14 Managing Objects in the Oracle BI Presentation Catalog

This chapter provides information about using the Oracle BI Presentation Catalog in Oracle Business Intelligence Enterprise Edition to store and manage business intelligence objects. It describes how to search for objects, work with favorites, assign permissions to objects, assign or take ownership of objects, and archive objects.

Topics

This chapter includes the following sections:

• What is the Oracle BI Presentation Catalog?

• Who Uses the Catalog?

• Saving Business Intelligence Objects

• How Can I Search for Objects?

• Searching for Objects in the Catalog

• Object-Specific Tasks

• What Are Favorites?

• Adding Objects to Favorites

• Accessing Favorite Objects

• Organizing Favorites

• Removing Objects From Favorites

• Exporting Analyses, KPIs, and Analysis Prompts Data

• Accessing Properties

• Levels of Oracle BI EE Security

• What Are Permissions?

• How Are an Object's Permission Assigned?

• Access Control Lists and Permissions

• Permission Definitions

• Permissions Available by Object Type

• Recommendations for Setting Permissions

• Assigning Permissions

• Who Owns an Object?

• Assigning Ownership of Objects

• Taking Ownership of Objects

• What is Archiving?

• Archiving Objects

What is the Oracle BI Presentation Catalog?

The Oracle BI Presentation Catalog (the catalog) stores business intelligence objects and provides an interface where users create, access, and manage objects, and perform specific object-based tasks (for example, export, print, and edit). The catalog is organized into folders that are either shared or personal.

If Oracle BI EE is integrated with other Oracle applications, then the objects that are created within those applications are also stored within the catalog. For example, if Oracle BI Publisher is integrated with Oracle BI EE, data models, reports, and style templates and sub-templates are also stored in and accessible from the catalog.

Many of the operations that you can perform in the Oracle BI Presentation Catalog can also be performed in the Catalog Manager, which resides outside of Oracle BI Presentation Services. See Working with Objects in Catalog Manager in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition.

Who Uses the Catalog?

Various users can access the catalog.

Within Oracle BI EE, there are three primary users: content consumers, content designers, and catalog administrators. Each user performs different tasks within the catalog, and, therefore, each user sees a different version of the catalog interface. Functionality that is available for one user might not be available for another. Furthermore, the catalog functionality and objects that are available to a user depend upon the privileges that are specified by the Presentation Services Administrator and the object's individual permissions, which are usually set by the content designer.

Content consumers can use the Catalog page to view the business intelligence objects that are necessary to perform their day-to-day tasks. For example, a sales manager must access an analysis that monitors the weekly sales of a specific brand of beverage in the Central and Eastern regions. The permissions that are set by the content designer and catalog administrator determine what tasks the content consumers can perform both on an individual piece of content and within the catalog. For example, content consumers at Company A can search for, view, and interact with only those objects that have been assigned to them, but content consumers at Company B can search for and interact with content as well as create content and store it to their personal folders.

Content designers are the individuals who create the content for the content consumers. Content designers need broader access to the catalog to efficiently create, edit, test, and troubleshoot objects. Their access to the catalog's functionality is more comprehensive than that of the content consumers. However, like the content consumer, the content designer's permissions are set by the administrator. For example, a content designer must store content in and retrieve content from the public folders for the Sales functional area, but not the Operations functional area. Or a content designer must be assigned to several groups so that the content designer can sign in to Presentation Services as different users to test the new or revised content.

Administrators need the most comprehensive access to the catalog; however, their access is still determined by the privileges that are assigned to their role by the Presentation Services administrator. In general, the catalog tasks that the administrator performs include setting permissions on catalog objects and folders, archiving the catalog, creating and managing directory structures, and managing system and user data.

Note:

Over time, inconsistencies can develop in the catalog as links are broken, users are deleted, or NFS file system issues are encountered. You can periodically validate the catalog, to be informed of and to take corrective action on inconsistencies. For information on validation, see Validating the Catalog Using Catalog Manager in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition.

Saving Business Intelligence Objects

You can save objects that you create in folders in the catalog.

For complete information on naming conventions, see Guidelines for Object Names in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition.

1. Create or edit a business intelligence object and click Save or Save As from the editor's toolbar.

2. In the Save As dialog, select the catalog location to which you want to save the object:

   • You can create sub-folders for storage within your My Folders folder or within the system folder for which you have the permissions to modify.

