This appendix explains how to manage security for dashboards and analyses such that users have only:
Access to objects in the Oracle BI Presentation Catalog that are appropriate to them.
Access to features and tasks that are appropriate to them.
Access to saved customizations that are appropriate to them.
This appendix contains the following sections:
As a system administrator, you must configure a business intelligence system to ensure that all functionality including administrative functionality is secured by providing access only to authorized users that are allowed to perform appropriate operations. You must configure the system to secure all middle-tier communications.
This overview section contains the following topics:
Security settings that affect users of Presentation Services are made in the following Oracle Business Intelligence components:
Use the Oracle BI Administration Tool to perform the following tasks:
Set permissions for business models, tables, columns, and subject areas.
Specify database access for each user.
Specify filters to limit the data accessible by users.
Set authentication options.
Oracle BI Presentation Services Administration enables setting privileges for users to access features and functions such as editing views and creating agents and prompts.
Oracle BI Presentation Services enables assigning permissions for objects in the Oracle BI Presentation Catalog.
In previous releases, you could assign permissions to objects from the Presentation Services Administration pages. In this release, you set permissions either in the Catalog Manager or the Catalog page of Presentation Services. See User's Guide for Oracle Business Intelligence Enterprise Edition for information on assigning permissions in Presentation Services.
The Catalog Manager enables setting permissions for Oracle BI Presentation Catalog objects. See Configuring and Managing the Presentation Catalog in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition.
Note:
Security Administrators should advise report users to not edit Subject Area security privileges within Oracle BI Answers. The Security Administrator should enforce data security.
This topic provides guidelines for security with Oracle BI Presentation Services.
When maintaining security in Presentation Services, you must ensure the following:
Only the appropriate users can sign in and access Presentation Services. You must assign sign-in rights and authenticate users through the BI Server.
Authentication is the process of using a user name and password to identify someone who is logging on. Authenticated users are then given appropriate authorization to access a system, in this case Presentation Services. Presentation Services does not have its own authentication system; it relies on the authentication system that it inherits from the BI Server.
All users who sign in to Presentation Services are granted the AuthenticatedUser
role and any other roles that they were assigned in Fusion Middleware Control.
For information about authentication, see About Authentication.
Users can access only the objects that are appropriate to them. You apply access control in the form of permissions, as described in User's Guide for Oracle Business Intelligence Enterprise Edition.
Users have the ability to access features and functions that are appropriate to them. You apply user rights in the form of privileges. Example privileges are Edit system wide column formats and Create agents.
Users are either granted or denied a specific privilege. These associations are created in a privilege assignment table, as described in Managing Presentation Services Privileges.
You can configure Oracle Business Intelligence to use the single sign-on feature from the web server. Presentation Services can use this feature when obtaining information for end users. See Enabling SSO Authentication.
When you assign permissions and privileges in Presentation Services, you can assign them in one of the following ways:
To application roles — This is the recommended way of assigning permissions and privileges. Application roles provide much easier maintenance of users and their assignments. An application role defines a set of permissions granted to a user or group that has that role in the system's identity store. An application role is assigned in accordance with specific conditions. As such, application roles are granted dynamically based on the conditions present at the time authentication occurs.
To individual users — You can assign permissions and privileges to specific users, but such assignments can be more difficult to maintain and so this approach is not recommended.
You can use the Administration pages in Oracle BI Presentation Services to perform the tasks that are described in the following sections:
The main Oracle BI Presentation Services Administration page contains links that allow you to display other administration pages for performing various functions, including those related to users in Presentation Services.
You can obtain information about all these pages by clicking the Help button in the upper-right corner.
Note:
Use care if multiple users have access to the Administration pages, because they can overwrite each other's changes. Suppose User A and User B are both accessing and modifying the Manage Privileges page in Presentation Services Administration. If User A saves updates to privileges while User B is also editing them, then User B's changes are overwritten by those that User A saved.
This section contains the following topics about Presentation Services privileges:
Presentation Services privileges control the rights that users have to access the features and functionality of Presentation Services. Privileges are granted or denied to specific application roles, individual users, and Catalog groups using a privilege assignment table.
Like permissions, privileges are either explicitly set or are inherited through role or group membership. Explicitly denying a privilege takes precedence over any granted, inherited privilege. For example, if a user is explicitly denied access to the privilege to edit column formulas, but is a member of an application role that has inherited the privilege, then the user cannot edit column formulas.
Privileges are most commonly granted to the BIContentAuthor or BIConsumer roles. This allows users access to common features and functions of Presentation Services.
See Setting Presentation Services Privileges for Application Roles.
You can manage privilege assignments for application roles that are granted by default.
These privileges apply to the Oracle Business Intelligence infrastructure. If your organization uses prebuilt applications, it is possible that some privileges are preconfigured. For more information, see the documentation for the specific application.
When building KPIs, KPI watchlists, KPI contribution wheels, or within Oracle Scorecard and Strategy Management, a combination of privileges are required to perform specific tasks. See Identifying Privileges for KPIs, KPI Watchlists, and Scorecarding.
Note:
To login to an Oracle BI EE connection from SmartView you must have at least the following Oracle BI Presentation Services privileges:
Access SOAP
Access CatalogService Service
Access SecurityService Service
Access Oracle BI for MS Office
You must also have access to open the Shared Catalog folder.
Component | Privilege | Description | Default Role Granted | References or Reference Links for Additional Information |
---|---|---|---|---|
Access |
Access to Dashboards |
Allows users to view dashboards. |
BI Consumer |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition What Are Dashboards? in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Access |
Access to Answers |
Allows users to access the analysis editor. |
BI Content Author |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition What Are Analyses? in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and for Displaying and Processing Data in Views in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Access |
Access to BI Composer |
Allows users to access the BI Composer wizard. |
BI Content Author |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition What Is BI Composer? in User's Guide for Oracle Business Intelligence Enterprise Edition Manually Changing Presentation Settings in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Access |
Access to Delivers |
Allows users to create and edit agents. |
BI Content Author |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition About Controlling Access to Agents in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Agents in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Access |
Access to Briefing Books |
Allows users to view and download briefing books. |
BI Consumer |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition Adding Content to New or Existing Briefing Books in User's Guide for Oracle Business Intelligence Enterprise Edition Modifying the Table of Contents for PDF Versions of Briefing Books in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Access |
Access to Mobile |
Allows users to access Presentation Services from the Oracle Business Intelligence Mobile application. |
BI Consumer |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition Getting Started with Oracle BI Mobile in Oracle Business Intelligence Mobile Users Guide |
Access |
Access to Administration |
Allows users to access the administration pages in Presentation Services. |
BI Service Administrator |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring Application Roles and Users in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Access |
Access to Segments |
Allows users to access segments in Oracle's Siebel Marketing. |
BI Consumer |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition Oracle Marketing Segmentation Guide Configuring for Connections to the Marketing Content Server in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Access |
Access to Segment Trees |
Allows users to access segment trees in Oracle's Siebel Marketing. |
BI Content Author |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition Oracle Marketing Segmentation Guide Configuring for Connections to the Marketing Content Server in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Access |
