Add Security Configurations

Add security configurations to secure the subject areas and data with prebuilt and custom duty and data type of application roles.

  1. Sign in to your service.
  2. In Oracle Fusion Data Intelligence Console, click Semantic Model Extensions under Application Administration.
  3. On the Semantic Model Extensions page, click Security Configurations.
  4. In the Security Configurations region, click Add Configure Data Security to secure your data with the data type of application roles.
  5. In the Security Configurations region, search for the prebuilt "Configure Object Permissions" to configure permissions for objects such as subjects areas and their elements with duty type of application roles.
  6. Optional: In the Security Configurations region, click Reapply Steps to validate the security configuration-related steps against the current state of the model.

Configure Data Security

As a security administrator, provide users with access to data using the custom-created data type application roles.

You can add filters to data retrieved from logical or presentation objects based on the data roles assigned to users. You can add one customization step for each data role. The elements that you can secure are from the Main branch of the semantic model. Hence, if you need a newly added object to be secured, then you must ensure that the customization branch containing the newly added object is merged with the Main branch before configuring the security. If any of the custom-created role is no longer available, then the security configuration for that role is removed from the "Configure Data Security" step.
  1. Sign in to your service.
  2. In Oracle Fusion Data Intelligence Console, click Semantic Model Extensions under Application Administration.
  3. On the Semantic Model Extensions page, click Security Configurations.
    You see the existing security configurations, if any.
  4. In the Security Configurations region, click Add Configure Data Security Step.
  5. In step 1 of the wizard, enter a name for your step, select a data type application role, and then click Next.
  6. In step 2 of the wizard, from the Available Objects drop-down list, click either Presentation Objects or Logical Objects to select the objects that you want to secure with the selected data type application role.
    If you're viewing the presentation objects, then expand the subject area folders and double-click the objects. If you're viewing the logical objects, then double-click the logical table folders or expand the table folders and double-click the objects. You see the selected objects under Object to be secured in the right pane.
  7. Optional: Specify the functional group to combine the data filters using the OR and AND operators.
    Oracle Fusion Data Intelligence combines all the filters in the same functional group using the OR operator and combines all sets of filters in different functional groups using the AND operator.
  8. Click the Function icon to define how the data filter gets applied.
    Use the Expression Editor to enter the filter, based on the session variables that you had created previously. To view an example, see Custom Security in Fusion Data Intelligence.
  9. Click Next.
  10. Click Finish.
  11. Optional: In the Security Configurations region, click Reapply Steps to validate the security configuration-related steps against the current state of the model.

Configure Object Permissions

Configure the permissions for objects such as subject areas and its elements with the ready-to-use or the custom-created duty roles.

You secure the subject areas and their elements using the Configure Object Permissions, a prebuilt single step. You edit this single step to specify the subject areas, their elements, and the duty roles to secure these with. The elements that you can secure are from the Main branch. Hence, if you need a newly added object to be secured, then you must ensure that the branch containing the newly added object is merged with the Main branch before configuring the security. If a custom-created role is no longer available, then the security configuration for that role is automatically updated in the existing Configure Object Permissions step.

For the front-end objects such as key metrics and workbooks, set the permissions individually for each object by adding the applicable duty role and the corresponding access.

By default, the list of permissions by duty role displays the explicit permissions set for the subject area or the elements of the selected subject area. If you want to add more permissions, then select the duty role from the list and set the required permission. Permission levels that you can set are:
  • Default (inherited from the parent element).
  • No Access (deny access to the respective subject area or its elements)
  • Read-only (access to read the respective subject area or its elements).

Repeat the operation for all the subject areas or the subject area elements that you need to secure.

  1. Sign in to your service.
  2. In Oracle Fusion Data Intelligence Console, click Semantic Model Extensions under Application Administration.
  3. On the Semantic Model Extensions page, click Security Configurations.
    You see your existing security configurations and the prebuilt object permissions-related step.
  4. In the Security Configurations region, search for the prebuilt "Configure Object Permissions", and hover over it to view Actions, and then click Edit.
  5. In step 1 of the wizard, click Next.
  6. In step 2 of the wizard, select the subject areas or elements and set the corresponding desired permission to the duty role selected from the list, and then click Next.
  7. Review your changes and click Finish.