   • Oracle BI EE enables you to save any type of business intelligence object to any location within the catalog. However, for some object types, Oracle BI EE's Save As dialog suggests the best catalog location. For example, if you are creating a named filter, then it should be saved to a subject area folder (/My Folders/Subject Area Contents/Paint) so that it is available when you create an analysis using the same subject area and to which you want to add the saved filter.

   • You can save the following objects to any location within the catalog: actions, agents, analyses, BI Publisher objects, briefing books, conditions, KPIs, and prompts.

   • Oracle recommends that you save the following objects to the subject area folder: calculated items, custom groups, and filters. If a subject area folder does not exist in your /My Folders folder or within the /Shared Folders folder, then Oracle BI EE creates a subject area folder and the Save As dialog defaults a save path to /My Folders/Subject Area Contents/<subject area>. Saving these objects to the subject area folders ensures that they are available when you build an analysis for the same subject area.

   • Dashboards can be saved to any catalog location. However, if you want the dashboard to display in the global header's Dashboards menu, then you must save the dashboard to a first level dashboard folder. For example, save the dashboard to the following location to include the dashboard in the Dashboard menu: /Shared Folders/Sales Projections/Dashboards. Save the dashboard to the following location to exclude the dashboard from the Dashboard menu: /Shared Folders/Sales Projections/Dashboards/Design Time. For more information about saving dashboards, see Saving Dashboards by Other Names and in Other Locations.

3. Click OK.

Use the following procedure to create a sub-folder within your My Folders or, if you have the required permissions, to create a sub-folder.

1. On the Catalog page, go to the desired location in the Folders pane.
2. In the catalog toolbar, click New and select Folder.
3. In the New Folder dialog, enter the folder name and click OK.

How Can I Search for Objects?

Depending upon whether your system has been configured to use BI Search configure crawl, you will use either the basic catalog search or the full-text catalog search to find objects in the Oracle BI Presentation Catalog.

The catalog contains things that you or somebody else has defined and saved for future use (such as analyses and dashboards). You can search the catalog to find something that you want to work with or change. For example, you can find the Brand Revenue analysis that you created last week. By doing so, you can change a bar graph to a line graph in that analysis.

You can use the Catalog page to view the business intelligence objects that are necessary to perform your day-to-day tasks. For example, a sales analyst must access an analysis that monitors the weekly sales of a specific brand of beverage in the Central and Eastern regions. The permissions set by the catalog administrator determine what tasks the analyst can perform on a piece of content and within the catalog.

• Basic catalog search — This is the standard search option. This search type allows you to search for an object by its exact name, description, location, and object type only. See Basic Catalog Search.

• Full-Text catalog search — To allow the full-text catalog search, your administrator must configure and enable the BI Search indexing (crawling). This search type allows you to search for an object by exact name, description, location, object type, object attribute, data column name, data column values, and so on. See Full-Text Catalog Search.

Basic Catalog Search

The basic catalog search enables users with the proper privilege to search for objects from the global header or the Catalog page.

In the Catalog page, you can use the basic catalog search to locate an object by searching for its exact name, description, location, and type, only. You find only those objects for which you have the appropriate permissions. When the desired object is located, you can click it to display it for viewing or editing, as your permissions allow.

Full-Text Catalog Search

You can use the full-text search to find objects by entering various search values, such as name, description, author, and the names and values of columns of data that the object references.

Full-text catalog search enables users with the proper privilege to conduct an expanded search for an object. This expanded search functionality is only available if your administrator configured and enabled the BI Search configuration crawl. When configured, the full-text catalog search, like the basic catalog search, is available from the global header or the Catalog page.

When users perform the full-text catalog search, it locates those objects that have been crawled and indexed and for which the individual users have the appropriate permissions. Objects such as dashboards and reports with the Do Not Index attribute selected are not indexed.

The list of full-text search results includes any objects that match the criteria, for which the user has at least the Open permission. If an object is stored in a folder, then the user must have the Traverse folder and Open object permissions. Objects with the No Access permission are not available.

Be aware of the following information about the full-text search:

• While you search using keywords, the search results include both data and metadata. For each catalog object, both the metadata (such as the name, path, author, modification date, last accessed date, type, and description) and the data (such as column name, header names, column values, prompt formulas, column formulas, and prompt values) are indexed and available as search results.