Access to List Formats |
Allows users to access list formats in Oracle's Siebel Marketing. |
BI Content Author |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition Oracle Marketing Segmentation Guide Configuring for Connections to the Marketing Content Server in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Access |
Access to Metadata Dictionary |
Allows users to access the metadata dictionary information for subject areas, folders, columns, and levels. |
BI Service Administrator |
Providing Access to Metadata Dictionary Information in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Access |
Access to Oracle BI for Microsoft Office |
Shows the Download BI Desktop Tools link with the Oracle BI for MS Office option. |
BI Consumer |
Integrating with Microsoft Office in User's Guide for Oracle Business Intelligence Enterprise Edition |
Access |
Access to Oracle BI Client Installer |
Allows users to download the Oracle BI Client Tools installer, which installs the Business Intelligence Administration Tool and the Oracle Business Intelligence Job Manager. |
BI Consumer |
Downloading BI Desktop Tools in User's Guide for Oracle Business Intelligence Enterprise Edition Installing and Deinstalling Oracle Business Client Tools in Installing and Configuring Oracle Business Intelligence What System Administration Tools Manage Oracle Business Intelligence? in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Access |
Catalog Preview Pane UI |
Allows users access to the catalog preview pane, which shows a preview of each catalog object's appearance. |
BI Consumer |
Previewing How Views Are Displayed on a Dashboard in User's Guide for Oracle Business Intelligence Enterprise Edition |
Access |
Access to Export |
Allows users access to all export functionality, such as the Export link. In addition, to allow users access to the dashboard export to Excel functionality, that is, the Export entire dashboard and Export current page options, you also must set the Export Entire Dashboard To Excel and Export Single Dashboard Page To Excel privileges, respectively. |
BI Consumer |
Exporting and Copying Results in User's Guide for Oracle Business Intelligence Enterprise Edition Integrating with Microsoft Office in User's Guide for Oracle Business Intelligence Enterprise Edition Manually Configuring for Export in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Access |
Access to KPI Builder |
Allows users to create KPIs. |
BI Content Author |
How Do I Create a KPI? in User's Guide for Oracle Business Intelligence Enterprise Edition See the table for KPIs in Identifying Privileges for KPIs, KPI Watchlists, and Scorecarding |
Access |
Access to Scorecard |
Allows users access to Oracle BI Scorecard, and this also allows users access to KPI watchlists. |
BI Consumer |
How Do I Create a Scorecard? in User's Guide for Oracle Business Intelligence Enterprise Edition See the table for Scorecards in Identifying Privileges for KPIs, KPI Watchlists, and Scorecarding |
Actions |
Create Navigate Actions |
Set the privileges that determine whether Actions functionality is available to users and specify which user types can create Actions. |
BI Content Author |
Actions that Navigate to Related Content in User's Guide for Oracle Business Intelligence Enterprise Edition |
Actions |
Create Invoke Actions |
Set the privileges that determine whether Actions functionality is available to users and specify which user types can create Actions. |
BI Content Author |
Actions that Invoke Operations, Functions or Processes in External Systems in User's Guide for Oracle Business Intelligence Enterprise Edition |
Actions |
Save Actions Containing Embedded HTML |
Allows users to embed HTML code in the customization of web service action results. |
BI Service Administrator |
You set the EnableSavingContentWithHTML element to True in instanceconfig.xml to enable this privilege. See EnableSavingContentWithHTML and Making Advanced Configuration Changes for Presentation Services. |
Actions |
Save Content With HTML Markup |
Allows users to embed HTML code in content. |
BI Service Administrator |
You set the EnableSavingContentWithHTML element to True in instanceconfig.xml to enable this privilege. See EnableSavingContentWithHTML and Making Advanced Configuration Changes for Presentation Services. Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition Who Can Create Actions? in User's Guide for Oracle Business Intelligence Enterprise Edition |
Admin: Catalog |
Change Permissions |
Allows users to modify permissions for catalog objects. |
BI Content Author |
Setting Permissions of Catalog Objects in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Admin: Catalog |
Toggle Maintenance Mode |
Shows the Toggle Maintenance Mode link on the Presentation Services Administration page, which allows users to turn maintenance mode on and off. In maintenance mode, the catalog is read-only; no one can write to it. |
BI Service Administrator |
NA |
Admin: General |
Change Log Configuration |
This privilege enables you to modify the log levels using the UI. |
BI Service Administrator |
NA |
Admin: General |
Manage Sessions |
Shows the Manage Sessions link on the Presentation Services Administration page, which displays the Manage Sessions page in which users manage sessions. |
BI Service Administrator |
Understanding the Two Catalog Modes in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Admin: General |
Create Dashboard |
Allows users to create and edit dashboards, including editing their properties. |
BI Service Administrator |
Building and Using Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition |
Admin: General |
See Session IDs |
Allows users to see session IDs on the Manage Sessions page. |
BI Service Administrator |
Setting the Logging Levels for Oracle BI Presentation Services in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Admin: General |
Issue SQL Directly |
Shows the Issue SQL link on the Presentation Services Administration page, which displays the Issue SQL page in which users enter SQL statements. |
BI Service Administrator |
Testing the Oracle BI Server Using Issue SQL in Logical SQL Reference Guide for Oracle Business Intelligence Enterprise Edition |
Admin: General |
View System Information |
Allows users to view information about the system at the top of the Administration page in Presentation Services. |
BI Service Administrator |
Diagnostics and Performance Monitoring in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Admin: General |
Performance Monitor |
Allows users to monitor performance. |
BI Service Administrator |
Diagnostics and Performance Monitoring in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Admin: General |
Manage Agent Sessions |
Shows the Manage Agent Sessions link on the Presentation Services Administration page, which displays the Manage Agent Sessions page in which users manage agent sessions. |
BI Service Administrator |
Monitoring Active Agent Sessions and Configuring and Managing Agents in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Admin: General |
Manage Device Types |
Shows the Manage Device Types link on the Presentation Services Administration page, which displays the Manage Device Types page in which users manage device types for agents. |
BI Service Administrator |
Managing Device Types for Agents in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Admin: General |
Manage Map Data |
Shows the Manage Map Data link on the Presentation Services Administration page, which displays the Manage Map Data page in which users edit layers, background maps, and images for map views. |
BI Service Administrator |
Administering Maps in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Admin: General |
See Privileged Errors |
Allows users to see privileged error messages. Users can see detailed error messages about database connections or other details when lower level components fail. |
BI Service Administrator |
Diagnosing and Resolving Issues in Oracle BI in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Admin: General |
See SQL Issued in Errors |
Allows users to see SQL statements that are returned by the Presentation Services in error messages. |
BI Consumer |
Diagnosing and Resolving Issues in Orals BI in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Admin: General |
Manage Global Variables |
Allows users to add, update, and delete global variables. Global variables are created during the process of creating analyses. |
BI Service Administrator |
What Are Global Variables? in User's Guide for Oracle Business Intelligence Enterprise Edition |
Admin: General |
Manage Marketing Jobs |
Shows the Manage Marketing Jobs link on the Presentation Services Administration page, which displays the Marketing Job Management page in which users manage marketing jobs. |
BI Content Author |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition Oracle Marketing Segmentation Guide Configuring for Connections to the Marketing Content Server in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Admin: General |
Manage Marketing Defaults |
Shows the Manage Marketing Defaults link on the Presentation Services Administration page, which displays the Manage Marketing Defaults page in which users manage defaults for Oracle's Siebel Marketing application. |
BI Service Administrator |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition Oracle Marketing Segmentation Guide Configuring for Connections to the Marketing Content Server in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Admin: Security |
Manage Catalog Accounts |
Shows the Manage Catalog Groups link on the Presentation Services Administration page, which displays the Manage Catalog Groups page in which users edit Catalog groups. |
BI Service Administrator |
Setting Permissions of Catalog Objects in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Admin: Security |
Manage Privileges |
Shows the Manage Privileges link on the Presentation Services Administration page, which displays the Manage Privileges page in which users manage the privileges that are described in this table. |
