.essbase.application /EssbaseCluster-1 user_filter. This gives all users access to Essbase by default.
Note:
Resource permissions are stored by default in a file-based shared policy store, but you can reassociate them to an OID LDAP shared policy store. SeeUsing Alternative Authentication Providers in Security Guide for Oracle Business Intelligence Enterprise Edition.
Note:
Parent roles inherit permission grants through child group or role members. Permission grants are cumulative; for example, a user who has a grant of oracle.essbase (filter) through an application role but not granted through another role, is still considered to have the oracle.essbase (filter) role.
Use the following steps to grant resource permissions to users and application roles.