• The default search operator is OR. You can specify multiple search terms and the highest search hit includes the largest number of search terms.

You can search for nearly all types of objects in the Oracle BI Presentation Catalog, with a few exceptions such as Marketing Segmentation objects and hierarchical columns.

Searching for Objects in the Catalog

You can use configured levels of searching functionality to find objects in the catalog.

Depending upon how your system is configured, you will use the basic search or the full-text search capabilities. See How Can I Search for Objects?

When performing a full-text search, a newly created object that is included in the index cannot be located until a crawl has occurred.

You can use the global header to perform a search.

1. In the global header Search field, click the down arrow and select the object type for which you want to search.

2. Place your cursor in the field next to the Search field and enter part or all of the object's name or description.

3. Click Search to begin the search. The Catalog page is displayed with the results that match your search criteria. For more information about how to search, see Search pane.

Use the Catalog page's functionality to provide search criteria. This searching method is useful when you know the object's name, location, or type. Use the following task for the basic search and the fully integrated full-text search.

1. In the global header, click Catalog.
2. In the Catalog page, click the Search button.
3. In the Search pane, specify the search criteria. Consider the following options:
   • Search: All objects and folders whose names contain the letters that you enter are displayed.
   • Location: This option is only available for the basic search. Select the folders to search. Administrators and users with administrative permissions can search the catalog root folder. However, before you can search the root folder, you must be in Admin View.
   • Type: This option is only available for the basic search. Select the kind of object for which you are searching (for example, KPI, Scorecard, or Filter).
4. To search for Hidden Items, select the Show Hidden Items box on the Catalog page's header.
5. Click Search.
   Folders or objects that satisfy the search criteria are displayed in the Catalog area.

Object-Specific Tasks

There are specific tasks you can perform with objects.

The tasks that you can perform for an object that you select from the Catalog pane are determined by both the selected object's type (for example, a dashboard or KPI) and the permissions that were set for the object. The list of available tasks is displayed in the Tasks pane, which is located within the Catalog page or from the object's More link.

The illustration shows the available tasks for the analysis that was selected from the catalog. This graphic illustrates that the object's available tasks are: Expand, RSS, Delete, Copy, Rename, Create Shortcut, Archive, Unarchive, Upload, Properties, and Permissions.

Description of the illustration GUID-173533E4-2DC1-486C-A91C-FC904AD714B8-default.gif

In most cases, you can open or copy an object. However, if you selected an analysis, then you can create an agent for the analysis or export the analysis. If you selected a dashboard, then you can publish the dashboard or archive it, depending upon the permissions that were assigned to the object.

Note:

If you upgrade to a newer version of Oracle Business Intelligence and work with objects in the catalog, then you might notice that certain objects are not being accessed as quickly as in the previous release. This change can occur if objects were not upgraded properly. See Updating Catalog Objects in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition for information on upgrading objects.

What Are Favorites?

The favorites functionality allows you to bookmark as favorites the catalog objects that you view regularly or want to view again at another time.

After you flag objects as favorites, you can use the Manage Favorites dialog to organize your favorites by creating categories and rearrange your favorites into the order that you find most intuitive. You can access a list of the objects that you marked as favorites and any categories that you created by clicking Favorites in the global header.

You can use Oracle Business Intelligence Mobile to access your list of favorites as well as add objects to and remove objects from your favorites list. However, you cannot organize and manage your favorites from Oracle BI Mobile. Your Oracle BI EE desktop and Oracle BI Mobile favorites lists will synchronize your changes when you log into either Oracle BI EE instance.

Adding Objects to Favorites

There are multiple ways to add an object to your favorites list.

You can bookmark as favorites the catalog objects that you view regularly or want to view again. For example, you might regularly view the Loyal Customers analysis in the catalog. You flag the analysis as a favorite. After you add an object to your favorites list, the object's icon is updated to include a gold star.

To add an object to your favorites list by using the Home page or Catalog page:

1. Go to the Home page or Catalog page and browse for the object that you want to add to your favorites list.

2. Click the More link, and then click Add to Favorites. The object is added to your favorites list.

To add an object to your favorites list while viewing or editing the object:

1. Open the object in its designated viewer or editor.
2. In the global header, hover over Favorites and click Add to Favorites. The object is added to your favorites list.