BI Service Administrator |
Assigning Ownership of Objects in User's Guide for Oracle Business Intelligence Enterprise Edition Setting Permissions of Catalog Objects in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Admin: Security |
Set Ownership of Catalog Objects |
Allows users to take ownership of catalog items that they did not create and do not own. Shows the "Set ownership of this item" link for individual objects and the "Set ownership of this item and all subitems" link for folders on the Properties page. |
BI Service Administrator |
Setting Permissions of Catalog Objects in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Admin: Security |
User Population - Can List Users |
Allows users to see the list of users for which they can perform tasks such as assigning privileges and permissions. |
BI Consumer, BI System |
What Are Permissions? in User's Guide for Oracle Business Intelligence Enterprise Edition Oracle WebLogic Server Administration Console in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Admin: Security |
User Population - Can List Groups |
Allows users to see the list of groups for which they can perform tasks such as assigning privileges and permissions. |
BI Consumer, BI System |
What Are Permissions? in User's Guide for Oracle Business Intelligence Enterprise Edition Oracle WebLogic Server Administration Console in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Admin: Security |
User Population - Can List Application Roles |
Allows users to see the list of application roles for which they can perform tasks such as assigning privileges and permissions. |
BI Consumer, BI System |
What Are Permissions? in User's Guide for Oracle Business Intelligence Enterprise Edition Oracle WebLogic Server Administration Console in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Admin: Security |
Access to Permissions Dialog |
Allows users to access the Permissions dialog, where they can set permissions for a catalog object. |
BI Consumer |
What Are Permissions? in User's Guide for Oracle Business Intelligence Enterprise Edition Oracle WebLogic Server Administration Console in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition Setting Permissions of Catalog Objects in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Briefing Book |
Add To or Edit a Briefing Book |
Allows users to see the Add to Briefing Book link on dashboard pages and analyses and the Edit link in briefing books. |
BI Content Author |
Working with Briefing Books in User's Guide for Oracle Business Intelligence Enterprise Edition |
Briefing Book |
Add to snapshot briefing book |
Allows users to add content to a briefing book as a snapshot, that is, the Snapshot option for Content Type is available in the Save Briefing Book Content dialog and in the Page Properties dialog. |
BI Consumer |
Adding Content to New or Existing Briefing Books in User's Guide for Oracle Business Intelligence Enterprise Edition |
Briefing Book |
Download Briefing Book |
Allows users to download briefing books. |
BI Consumer |
Downloading Briefing Books in User's Guide for Oracle Business Intelligence Enterprise Edition Modifying the Table of Contents for PDF Versions of Briefing Books in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Catalog |
Personal Storage |
Allows users to have write access to their own My Folders folders and create content there. If users do not have this privilege, then they can receive email alerts but cannot receive dashboard alerts. |
BI Consumer |
Where Do I Store and Manage Oracle BI EE Objects? in User's Guide for Oracle Business Intelligence Enterprise Edition Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition Securing Catalog Objects for Tenants in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition Setting Permissions of Catalog Objects in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Catalog |
Reload Metadata |
Allows users to click the Reload Server Metadata link from the Refresh menu in the toolbar of the Subject Areas pane. |
BI Service Administrator |
Using Online and Offline Repository Modes in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition Setting Permissions of Catalog Objects in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Catalog |
See Hidden Items |
Allows users to see hidden items in catalog folders. Users can also select the Show Hidden Items box on the Catalog page. |
BI Content Author |
Controlling Presentation Object Visibility in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition Setting Permissions of Catalog Objects in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Catalog |
Create Folders |
Allows users to create folders in the catalog. |
BI Content Author |
Managing Objects in the Oracle BI Presentation Catalog in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition Setting Permissions of Catalog Objects in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Catalog |
Archive Catalog |
Allows users to archive the folders and objects in the catalog. |
BI Service Administrator |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition Setting Permissions of Catalog Objects in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Catalog |
Unarchive Catalog |
Allows users to unarchive catalog objects that have been archived previously. |
BI Service Administrator |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition Setting Permissions of Catalog Objects in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Catalog |
Upload Files |
Allows users to upload files into an existing catalog. |
BI Service Administrator |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition Integrating with Microsoft Office Using Oracle Business Intelligence Add-in for Microsoft Office in User's Guide for Oracle Business Intelligence Enterprise Edition Setting Permissions of Catalog Objects in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Catalog |
Perform Global Search |
Allows user to search the catalog using the basic catalog search, which is included by default with the Oracle BI Enterprise Edition installation. |
BI Content Author |
How Can I Search for Objects? in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring for Searching with Oracle Secure Enterprise Search in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Catalog |
Perform Extended Search |
Allows users to search the catalog using the full-text search. To provide full-text search, the administrator must have integrated Oracle BI Enterprise Edition with Oracle Secure Enterprise Search. |
BI Content Author |
How Can I Search for Objects? in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring for Searching with Oracle Secure Enterprise Search in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition Configuring for Searching with Oracle Secure Endeca Server in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Conditions |
Create Conditions |
Allows users to create or edit named conditions. |
BI Content Author |
What Are Named Conditions? in User's Guide for Oracle Business Intelligence Enterprise Edition Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition |
Dashboards |
Save Customizations |
Allows users to save and view later dashboard pages in their current state with their most frequently used or favorite choices for items. |
BI Consumer |
What Are Saved Customizations for Dashboard Pages? in User's Guide for Oracle Business Intelligence Enterprise Edition Controlling Access to Saved Customization Options in Dashboards |
Dashboards |
Assign Default Customizations |
Allows users to save and view later dashboard pages in their current state with their most frequently used or favorite choices for items. |
BI Content Author |
What Are Saved Customizations for Dashboard Pages? in User's Guide for Oracle Business Intelligence Enterprise Edition Controlling Access to Saved Customization Options in Dashboards |
Dashboards |
Create Bookmark Links |
Allows users to create bookmark links by showing the Create Bookmark Link option on the Page Options menu on a dashboard page, but only if the ability to create bookmark links has been enabled. |
BI Consumer |
About Creating Links to Dashboard Pages in User's Guide for Oracle Business Intelligence Enterprise Edition Enabling the Ability to Create Links to Dashboard Pages in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Dashboards |
Create Prompted Links |
Allows users to create prompted links by showing the Create Prompted Link option on the Page Options menu on a dashboard page, but only if the ability to create prompted links has been enabled. |
BI Consumer |
About Creating Links to Dashboard Pages in User's Guide for Oracle Business Intelligence Enterprise Edition Enabling the Ability to Create Links to Dashboard Pages in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Dashboards |
Export Entire Dashboard To Excel |
Allows users to download an entire dashboard to Excel by showing the Export entire dashboard option on the Page Options menu on a dashboard page. Note that you also must set the Access to Export privilege. |
BI Consumer |
Exporting and Copying Results in User's Guide for Oracle Business Intelligence Enterprise Edition Enabling the Ability to Export Dashboard Pages to Oracle BI Publisher in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Dashboards |
Export Single Dashboard Page To Excel |
Allows users to download a single dashboard page to Excel by showing theExport current page option on the Page Options menu on a dashboard page. Note that you also must set the Access to Export privilege. |
BI Consumer |
Exporting and Copying Results in User's Guide for Oracle Business Intelligence Enterprise Edition Enabling the Ability to Export Dashboard Pages to Oracle BI Publisher in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Formatting |
Save SystemWide Column Formats |
Allows users to save system wide defaults when specifying formats for columns. |
BI Service Administrator |
Saving Formatting Defaults in User's Guide for Oracle Business Intelligence Enterprise Edition |
Home and Header |
Access Home Page |
Allows users to access the home page from the global header. |
BI Consumer |
