1. Administering Oracle Fusion Analytics Warehouse
  2. Customize Oracle Fusion Analytics Warehouse
  3. Add Security Configurations

Add Security Configurations

Add security configurations to secure the subject areas and data with ready-to-use and custom duty and data type of application roles.

  1. Sign in to your service.
  2. In Oracle Fusion Analytics Warehouse, open the Navigator menu, click Console, and then click Semantic Model Extensions under Application Administration.
  3. On the Semantic Model Extensions page, click Security Configurations.
    You see the existing security configurations, if any, and the option to add new security configurations.
  4. In the Security Configurations region, click Add Configure Data Security to secure your data with the data type of application roles.
  5. In the Security Configurations region, search for the ready-to-use "Configure Object Permissions" to configure permissions for objects such as subjects areas and their elements with duty type of application roles.
  6. Optional: In the Security Configurations region, click Reapply Steps to validate the security configuration-related steps against the current state of the model.

Configure Data Security

Provide access to data using the custom-created data type application roles.

You can add data filters to the data retrieved from the logical or presentation objects based on the data roles assigned to a user. You can add one step for each data role. The elements that you can secure are from the Main branch. Hence, if you need a newly added object to be secured, then you must ensure that the branch containing the newly added object is merged with the Main branch before configuring the security. If any of the custom-created role is no longer available, then the security configuration for that role is removed from the "Configure Data Security" step.
  1. Sign in to your service.
  2. In Oracle Fusion Analytics Warehouse, open the Navigator menu, click Console, and then click Semantic Model Extensions under Application Administration.
  3. On the Semantic Model Extensions page, click Security Configurations.
    You see the existing security configurations, if any.
  4. In the Security Configurations region, click Add Configure Data Security Step.
  5. In step 1 of the wizard, enter a name for your step, select a data type application role, and then click Next.
  6. In step 2 of the wizard, from the Available Objects drop-down list, click either Presentation Objects or Logical Objects to select the objects that you want to secure with the selected data type application role.
    If you are viewing the presentation objects, then expand the subject area folders and double-click the objects. If you are viewing the logical objects, then double-click the logical table folders or expand the table folders and double-click the objects. You see the selected objects under Object to be secured in the right pane.
  7. Optional: Specify the functional group to combine the data filters using the OR and AND operators.
    Oracle Fusion Analytics Warehouse combines all the filters in the same functional group using the OR operator and combines all sets of filters in different functional groups using the AND operator.
  8. Click the Function icon to define how the data filter gets applied.
    Use the Expression Editor to enter the filter, based on the session variables that you had created previously. To view an example, see Custom Security in Fusion Analytics Warehouse.
  9. Click Next.
  10. Click Finish.
  11. Optional: In the Security Configurations region, click Reapply Steps to validate the security configuration-related steps against the current state of the model.

Configure Object Permissions

Configure the permissions for objects such as subject areas and its elements with the ready-to-use or the custom-created duty roles.

You secure the subject areas and their elements through "Configure Object Permissions", a ready-to-use single step. You edit this single step to specify the subject areas, their elements, and the duty roles to secure these with. The elements that you can secure are from the Main branch. Hence, if you need a newly added object to be secured, then you must ensure that the branch containing the newly added object is merged with the Main branch before configuring the security. If any of the custom-created role is no longer available, then the security configuration for that role is automatically updated in the existing "Configure Object Permissions".

For the front-end objects such as KPIs and decks, set the permissions individually for each object by adding the applicable duty role and the corresponding access. See Inspect a KPI and Inspect a Deck.

  1. Sign in to your service.
  2. In Oracle Fusion Analytics Warehouse, open the Navigator menu, click Console, and then click Semantic Model Extensions under Application Administration.
  3. On the Semantic Model Extensions page, click Security Configurations.
    You see your existing security configurations and the ready-to-use object permissions-related step.
  4. In the Security Configurations region, search for the ready-to-use "Configure Object Permissions", and hover over it to view the Actions menu, and then click Edit.
  5. In step 1 of the wizard, click Next.
  6. In step 2 of the wizard, select the subject areas or elements and set the corresponding desired permission to the duty role selected from the list, and then click Next.
    By default, the list of permissions by duty role displays the explicit permissions set for the subject area or the elements of the selected subject area. If you want to add more permissions, then select the duty role from the list and set the required permission. Permission levels that you can set are:
    • Default (inherited from the parent element).
    • No Access (deny access to the respective subject area or its elements)
    • Read-only (access to read the respective subject area or its elements).

    Repeat the operation for all the subject areas or the subject area elements that you need to secure.

  7. Review your changes and click Finish.