Accessing Favorite Objects

After you tag objects as favorites, you can use the Favorites menu in the global header to view your list of favorites and browse for and select a favorite object.

See Adding Objects to Favorites.

You can also use Oracle Business Intelligence Mobile to access your favorites list. See What Are Favorites?

1. In the global header, hover over the Favorites menu. The list of the objects that you marked as favorites displays.
2. Scroll through the list of objects and categories, and click an object to select it.

Organizing Favorites

Use these tasks to organize the items on your favorites list.

You can organize favorites from the Oracle BI EE desktop, only. Any changes that you make to your favorites list will synchronize to your Oracle Business Intelligence Mobile favorites list when you log in from the mobile device.

To create a favorites category:

1. In the global header, hover over the Favorites menu. The list of the objects that you marked as favorites displays.

2. Click Manage Favorites. The Manage Favorites dialog displays.

3. In the Category Tree or the Selection Category area, browse to and select the location where you want to add a new category.

4. On the toolbar, click New Category. The New Category dialog displays.

5. Enter a unique name for the category. Click OK.

6. The new category displays.

To rearrange your favorite objects:

1. In the global header, hover over the Favorites menu. The list of the objects that you marked as favorites displays.
2. Click Manage Favorites. The Manage Favorites dialog displays.
3. In the Category Tree or the Selection Category area, browse to the location of the categories or objects that you want to rearrange. You can perform the following actions to rearrange your favorites.

   • Select an object or category and click the move buttons to move the object up or down in your favorites list.

   • Drag and drop objects into categories. Drag and drop categories into other categories to nest them.

   • Copy objects or categories from one location and paste them into another location.

   • Rename categories.

   • Sort the selected categories or objects within a category by ascending or descending alphabetic order.

   See the Manage Favorites dialog.

4. Click OK. Your rearranged objects and categories are saved and display in your favorites list.

Removing Objects From Favorites

You can remove items from your favorites list.

You can remove from your favorites list those objects that you no longer need to access regularly. For example, you can remove from your favorites list the previous year's Loyal Customers analysis that you no longer need to access regularly.

You can also use Oracle Business Intelligence Mobile to remove objects from your favorites list.

After you remove an object from your favorites list, the object's icon changes from an icon with a gold star to the object's standard icon.

To remove an object from your favorites list by using the Home page or Catalog page:

1. Go to the Home page or Catalog page and browse for the object that you want to remove from your favorites list.

2. Click the More link, and then click Remove from Favorites. The object is removed from your favorites list.

To remove an object from your favorites list while viewing or editing the object:

1. Open the object in its designated viewer or editor.

2. In the global header, hover over the Favorites menu. The list of the objects that you marked as favorites displays.

3. Click Remove from Favorites. The object is removed from your favorites list.

To remove an object from your favorites list by using the Manage Favorites dialog:

1. In the global header, hover over the Favorites menu. The list of the objects that you marked as favorites displays.
2. Click Manage Favorites. The Manage Favorites dialog displays.
3. Browse for and select the object that you want to remove.
4. Click Delete.
5. Click OK. The object is removed from the list.

Exporting Analyses, KPIs, and Analysis Prompts Data

To leverage your data and use it in other applications, you can export analyses, KPIs, and analysis prompt values and data.

You can export to various formats such as as PDF, Web Archive, spreadsheet, Powerpoint presentation, and data file. For example, you can export a Stock Control analysis, so that a supplier can view the results in Microsoft Excel.

You can export Oracle Business Intelligence Publisher reports if they are embedded in a dashboard or dashboard page.

1. In the global header, click Catalog.
2. On the Catalog page, search for the object to export.
3. In the Folders pane, select the object to export.
4. Select the object and perform a task:

   • Below the document, select More and then Export

   • Select the Export button in the Tasks pane

5. Select the format. The Data list contains the CSV Format, Tab delimited Format, and XML Format options.

Accessing Properties

Administrative users can access the properties of any object or folder to perform tasks such as view system information or change access levels.

Users can access and modify the properties of the objects that they create or own. For example, you might want to change the Brand Revenue analysis to be read-only so that other users cannot change it.

1. In the global header, click Catalog.
2. In the Catalog page, search for the object to which you want to assign properties.
3. In the Folders pane, select an object or folder.
   • Below the document, select More and then Properties.
   • Click the Properties button in the Tasks pane.
4. Review or change the settings displayed in the Properties dialog.