What Is the Oracle BI EE Global Header? in User's Guide for Oracle Business Intelligence Enterprise Edition What Is the Oracle BI EE Home Page? in User's Guide for Oracle Business Intelligence Enterprise Edition Home page in User's Guide for Oracle Business Intelligence Enterprise Edition Providing Custom Links in Presentation Services in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Home and Header |
Access Catalog UI |
Allows users to access the catalog from the global header. |
BI Consumer |
What Is the Oracle BI EE Global Header? in User's Guide for Oracle Business Intelligence Enterprise Edition Providing Custom Links in Presentation Services in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Home and Header |
Access Catalog Search UI |
Allows users to access the search fields from the global header. |
BI Consumer |
What Is the Oracle BI EE Global Header? in User's Guide for Oracle Business Intelligence Enterprise Edition How Can I Search for Objects? in User's Guide for Oracle Business Intelligence Enterprise Edition Providing Custom Links in Presentation Services in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Home and Header |
Simple Search Field |
Allows users to access the Search field in the global header. |
BI Consumer |
What Is the Oracle BI EE Global Header? in User's Guide for Oracle Business Intelligence Enterprise Edition How Can I Search for Objects? in User's Guide for Oracle Business Intelligence Enterprise Edition Providing Custom Links in Presentation Services in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Home and Header |
Advanced Search Link |
Allows users to access the Advanced link in the global header. |
BI Consumer |
What Is the Oracle BI EE Global Header? in User's Guide for Oracle Business Intelligence Enterprise Edition How Can I Search for Objects? in User's Guide for Oracle Business Intelligence Enterprise Edition Providing Custom Links in Presentation Services in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Home and Header |
Open Menu |
Allows users to access the Open menu from the global header. |
BI Consumer |
What Is the Oracle BI EE Global Header? in User's Guide for Oracle Business Intelligence Enterprise Edition Providing Custom Links in Presentation Services in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Home and Header |
New Menu |
Allows users to access the New menu from the global header. |
BI Consumer |
What Is the Oracle BI EE Global Header? in User's Guide for Oracle Business Intelligence Enterprise Edition Providing Custom Links in Presentation Services in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Home and Header |
Help Menu |
Allows users to access the Help menu from the global header. |
BI Consumer |
What Is the Oracle BI EE Global Header? in User's Guide for Oracle Business Intelligence Enterprise Edition Providing Custom Links in Presentation Services in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Home and Header |
Dashboards Menu |
Allows users to access the Dashboards menu from the global header. |
BI Consumer |
What Is the Oracle BI EE Global Header? in User's Guide for Oracle Business Intelligence Enterprise Edition Opening and Using Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Providing Custom Links in Presentation Services in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition Making Advanced Configuration Changes for Presentation Services in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Home and Header |
Favorites Menu |
Allows users to access the Favorites menu from the global header. |
BI Consumer |
What Is the Oracle BI EE Global Header? in User's Guide for Oracle Business Intelligence Enterprise Edition What Are Favorites? in User's Guide for Oracle Business Intelligence Enterprise Edition Providing Custom Links in Presentation Services in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition Making Advanced Configuration Changes for Presentation Services in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Home and Header |
My Account Link |
Allows users to access the My Account link when they click on their Signed In As name in the global header. |
BI Consumer |
What Is the Oracle BI EE Global Header? in User's Guide for Oracle Business Intelligence Enterprise Edition Providing Custom Links in Presentation Services in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Home and Header |
Custom Links |
Allows users to access the custom links that the administrator added to the global header. |
BI Consumer |
What Is the Oracle BI EE Global Header? in User's Guide for Oracle Business Intelligence Enterprise Edition Providing Custom Links in Presentation Services in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
My Account |
Access to My Account |
Allows users to access the My Account dialog. |
BI Consumer |
What Is the Oracle BI EE Global Header? in User's Guide for Oracle Business Intelligence Enterprise Edition About Acting for Other Users in User's Guide for Oracle Business Intelligence Enterprise Edition Providing Custom Links in Presentation Services in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
My Account |
Change Preferences |
Allows users to access the Preferences tab of the My Account dialog. |
BI Consumer |
What Is the Oracle BI EE Global Header? in User's Guide for Oracle Business Intelligence Enterprise Edition Setting Preferences in User's Guide for Oracle Business Intelligence Enterprise Edition Providing Custom Links in Presentation Services in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
My Account |
Change Delivery Options |
Allows users to access the Delivery Options tab of the My Account dialog. |
BI Consumer |
What Is the Oracle BI EE Global Header? in User's Guide for Oracle Business Intelligence Enterprise Edition What Are Devices and Delivery Profiles? in User's Guide for Oracle Business Intelligence Enterprise Edition Setting Preferences in User's Guide for Oracle Business Intelligence Enterprise Edition Providing Custom Links in Presentation Services in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Answers |
Create Views |
Allows users to create views. |
BI Content Author |
What Are Views? in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring for Displaying and Processing Data in Views in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Answers |
Create Prompts |
Allows users to create prompts. |
BI Content Author |
Prompting in Dashboards and Analyses in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring for Prompts in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Answers |
Access Advanced Tab |
Allows users to access the Advanced tab in the Analysis editor. |
BI Content Author |
What Is the Analysis Editor? in User's Guide for Oracle Business Intelligence Enterprise Edition Examining the Logical SQL Statements for Analyses in User's Guide for Oracle Business Intelligence Enterprise Edition Logical SQL Reference in User's Guide for Oracle Business Intelligence Enterprise Edition |
Answers |
Edit Column Formulas |
Allows users to edit column formulas. |
BI Content Author |
What Is the Analysis Editor? in User's Guide for Oracle Business Intelligence Enterprise Edition Examining the Logical SQL Statements for Analyses in User's Guide for Oracle Business Intelligence Enterprise Edition Logical SQL Reference in User's Guide for Oracle Business Intelligence Enterprise Edition |
Answers |
Save Content with HTML Markup |
Allows HTML markup in analyses and dashboards, and allows users to save mission and vision statements in Oracle Scorecard and Strategy Management. |
BI Service Administrator |
The Save Content with HTML Markup privilege requires setting the EnableSavingContentWithHTML element to True in instanceconfig.xml. See EnableSavingContentWithHTML and Making Advanced Configuration Changes for Presentation Services. Working with HTML Markup in User's Guide for Oracle Business Intelligence Enterprise Edition |
Answers |
Enter XML and Logical SQL |
Allows users to use the Advanced SQL tab. |
BI Content Author |
What Is the Analysis Editor? in User's Guide for Oracle Business Intelligence Enterprise Edition Examining the Logical SQL Statements for Analyses in User's Guide for Oracle Business Intelligence Enterprise Edition Logical SQL Reference in User's Guide for Oracle Business Intelligence Enterprise Edition |
Answers |
Edit Direct Database Analysis |
Allows users to create and edit requests that are sent directly to the back-end data source. |
BI Service Administrator |
Working with Direct Database Requests in User's Guide for Oracle Business Intelligence Enterprise Edition Setting Privileges for Direct Requests in User's Guide for Oracle Business Intelligence Enterprise Edition |
Answers |
Create Analysis from Simple SQL |
Allows users to select the Create Analysis from Simple SQL option in the Select Subject Area list. |
BI Service Administrator |
Examining the Logical SQL Statements for Analyses in User's Guide for Oracle Business Intelligence Enterprise Edition Logical SQL Reference in User's Guide for Oracle Business Intelligence Enterprise Edition |
Answers |
Create Advanced Filters and Set Operations |
Allows users access to the following components: Combine results based on union, intersection, and difference operations button on the Criteria tab in the Analysis editor. This option allows users to combine columns from one or more subject areas using Set operations such as Union or Intersect. is based on the results of another analysis option in the New Filter dialog. This option allows users to use a saved analysis as a filter. Convert this filter to SQL option in the New Filter dialog. This option allows users to create and edit the SQL statements for a column filter in an analysis. |
BI Content Author |
Combining Columns Using Set Operations in User's Guide for Oracle Business Intelligence Enterprise Edition Using a Saved Analysis as a Filter in User's Guide for Oracle Business Intelligence Enterprise Edition Creating and Editing the SQL Statements for a Column Filter in an Analysis in User's Guide for Oracle Business Intelligence Enterprise Edition |
Answers |
Save Filters |
Allows users to save filters. |
Saving Filters as Inline or Named in User's Guide for Oracle Business Intelligence Enterprise Edition |
|
Answers |