Levels of Oracle BI EE Security

Oracle BI EE supports security mechanisms that allow users to access only the data for which they are authorized.

For specific information about setting up and maintaining security, see Introduction to Security in Oracle Business Intelligence in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition. The following types of security are typical:

• Subject Area security. This security mechanism controls access to objects, such as subject areas, folders, and columns. For example, content designers in a particular department can view only the subject areas that belong to their department when using the Analysis editor.

• Catalog object security. This security mechanism provides security for objects that are stored in the Oracle BI Presentation Catalog, such as dashboards, dashboard pages, folders, and analyses. Users can view only the objects for which they are authorized. For example, a mid-level manager might not be granted access to a dashboard that contains summary information for an entire department. See What Are Permissions?

• Data level security. This security mechanism controls the type and amount of data that is available in analyses. When multiple users run the same analysis, the results that are returned to each user depend on their access rights and roles in the company. For example, a sales vice president sees results for all regions, while a sales representative for a particular region sees only data for that region.

The security mechanisms in Oracle Business Intelligence can use security hierarchies that are defined in operational applications, such as Siebel CRM applications, which minimizes the need for administrators to manage multiple security systems. The security mechanisms also allow a high degree of control over access to elements in Oracle Business Intelligence applications.

What Are Permissions?

An object's owner or a user who has been given the proper privileges and permissions can assign permissions to catalog objects.

Permissions are authorizations that you grant to a user or role to perform a specific action or group of actions on a catalog object. For example, if you work in the sales department and created a dashboard that contains quarterly sales projections, then you can give read access to this dashboard to all sales people, but give read, write, and delete access to sales directors and vice presidents.

Permissions are a part of the Oracle BI EE security model, and how permissions are initially assigned is based on how users, roles, and groups were set up on your system, and which privileges the Oracle BI EE administrator granted those users, roles, and groups.

How Are an Object's Permission Assigned?

Object permissions can be assigned by a variety of users.

The permissions for a folder, Oracle BI Publisher object, or other objects are assigned by either the object owner, the content designer, or the catalog's administrator. Before someone other than the content designer can assign permissions to an object, that person must have been given ownership of the object, granted the Change Permissions privilege by the Presentation Services administrator, and have been given the Change Permissions object permission, which is listed in the Custom Permissions dialog. For more information about setting the Change Permissions privileges, see Managing Presentation Services Privileges in Security Guide for Oracle Business Intelligence Enterprise Edition.

When the content designer creates an object and saves it to a folder, the object inherits the permissions that are set on the folder. After the object is saved, the content designer can display either the catalog's Tasks pane or the object's More... link, locate the object, access the Permissions dialog, and modify the object's permissions. If the object's Read-Only property, which is set on the Properties dialog, is selected, then no one other than the owner can modify the object's permissions. This read-only setting essentially trumps any permissions that are set in the Permission dialog.

When working with an object, you use the Permissions dialog to assign who gets which object permissions in the following ways:

• To Application roles — This is the recommended way of assigning permissions. Application roles provide much easier maintenance of users and their assignments. An Application role defines a set of permissions granted to a user or group that has that role in the system's identity store. An Application role is assigned in accordance with specific conditions. As such, Application roles are granted dynamically based on the conditions present at the time authentication occurs.

  For information on Application roles, see Managing Application Roles and Application Policies Using Fusion Middleware Control in Security Guide for Oracle Business Intelligence Enterprise Edition.

• To individual users — You can assign permissions and privileges to specific users, but such assignments can be more difficult to maintain and so this approach is not recommended.

Access Control Lists and Permissions

Access control lists define the ability of an account to access a shared object in the Oracle BI Presentation Catalog.

An account is an Application role or an individual user. Permissions describe the type of access to an object that an account is permitted. Examples are Open and Full Control.

Each catalog object has an access control list that defines which accounts have which permissions to access the object. The access control list is stored in the object's corresponding attribute (.atr) file. An access control list has the general form that is shown in this table.

Account	Permission
ApplicationRole1	Open
ApplicationRole4	Full Control
ApplicationRole3	Open
User 4	Open
User 9	Full Control
User 11	Full Control

Permission Definitions

To control access to objects (such as a folder in the catalog or a section in a dashboard), you assign permissions to Application roles and users.

The permissions that you can assign vary depending on the type of object with which you are working.

The permissions that are available from the Permissions dialog are usually parent permissions, meaning that each parent permission contains several child permissions (for example, if the Open permission is applied to a folder, the users of that folder can read, traverse, and run Oracle BI Publisher reports located in that folder). Applying parent permissions, rather than building custom permissions for every object, is an easy way to consistently assign and maintain permissions. The available parent permissions differ based on the object type with which you are working: folders, BI Publisher objects, or business intelligence objects. BI Publisher objects include reports, data models, sub templates, and style templates. Business intelligence objects include analyses, dashboards, KPIs, scorecards, filters, and prompts.

If in the Permissions dialog you select the Custom permission, then the Custom Permissions dialog is displayed where you can select the permissions to apply to the object. For example, if you are working with a folder object, then you can select the traverse, read, and delete permissions.

The table here includes the name of each permissions and its definition. See Permissions Available by Object Type.

Permission	Description
Read	Use this option to give authority to access, but not modify the object.
Write	Use this option to give authority to edit the object.
Delete	Use this option to give authority to delete the object.
Traverse	Use this option to give authority to access objects within the selected folder when the user does not have permission to the selected folder. Access to these objects is required when the objects in the folder, such as analyses, are embedded in a dashboard or WebCenter Portal application page that the user has permission to access. For example, if you grant users the Traverse permission to the /Shared Folders/Test folder, then they can access objects, through the Catalog or embedded in dashboards or WebCenter Portal application pages, stored in the /Shared Folders/Test folder and stored in sub-folders, such as the /Shared Folders/Test/Guest folder. However, users cannot access (meaning view, expand, or browse) the folder and sub-folders from the Catalog.
Run Publisher Report	Use this option to give authority to read, traverse the folder that contains the object, and regenerate the report so that it includes the most recent data.
Schedule Publisher Report	Use this option to give authority to read, traverse the folder that contains the object, and schedule the report.
View Publisher Report	Use this option to give authority to read, traverse the folder that contains the object, and view, but not regenerate, the report.
Execute	Use this option to give authority to run an object, such as an action, agent, or a briefing book.
Change Permissions	Use this option to give authority to change the object's permissions.
Set Ownership	Use this option to give authority to reassign ownership of the object.
Full Control	Use this option to give authority to perform all tasks (modify and delete, for example) on the object.
No Access	Use this option to deny access to the object. Explicitly denying access takes precedence over any other permission.
Modify	Use this option to give authority to read, write, and delete the object.
Open	Use this option to give authority to access, but not modify, the object. If you are working with an Oracle BI Publisher object, this option enables you to traverse the folder that contains the object.
Custom	Use this option to display the Custom Permissions dialog, where you grant read, write, execute, and delete permissions.
Granted	Use this option to give authority to access a section in a dashboard. This permission can be set in the dashboard, only. This permission overrides any catalog permissions set on the section's objects that would prevent the corresponding roles and users from accessing them (for example, No Access). See Changing the Properties of a Dashboard and its Pages.
Denied	Use this option to deny access to a section in a dashboard. This permission can be set in the dashboard, only. This permission overrides any catalog permissions set on the section's objects that would allow the corresponding roles and users to access them (for example, View). See Changing the Properties of a Dashboard and its Pages.

Permissions Available by Object Type

The permissions that are available from the Permissions dialog are usually parent permissions, meaning that each parent permission contains several child permissions.

For example, if the Open permission is applied to a folder, then the users of that folder can read, traverse, and run the BI Publisher reports that are located in that folder. The available parent permissions differ based on the object with which you are working.

The table here includes a listing of the parent permissions and the corresponding child permissions by object type. For a description of each permission, see Permission Definitions.

Parent Permission	Folders	Oracle BI Publisher Objects	Objects
Full Control	Includes all permissions	Includes all permissions	Includes all permissions
Modify	Read, write, and delete	Read, write, and delete	Read, write, and delete
Open	Read, traverse, run BI Publisher report	Run Oracle BI Publisher report	Read
Schedule Oracle BI Publisher Reports	Schedule BI Publisher reports that are contained in the folder, read, and traverse	Schedule Oracle BI Publisher reports	Not available
View Oracle BI Publisher Output	View BI Publisher reports that are contained in the folder, read, and traverse	View Oracle BI Publisher reports	Not available
Traverse	Traverse folder	Not available	Not available
No Access	Object is not accessible	Object not accessible	Object not accessible

Recommendations for Setting Permissions

When administrators set access permissions for users, certain guidelines need to be followed.