Save Column |
Allows users to save columns to the catalog for reuse in other analyses. |
BI Content Author |
Saving Columns to the Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition |
Answers |
Add EVALUATE_PREDICATE Function |
Allows users to add the |
BI Content Author |
Working with the EVALUATE_PREDICATE Function in User's Guide for Oracle Business Intelligence Enterprise Edition |
Answers |
Execute Direct Database Analysis |
Allows users to issue requests directly to the back-end data source. |
BI Service Administrator |
Working with Direct Database Requests in User's Guide for Oracle Business Intelligence Enterprise Edition |
Answers |
Upload Images |
This privilege enables you to upload custom images using the UI wherever an image is selected. |
BI Content Author |
NA |
Delivers |
Create Agents |
Allows users to create agents. |
BI Content Author |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition Creating Agents in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Agents in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Delivers |
Publish Agents for Subscription |
Allows users to publish agents for subscription. |
BI Content Author |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition About Controlling Access to Agents in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Agents in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Delivers |
Deliver Agents to Specific or Dynamically Determined Users |
Allows users to deliver agents to other users. |
BI Service Administrator |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition About Controlling Access to Agents in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Agents in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Delivers |
Chain Agents |
Allows users to chain agents. |
BI Content Author |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition About Controlling Access to Agents in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Agents in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Delivers |
Modify Current Subscriptions for Agents |
Allows users to modify the current subscriptions for agents, including unsubscribing users. |
BI Service Administrator |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition About Controlling Access to Agents in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Agents in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Proxy |
Act As Proxy |
Allows users to act as proxy users for other users. |
Denied: BI Consumer |
Acting for Other Users in User's Guide for Oracle Business Intelligence Enterprise Edition |
RSS Feeds |
Access to RSS Feeds |
Allows users to subscribe to and receive RSS feeds with alerts and contents of folders. If Presentation Services uses the HTTPS protocol, then the RSS Reader that you use must also support the HTTPS protocol. |
BI Content Author |
Subscribing to an RSS Feed for Alerts in User's Guide for Oracle Business Intelligence Enterprise Edition |
Scorecard |
Create/Edit Scorecards |
Allows users to create and edit scorecards. |
BI Content Author |
How Do I Create a Scorecard? in User's Guide for Oracle Business Intelligence Enterprise Edition About Scorecard Privileges and Permissions in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring the Repository for Oracle Scorecard and Strategy Management in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition Identifying Privileges for KPIs, KPI Watchlists, and Scorecarding |
Scorecard |
View Scorecards |
Allows users to view scorecards. A user needs either this privilege or the Scorecard - Create/Edit Scorecards privilege to access the KPI watchlist editor to either view or edit KPI watchlists. |
BI Consumer |
How Do I Create a Scorecard? in User's Guide for Oracle Business Intelligence Enterprise Edition About Scorecard Privileges and Permissions in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring the Repository for Oracle Scorecard and Strategy Management in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition Identifying Privileges for KPIs, KPI Watchlists, and Scorecarding |
Scorecard |
Create/Edit Objectives |
Allows users to create and edit objectives. |
BI Content Author |
Creating Objectives in User's Guide for Oracle Business Intelligence Enterprise Edition About Scorecard Privileges and Permissions in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring the Repository for Oracle Scorecard and Strategy Management in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition Identifying Privileges for KPIs, KPI Watchlists, and Scorecarding |
Scorecard |
Create/Edit Initiatives |
Allows users to create and edit initiatives. |
BI Content Author |
Creating Initiatives in User's Guide for Oracle Business Intelligence Enterprise Edition About Scorecard Privileges and Permissions in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring the Repository for Oracle Scorecard and Strategy Management in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition Identifying Privileges for KPIs, KPI Watchlists, and Scorecarding |
Scorecard |
Create Views |
Allows users to create and edit scorecard objects that present and analyze corporate strategy, such as vision and mission statements, strategy maps, cause & effect maps, and so on. |
BI Content Author |
What Are Scorecard Objects? in User's Guide for Oracle Business Intelligence Enterprise Edition About Scorecard Privileges and Permissions in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring the Repository for Oracle Scorecard and Strategy Management in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition Identifying Privileges for KPIs, KPI Watchlists, and Scorecarding |
Scorecard |
Create/Edit Causes and Effects Linkages |
Allows users to create and edit cause and effect relationships. |
BI Content Author |
What Are Cause and Effect Maps? in User's Guide for Oracle Business Intelligence Enterprise Edition About Scorecard Privileges and Permissions in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring the Repository for Oracle Scorecard and Strategy Management in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition Identifying Privileges for KPIs, KPI Watchlists, and Scorecarding |
Scorecard |
Create/Edit Perspectives |
Allows users to create and edit perspectives. |
BI Service Administrator |
Creating Custom Perspectives in User's Guide for Oracle Business Intelligence Enterprise Edition About Scorecard Privileges and Permissions in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring the Repository for Oracle Scorecard and Strategy Management in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition Identifying Privileges for KPIs, KPI Watchlists, and Scorecarding |
Scorecard |
Add Annotations |
Allows users to add comments to KPIs and scorecard components. |
BI Consumer |
Configuring the Repository for Comments and Status Overrides in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition Identifying Privileges for KPIs, KPI Watchlists, and Scorecarding |
Scorecard |
Override Status |
Allows users to override statuses of KPIs and scorecard components. |
BI Consumer |
Configuring the Repository for Comments and Status Overrides in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition Identifying Privileges for KPIs, KPI Watchlists, and Scorecarding |
Scorecard |
Create/Edit KPIs |
Allows users to create and edit KPIs and KPI watchlists. |
BI Content Author |
What Are Key Performance Indicators (KPIs)? in User's Guide for Oracle Business Intelligence Enterprise Edition Understanding Watchlists in User's Guide for Oracle Business Intelligence Enterprise Edition About Scorecard Privileges and Permissions in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring the Repository for Oracle Scorecard and Strategy Management in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition Identifying Privileges for KPIs, KPI Watchlists, and Scorecarding |
Scorecard |
Write Back to Database for KPI |
Allows users to enter and submit a KPI's actual and target settings values to the repository. |
BI Consumer |
What Are Target Settings? in User's Guide for Oracle Business Intelligence Enterprise Edition About Scorecard Privileges and Permissions in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring the Repository for Oracle Scorecard and Strategy Management in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition Identifying Privileges for KPIs, KPI Watchlists, and Scorecarding Configuring for Write Back in Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Scorecard |
Add Scorecard Views to Dashboards |
Allows users to add scorecard views such as strategy trees and KPI watchlists to dashboards. |
BI Consumer |
Adding Scorecard Objects to Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition About Scorecard Privileges and Permissions in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring the Repository for Oracle Scorecard and Strategy Management in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition Identifying Privileges for KPIs, KPI Watchlists, and Scorecarding |
List Formats |
Create List Formats |
Allows users to create list formats in Oracle's Siebel Marketing. |
BI Content Author |
Oracle Marketing Segmentation Guide |
List Formats |
Create Headers and Footers |
Allows users to create headers and footers for list formats in Oracle's Siebel Marketing. |
BI Content Author |
Oracle Marketing Segmentation Guide Specifying Dashboard Page Defaults Including Headers and Footers in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
List Formats |
Access Options Tab |
Allows users to access the Options tab for list formats in Oracle's Siebel Marketing. |
BI Content Author |
Oracle Marketing Segmentation Guide |
List Formats |
Add/Remove List Format Columns |
Allows users to add and remove columns for list formats in Oracle's Siebel Marketing. |
BI Service Administrator |
Oracle Marketing Segmentation Guide |
Segmentation |
Create Segments |
Allows users to create segments in Oracle's Siebel Marketing. |
BI Content Author |
Oracle Marketing Segmentation Guide |
Segmentation |
Create Segment Trees |
Allows users to create segment trees in Oracle's Siebel Marketing. |
BI Content Author |
Oracle Marketing Segmentation Guide |