Follow these recommendations when setting permissions:

• Use care when assigning permissions to ensure that you do not lock the object by preventing you, an administrator, or any other user from modifying the object.

• Assign permissions through Application roles, even if you must assign permissions only for a single user. Application roles are central to Oracle BI EE.

  For information on Application roles, see Managing Application Roles and Application Policies Using Fusion Middleware Control in Security Guide for Oracle Business Intelligence Enterprise Edition.

• For Application roles (or users, if necessary) that are going to be modifying the dashboards and dashboard content accessible to the role, set the permissions for the role to Full Control. While allowing change and delete control, Full Control also enables the specified role to set permissions and to delete the object, folder, or dashboard.

  If you plan to have numerous or varying users that create and modify dashboard content for a given group, then create a separate, corresponding builder role that has all the back-end permissions of the primary role, but with a different name. For example, you can create a Sales role and a SalesBuilder role. By giving the SalesBuilder role appropriate permissions to the Oracle BI Presentation Catalog, you can control and change who can make changes to dashboards and content. Assuming session variable security is in place, you can make a user a dashboard builder or content creator by changing the user's role from Sales to SalesBuilder in the database table that holds security information.

• For each Subject Area, ensure that the AuthenticatedUser role has No Access permission to the Subject Area folder.

• For roles that should be able to save analyses for public use against a given Subject Area, grant them Full Control to the Subject Area folder and everything it contains, and likewise for the Common folder.

• To ensure that only members of the designated roles have access to Oracle BI Presentation Catalog folders, folder content, and dashboards, do not set explicit permissions for the AuthenticatedUser role.

Tip:

To provide a place for all users within an Application role to share analyses with each other, create a folder under the Subject Area folder called, for example, Share or Publish, and give the entire role Change/Delete permission to just that folder.

Assigning Permissions

Permissions determine who can access folders, BI Publisher objects, or other catalog objects.

You can assign permissions to determine who can access folders or other catalog objects. The permissions that you can assign vary depending on the type of object with which you are working. To change permissions, you must have been granted the Change Permission privilege. For example, you might want to grant the Change Permission privilege to another sales consultant. This enables him to assign permissions to the Sales Forecast analysis.

To access an object in the catalog, users must have appropriate ACL (Access Control List) entries for that object. All objects in the catalog except for alerts use ACL entries. See Working with Objects in Catalog Manager in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition.

Use the following procedure to assign permissions to an object. See Permission Definitions Permissions Available by Object Type and Recommendations for Setting Permissions.

1. In the global header, click Catalog.
2. In the Catalog page, search for the object to which you want to assign permissions.
3. Go to the Catalog area and locate an object or folder.
4. Select More and then Permissions, or go to the Tasks pane and click Permissions.
5. In the Permissions dialog, click the Add users/roles button to access the Add Application Roles and Users dialog to add any required accounts.
6. In the Permissions dialog, click the Permissions list to select permissions. Most of the items that are displayed in the list are parent permissions and contain several child permissions. To build a specific list of permissions, click Custom.
7. In the Custom Permissions dialog, specify how the permissions are to be applied using these options: Apply permissions to sub-folders, Apply permissions to items within a folder, or Apply permissions to all descendants.
8. In the Replace Options list, specify how the entries in the Access Control List (ACL) are to be replaced for the object and also for its children (but only if one or more of these options are selected): Apply permissions to sub-folders, Apply permissions to items within a folder, or Apply permissions to all descendants).

   If you select either Replace Listed Accounts or Remove Listed Accounts, then make sure that you also remove from the list in the Permissions area the entries that you do not want changed.

9. Click OK.

Who Owns an Object?

Object owners may or may not have full permissions to manipulate the object.

Ownership of an object can either be granted by the user who created the object or taken by a user who has been granted the proper privileges. The owner of an object or folder cannot automatically access the object or folder. To access an object, the user must have the proper permissions assigned in the object or folder's Permissions dialog.