Segmentation |
Create/Purge Saved Result Sets |
Allows users to create and purge saved result sets in Oracle's Siebel Marketing. |
BI Service Administrator |
Oracle Marketing Segmentation Guide |
Segmentation |
Access Segment Advanced Options Tab |
Allows users to access the Segment Advanced Options tab in Oracle's Siebel Marketing. |
BI Service Administrator |
Oracle Marketing Segmentation Guide |
Segmentation |
Access Segment Tree Advanced Options Tab |
Allows users to access the Segment Tree Advanced Options tab in Oracle's Siebel Marketing. |
BI Service Administrator |
Oracle Marketing Segmentation Guide |
Segmentation |
Change Target Levels within Segment Designer |
Allows users to change target levels within the Segment Designer in Oracle's Siebel Marketing. |
BI Service Administrator |
Oracle Marketing Segmentation Guide |
Mobile |
Enable Local Content |
Allows users of Oracle Business Intelligence Mobile to save local copies of BI content to their mobile devices. |
BI Consumer |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition Getting Started with Oracle BI Mobile in Oracle Fusion Middleware User's Guide for Oracle Business Intelligence Mobile for Apple iOS |
Mobile |
Enable Search |
Allows users of Oracle Business Intelligence Mobile to search the catalog. |
BI Consumer |
Managing Objects in the Oracle BI Presentation Catalog in User's Guide for Oracle Business Intelligence Enterprise Edition How Can I Search for Objects? in User's Guide for Oracle Business Intelligence Enterprise Edition Performing Searches in Oracle Fusion Middleware User's Guide for Oracle Business Intelligence Mobile for Apple iOS Configuring for Searching with Oracle Secure Enterprise Search in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
SOAP |
Access SOAP |
Allows users to access various web services. |
BI Consumer, BI System |
Introduction to Oracle Business Intelligence Web Services in Integrator's Guide for Oracle Business Intelligence Enterprise Edition AccessControlToken Structure in Integrator's Guide for Oracle Business Intelligence Enterprise Edition |
SOAP |
Impersonate as System User |
Allows users to impersonate a system user using a web service. |
BI System |
Introduction to Oracle Business Intelligence Web Services in Integrator's Guide for Oracle Business Intelligence Enterprise Edition impersonate() Method in Integrator's Guide for Oracle Business Intelligence Enterprise Edition |
SOAP |
Access MetadataService Service |
Allows users to access the MetadataService web service. |
BI Consumer, BI System |
Introduction to Oracle Business Intelligence Web Services in Integrator's Guide for Oracle Business Intelligence Enterprise Edition MetadataService Service in Integrator's Guide for Oracle Business Intelligence Enterprise Edition |
SOAP |
Access ReportEditingService Service |
Allows users to access the ReportEditingService web service. |
BI Consumer, BI System |
Introduction to Oracle Business Intelligence Web Services in Integrator's Guide for Oracle Business Intelligence Enterprise Edition ReportEditingService Service in Integrator's Guide for Oracle Business Intelligence Enterprise Edition |
SOAP |
Access ConditionEvaluationService Service |
Allows users to access the ConditionEvaluationService web service. |
BI Consumer, BI System |
Introduction to Oracle Business Intelligence Web Services in Integrator's Guide for Oracle Business Intelligence Enterprise Edition ConditionService Service in Integrator's Guide for Oracle Business Intelligence Enterprise Edition |
SOAP |
Access CatalogIndexingService Service |
Allows users to access the CatalogIndexingService web service to index the Oracle BI Presentation Catalog for use with full-text search. |
BI System |
Introduction to Oracle Business Intelligence Web Services in Integrator's Guide for Oracle Business Intelligence Enterprise Edition Common Steps for Configuring Full-Text Search in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
SOAP |
Access DashboardService Service |
Allows users to access the DashboardService web service. |
BI Consumer, BI System |
Introduction to Oracle Business Intelligence Web Services in Integrator's Guide for Oracle Business Intelligence Enterprise Edition |
SOAP |
Access SecurityService Service |
Allows users to access the SecurityService web service. |
BI Consumer, BI System |
Introduction to Oracle Business Intelligence Web Services in Integrator's Guide for Oracle Business Intelligence Enterprise Edition SecurityService Service in Integrator's Guide for Oracle Business Intelligence Enterprise Edition |
SOAP |
Access SchedulerService Service |
Allows users to access the SchedulerService web service. |
BI Consumer, BI System |
Introduction to Oracle Business Intelligence Web Services in Integrator's Guide for Oracle Business Intelligence Enterprise Edition SchedulerService Service in Integrator's Guide for Oracle Business Intelligence Enterprise Edition |
SOAP |
Access Tenant Information |
Internal only. |
BI System |
Multitenancy Section Parameters in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
SOAP |
Access ScorecardMetadataService Service |
Allows users to access the ScorecardMetadataService web service. |
BI Consumer, BI System |
Introduction to Oracle Business Intelligence Web Services in Integrator's Guide for Oracle Business Intelligence Enterprise Edition ScorecardMetadataService Service in Integrator's Guide for Oracle Business Intelligence Enterprise Edition |
SOAP |
Access ScorecardAssessmentService Service |
Allows users to access the ScorecardAssessmentService web service. |
BI Consumer, BI System |
Introduction to Oracle Business Intelligence Web Services in Integrator's Guide for Oracle Business Intelligence Enterprise Edition ScorecardAssessmentService Service in Integrator's Guide for Oracle Business Intelligence Enterprise Edition |
SOAP |
Access HtmlViewService Service |
Allows users to access the HtmlViewServiceService web service. |
BI Consumer, BI System |
Introduction to Oracle Business Intelligence Web Services in Integrator's Guide for Oracle Business Intelligence Enterprise Edition HtmlViewService Service in Integrator's Guide for Oracle Business Intelligence Enterprise Edition |
SOAP |
Access CatalogService Service |
Allows users to access the CatalogService web service. |
BI Consumer, BI System |
Oracle Fusion Middleware Java API Reference for Oracle Identity Manager |
SOAP |
Access iBotService Service |
Allows users to access the iBotService web service. |
BI Consumer, BI System |
Introduction to Oracle Business Intelligence Web Services in Integrator's Guide for Oracle Business Intelligence Enterprise Edition iBotService Service in Integrator's Guide for Oracle Business Intelligence Enterprise Edition |
SOAP |
Access XmlGenerationService Service |
Allows users to access the XmlGenerationService web service. |
BI Consumer, BI System |
Introduction to Oracle Business Intelligence Web Services in Integrator's Guide for Oracle Business Intelligence Enterprise Edition XMLQueryExecutionOptions Structure in Integrator's Guide for Oracle Business Intelligence Enterprise Edition |
SOAP |
Access JobManagementService Service |
Allows users to access the JobManagementService web service. |
BI Consumer, BI System |
Introduction to Oracle Business Intelligence Web Services in Integrator's Guide for Oracle Business Intelligence Enterprise Edition JobManagementService Service in Integrator's Guide for Oracle Business Intelligence Enterprise Edition |
SOAP |
Access KPIAssessmentService Service |
Allows users to access the KPIAssessmentService web service. |
BI Consumer, BI System |
Introduction to Oracle Business Intelligence Web Services in Integrator's Guide for Oracle Business Intelligence Enterprise Edition KPIAssessmentService Service in Integrator's Guide for Oracle Business Intelligence Enterprise Edition |
SOAP |
Access UserPersonalizationService Service |
The Oracle BI User Personalization web service is an application programming interface (API) that implements various APIs to manage user specific favorites and recent items. |
BI Service Administrator |
Introduction to Oracle Business Intelligence Web Services in Integrator's Guide for Oracle Business Intelligence Enterprise Edition |
Subject Area (by its name) |
Access within Oracle Business Intelligence |
Allows users to access the specified subject area within the Oracle Business Intelligence editor. |
BI Content Author |
Viewing Metadata Information from the Subject Areas Pane in User's Guide for Oracle Business Intelligence Enterprise Edition Setting Permissions for Presentation Layer Objects in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition Providing Access to Metadata Dictionary Information in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit AnalyzerView |
Allows users to access the Analyzer view. |
BI Service Administrator |
|
Views |
Add/Edit Canvas View |
Allows users to create and edit canvas views. |
BI Content Author |
What Types of Views are Available in User's Guide for Oracle Business Intelligence Enterprise Edition. |
Views |
Add/Edit Column SelectorView |
Allows users to create and edit column selector views. |
BI Content Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit Compound LayoutView |
Allows users to create and edit compound layout views. |
BI Content Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit GraphView |
Allows users to create and edit graph views. |
BI Service Administrator |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit FunnelView |
Allows users to create and edit funnel graph views. |
BI Content Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit GaugeView |
Allows users to create and edit gauge views. |
BI Content Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit Micro Chart View |
Allows users to create and edit microcharts. |
BI Content Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit FiltersView |
Allows users to create and edit filter views. |
BI Content Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit Dashboard PromptView |
Allows users to create and edit dashboard prompt views. |
BI Content Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit Performance TileView |
Allows users to create and edit performance tile views. |
BI Content Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit Heat Matrix View |
Allows users to create and edit heat matrix views. |
BI Content Author |
Editing Heat Matrix Views in User's Guide for Oracle Business Intelligence Enterprise Edition. |
Views |
Add/Edit Static TextView |
Allows users to create and edit static text views. |
BI Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit Legend View |
Allows users to create and edit legend views. |
BI Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit MapView |
Allows users to create and edit map views. |
BI Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit NarrativeView |
Allows users to create and edit narrative views. |
BI Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit No ResultsView |
Allows users to create and edit no result views. |
BI Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit Pivot TableView |
Allows users to create and edit pivot table views. |
BI Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Using Fusion Middleware Control to Set Configuration Options for Data in Tables and Pivot Tables in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit Generic Plugin View View |
Allows users to create and edit generic plugin view views. |
BI Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit Report Prompt View |
Allows users to create and edit prompt views. |
BI Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit Create SegmentView |
Allows users to create and edit segment views. |
BI Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit Selection StepsView |
Allows users to create and edit selection steps views. |
BI Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit Logical SQLView |
Allows users to create and edit logical SQL views. |
BI Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition What Types of Logical SQL Views Are Available? in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit TableView |
Allows users to create and edit table views. |
BI Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Using Fusion Middleware Control to Set Configuration Options for Data in Tables and Pivot Tables in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit Create Target ListView |
Allows users to create and edit target list views. |
BI Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit TickerView |
Allows users to create and edit ticker views. |
BI Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit TitleView |
Allows users to create and edit title views. |
BI Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit TrellisView |
Allows users to create and edit trellis views. |
BI Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit View SelectorView |
Allows users to create and edit view selector views. |
BI Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Views |
Add/Edit TreemapView |
Allows users to create and edit treemap views. |
BI Author |
Adding Views for Display in Dashboards in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring and Managing Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Write Back |
Write Back to Database |
Grants the right to write data into the data source. |
Denied: BI Consumer |
Modifying Values and Performing Write Back in User's Guide for Oracle Business Intelligence Enterprise Edition About Handling Errors for Write Back in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring for Write Back in Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
Write Back |
Manage Write Back |
Grants the right to manage write back requests. |
BI Service Administrator |
Modifying Values and Performing Write Back in User's Guide for Oracle Business Intelligence Enterprise Edition About Handling Errors for Write Back in User's Guide for Oracle Business Intelligence Enterprise Edition Configuring for Write Back in Analyses and Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition |
You must set the Action privileges that determine whether the Actions functionality is available to users, and specify which user types can create Actions.
The following list describes these privileges:
Create Navigate Actions
The Create Navigate Actions privilege indicates whether the user can create a Navigate action type. Users who are denied this privilege do not have the user interface components that allow the creation of Navigate Actions. Users without the Create Navigate Actions privilege can add saved actions to analyses and dashboards, and execute an action from an analysis or dashboard that contains an action.
Create Invoke Actions
The Create Invoke Actions privilege indicates whether the user can create an Invoke action type. The Invoke Actions options include Invoke a Web Service, and Invoke an HTTP Request. However, users who are denied this privilege can add saved actions to analyses and dashboards. And, users who are denied this privilege can execute an action from an analysis or dashboard that contains an action.
Save Actions Containing Embedded HTML
The Save Actions Containing Embedded HTML privilege indicates whether users can embed HTML code in customized web service action results. You should use extreme care in assigning the Save Actions Containing Embedded HTML privilege, because users with this privilege can pose a security risk allowin users to run HTML code.
If your users have the Access to Oracle BI for Microsoft Office privilege, they can interact with Microsoft Office from Oracle BI EE.
When a user has the Access to Oracle BI for Microsoft Office privilege, the user can download desktop tools from the Get Started area of the Oracle BI EE Home page:
Oracle BI for MS Office: Downloads the installation file for the Oracle BI Add-in for Microsoft Office.
The Access to Oracle BI for Microsoft Office privilege does not affect the display of the Copy link for analyses. The link is always available there.
The location of the installation file to download for Oracle BI for Microsoft Office is specified by default in the BIforOfficeURL
element in the instanceconfig.xml
file. See Integration of Oracle BI EE with Microsoft Office and the Copy option in User's Guide for Oracle Business Intelligence Enterprise Edition.
By default, Presentation Services is secured against cross-site scripting (XSS).
Securing against XSS escapes input in fields in Presentation Services and renders it as plain text. For example, an unscrupulous user can use an HTML field to enter a script that steals data from a page.
By default, end users cannot save content that is flagged as HTML. Only administrators who have the Save Content with HTML Markup privilege can save content that contains HTML code. Users that have the Save Content with HTML Markup privilege can save an image with the fmap prefix. If users try to save an image with the fmap prefix when they do not have this privilege assigned, then they see an error message. See EnableSavingContentWithHTML.
Users with this privilege can also save mission and vision statements in Oracle Scorecard and Strategy Management.
The EnableSavingContentWithHTML element along with the Save Content With HTML Markup and Save Actions Containing Embedded HTML privileges determine whether the Contains HTML Markup option is available in properties dialogs when editing analyses.
In Oracle Business Intelligence releases earlier than 12.2.1.3.0, various properties dialogs included an active Contains HTML Markup option. In Oracle Business Intelligence 12.2.1.3.0, the Contains HTML Markup functionality is disabled by default to reduce exposure to security vulnerabilities.
As the BI Service Administrator, you can use the EnableSavingContentWithHTML element to enable all HTML editing and you can grant the related privileges to users. You set the EnableSavingContentWithHTML element to true in the instanceconfig.xml file, and you grant users the Save Content With HTML Markup and Save Actions Containing Embedded HTML privileges in the Manage Privileges page to enable the Contains HTML Markup option. See Default Presentation Services Privileges Assignments and Making Advanced Configuration Changes for Presentation Services.
For the location of the instanceconfig.xml file, see Configuration Files.
The ability to perform certain tasks when building KPIs, and KPI watchlists, or within Oracle Scorecard and Strategy Management such as, viewing or creating scorecards or contacting owners generally requires a combination of privileges. The tables below list the following information for KPIs, KPI watchlists, and Oracle Scorecard and Strategy Management, respectively:
Task Object, for example, Action link or KPI chart
Task, for example, Contact owner from a dashboard or Follow a link in the Scorecard editor
Privileges required to perform the task, for example, Delivers - Create Agents, or Access - Access to Dashboards. You must have each privilege listed to perform the specific task.
The privileges required to perform these tasks have been grouped into sets where applicable, and the set name has been included, rather than the individual privileges, along with any additional required privileges. The set names and privileges included within each set are:
See Scorecard Documents, Strategy pane, and Initiatives pane in User's Guide for Oracle Business Intelligence Enterprise Edition.
Edit_scorecard_set1
Privileges include:
Access - Access to Scorecard
Scorecard - Create/Edit Scorecards
View_or_edit_scorecard_set2
Privileges include:
Access - Access to Scorecard
Scorecard - Create/Edit Scorecards or Scorecard - View Scorecards
View_KPI_watchlist_on_dashboard_set3
Privileges include:
Access - Access to Dashboards
Access - Access to Scorecard
Edit_KPI_with_KPI_Builder_set4
Privileges include:
Access - Access to KPI Builder
Scorecard - Create/Edit KPIs
Subject Area - <name of subject area>
Edit_KPI_watchlist_with_standalone_KPI_watchlist_editor_set5
Privileges include:
See View_or_edit_scorecard_set2
Access - Access to KPI Builder
Scorecard - Create/Edit KPIs
View_KPI_watchlist_in_standalone_KPI_watchlist_editor_set6
Privileges include:
Access - Access to Scorecard
Scorecard - Create/Edit Scorecards or Scorecard - View Scorecards
The table below lists the combination of privileges that are required for KPI tasks.