By default, the user who creates and saves a catalog object to either My Folders or a Shared folder owns the object. An object in My Folders cannot be assigned to another owner unless the object is moved to a Shared folder and the Administrator assigns the privilege allowing the owner to reassign ownership. After this privilege has been granted, the ownership of the object can then be assigned to another user or role that displays in the Permissions dialog. For example, suppose Employee A is a content designer and has created a dashboard for the Marketing department. Employee A completes the dashboard, saves it to the Marketing Department's Shared folder, and assigns ownership of the dashboard to Employee B, who is a marketing manager and responsible for updating the dashboard. See Assigning Ownership of Objects.

In some situations a user or member of a role must take ownership of objects located in a Shared folder. In this case, the user who wants to take ownership must be assigned the proper privilege to complete this task. After these privileges are granted, the user sees the Take Ownership of this Item and the Take Ownership of this item and all subitems options in the Properties dialog. For example, suppose that Employee A has been granted the proper privilege to take ownership of objects and folders. When Employee B, who owns several catalog objects, leaves the company, Employee A can now access the Properties dialog for these objects, take ownership of the objects, and reassign ownership of the objects to Employee C. See Taking Ownership of Objects.

Assigning Ownership of Objects

You can assign ownership of an object or folder that is saved to a Shared folder.

Ownership of an object can be granted by the user who created the object. Also, ownership of an object can be taken by a user who has been granted the proper privileges. For example, you can create a Brand Revenue analysis and grant ownership to a Regional Sales Analyst. You must have the proper privilege to access the Permissions dialog where you can then assign ownership of an object or folder.

See Who Owns an Object? and Taking Ownership of Objects.

1. In the global header, click Catalog.
2. On the Catalog page, search for the object to which you want to assign ownership.
3. Go to the Catalog area and locate an object or folder.
4. Select More and then Permissions, or go to the Tasks pane and click Permissions.
5. In the Permissions table, go to the Owner column and click to specify the owner.
6. Click OK.

Taking Ownership of Objects

Use the following procedure to take ownership of an object or folder that is saved to a Shared folder.

A user or a member of a role can take ownership of objects in a shared folder, if the user or member is assigned to the BIAdministrator role. For example, as a user who is a member of the Sales group, you might assign properties to the Sales Forecast analysis to mark yourself as owner of the object. You must have the proper privilege for the take ownership options to display in the Properties dialog.

See Who Owns an Object? and Assigning Ownership of Objects.

1. In the global header, click Catalog.
2. In the Catalog Page, search for the object to which you want to assign ownership.
3. Go to the Catalog area and locate an object or folder.
4. Select More and then Properties, or go to the Tasks pane and click Properties.
5. In the Ownership area of the Properties dialog, do one the following:
   • If you are working with an object, click the Set Ownership of this item link.
   • If you are working with a folder or an object that contains sub-objects (for example, a dashboard or scorecard), click the Set Ownership of this item link to take ownership of the object only, or click the Set Ownership of this item and all subitems to take ownership of the object and sub-objects.
6. Click OK.

What is Archiving?

You can save groups of data for long-term use or storage using archiving.

Archiving enables you to bundle the entire catalog, specific folders, or multi-component objects (for example, scorecards) as a .catalog file and upload the .catalog file to unarchive the data to another location in the catalog. This process enables you to transfer specific data across environments. For example, you can use this feature to transfer data from a development environment to a production environment.

If you have the necessary privileges, then you can use the Oracle BI EE Catalog Manager to archive and unarchive catalog objects and perform other Catalog maintenance tasks. For more information about Catalog Manager, see Working with Objects in Catalog Manager in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition.

Archiving Objects

You can archive an object for later use if you have the proper user privileges.

Before you can archive, you must have been granted the proper privilege.

To create an archive file:

1. In the global header, click Catalog. The Catalog page is displayed.

2. Search for the objects to archive.

3. Go to the Folders pane to select the object.

4. Select More, then Archive below the object. The Archive dialog is displayed.

5. Specify to maintain or omit the permissions and timestamps for the folder or object. See the Archive dialog.

6. Click OK.

To unarchive an archive file:

1. Locate the archive file to upload. The archive file contains the .catalog extension (for example, _portal.catalog).
2. Go to the Folders pane and select the location where you want to upload the archive file.
3. Go to the Tasks pane and click Unarchive. The Unarchive dialog is displayed.
4. Enter the name of the archive file or browse for the archive file. Select the archive file.
5. Click OK.