Task Object | Task | Privileges Required to Perform the Task |
---|---|---|
Action link |
Create, edit, ordelete on a KPI within the Scorecard editor using the KPI editor1 tab |
|
Action link |
Create, edit, ordelete from within the KPI editor |
|
Agent |
Create an agent for a KPI within the Scorecard editor |
|
Business owner |
Modify within the Scorecard editor using the KPI editor tab |
|
Business owner |
Modify from within the KPI editor |
|
KPI |
Create oredit within the Scorecard editor using the KPI editor tab |
Note that you must have read/write permission on the folder for which you create the KPI, and at least read permission on all ancestor directories. |
KPI |
Create, edit, orview from within the KPI editor Note that there is no read-only mode in the KPI editor. |
Note that you must have read/write permission on the folder for which you create the KPI and at least read permission on all ancestor directories. |
KPI |
Open to see an Answers analysis from the Oracle BI EE Home page, Favorites list, or Catalog browser |
No specific Access, Scorecard, or Subject area privileges are required. |
KPI dimensioned target value (target setting) |
Edit within the KPI watchlist on a dashboard |
|
KPI dimensioned target value (target setting) |
Edit within a scorecard view2 on a dashboard |
|
Related document |
Add, edit, ordelete a related document from within the KPI editor |
|
Related document |
Add, edit, ordelete a related document within the Scorecard editor using the KPI editor tab |
|
The table below lists the combination of privileges that are required for KPI watchlist tasks.
Task Object | Task | Privileges Required to Perform the Task |
---|---|---|
<Device> (for example, email, pager, or digital phone) |
Contact owner from a KPI watchlist on a dashboard |
|
<Device> |
Contact owner from within the standalone KPI watchlist editor3 |
|
Action link |
Invoke from a KPI watchlist on a dashboard |
Note that you must enable pop-ups in your browser. |
Action link |
Invoke from within the standalone KPI watchlist editor |
|
Analyze link |
Follow an analyze link from a KPI watchlist view on a dashboard |
Note that you must enable pop-ups in your browser. |
Analyze link |
Follow an analyze link from within the standalone KPI watchlist editor |
Note that you must enable pop-ups in your browser. |
Annotation |
Add from a KPI watchlist on a dashboard |
|
Annotation |
Add from within the standalone KPI watchlist editor |
|
Annotation |
View from a KPI watchlist on a dashboard |
|
Annotation |
View from within the standalone KPI watchlist editor |
|
Business owner |
Modify the business owner of a KPI watchlist from within the standalone KPI watchlist editor |
|
Business owner |
View the business owner in a KPI watchlist from within the standalone KPI watchlist editor |
|
KPI chart |
View a KPI chart from a KPI watchlist on a dashboard |
|
KPI chart |
View a KPI chart from within the standalone KPI watchlist editor |
|
KPI dimensioned target value (target setting) |
Edit a KPI's dimensioned target value in the KPI watchlist within the Scorecard editor |
|
KPI dimensioned target value (target setting) |
Edit a KPI's dimensioned target value in the KPI watchlist from within the standalone KPI watchlist editor |
|
KPI watchlist |
Add to a dashboard |
|
KPI watchlist |
Create or edit within the Scorecard editor |
|
KPI watchlist |
Create or edit from within the standalone KPI watchlist editor |
You must have read/write permission on the folder under which you create the KPI watchlist and at least read permission on all ancestor directories. |
KPI watchlist |
Open in read-only from within the standalone KPI watchlist editor |
|
KPI watchlist |
View on a dashboard |
|
Related document |
Follow a related document link from within the standalone KPI watchlist editor |
|
Related document |
Add, edit, or delete a related document from within the standalone KPI watchlist editor |
|
The table below lists the combination of privileges that are required for scorecard and scorecard object tasks.
Task Object | Task | Privileges Required to Perform the Task |
---|---|---|
<Device> for example, email, pager, or digital phone |
Contact owner in a scorecard view on a dashboard |
|
<Device> |
Contact owner within the Scorecard editor |
|
Action link |
Invoke in a scorecard view on a dashboard |
Note that you must enable pop-ups in your browser. |
Action link |
Invoke within the Scorecard editor |
|
Action link on an object in the Strategy or Initiatives panes |
Create, edit, ordelete within the Scorecard editor |
|
All scorecard nodes4, views, and documents (excludes KPI editor) |
View in read-only within the Scorecard editor |
|
Analyze link |
Follow an analyze link in a scorecard view on a dashboard |
Note that you must enable pop-ups in your browser. |
Analyze link |
Follow an analyze link within the Scorecard editor |
Note that you must enable pop-ups in your browser. |
Annotation |
Add in a scorecard view on a dashboard |
|
Annotation |
Add in a scorecard view within the Scorecard editor |
|
Annotation |
View in a scorecard view on a dashboard |
|
Annotation |
View within the Scorecard editor |
|
Business owner |
Modify within the Scorecard editor |
|
Business owner |
View within the Scorecard editor |
|
Causal linkage |
Create, edit, ordelete within the Scorecard editor |
|
Dimensioned status override of a scorecard node |
Override a KPI's dimensioned status (or cancel an override) from a scorecard view on a dashboard |
Note that you must also be the KPI's business owner to override the status that is set in the KPI editor. |
Dimensioned status override of a scorecard node |
Override a KPI's dimensioned status (or cancel an override) within the Scorecard editor |
Note that you must also be the KPI's business owner to override the status that is set in the KPI editor. |
Dimensioned status override of a scorecard node |
View a KPI's dimensioned status in a scorecard view on a dashboard |
|
Dimensioned status override of a scorecard node |
View a KPI's dimensioned status in a scorecard view within the Scorecard editor |
|
Filter |
Add a user to the filter in a scorecard smart watchlist within the Scorecard editor |
|
Filter |
Filter on a user in the scorecard smart watchlist on a dashboard |
|
Filter |
Filter on a user in the scorecard smart watchlist within the Scorecard editor |
|
Initiatives node5 |
Create, Edit, or Delete within the Scorecard editor using the Initiatives tab or KPI Details tab |
|
KPI chart |
View in a scorecard view on a dashboard |
|
KPI chart |
View within the Scorecard editor |
|
Mission or vision statement |
Create or Edit within the Scorecard editor |
|
Permissions dialog |
Modify within the Scorecard editor |
|
Perspective |
Create, Edit, or Delete within the Scorecard editor |
|
Related document |
Add, Edit, or Delete for a scorecard node or scorecard view within the Scorecard editor |
|
Related document |
Follow a related document link within the Scorecard editor |
|
Scorecard |
Create |
Note that you must have read/write permission on the scorecard folder and at least read permission on all ancestor directories. |
Scorecard |
Edit using the Scorecard editor |
You must have read/write permission on the scorecard folder and at least read permission on all ancestor directories. |
Scorecard view |
Add to a dashboard |
|
Scorecard view, excludes mission and vision statements and KPI watchlists |
Create, Edit, or Delete within the Scorecard editor |
|
Scorecard view |
View on a dashboard |
|
Settings dialog |
Modify or View settings |
|
Strategy node6 |
Create, Edit, or Delete within the Scorecard editor using the Objective tab or KPI Details tab |
|
The KPI editor is also known as the KPI Builder.
A scorecard view, also known as a scorecard document, is an Oracle BI EE catalog object which meets the following criteria:
Displays in the Scorecard Documents pane within the Scorecard editor.
Is tied to and can only be edited in the specific scorecard where it was created.
Displays the scorecard's strategy and initiative information.
Consists of the following view types:
Cause and effect map
Custom view
Mission statement
Smart watchlist
Strategy map
Strategy tree
Strategy contribution wheel
Vision statement
The standalone KPI watchlist editor is the KPI watchlist editor used outside of the Scorecard editor. In other words, it is not embedded within a Scorecard editor tab.
Scorecard node is an objective or initiative that belongs to the Strategy pane tree or Initiatives pane tree of a scorecard, or a KPI belonging to an initiative or objective within these panes, respectively.
Initiatives node is an initiative or KPI within the Initiatives pane.
Strategy node is an objective or KPI within the Strategy pane.
Using the Session Management page in Presentation Services Administration, you can view information about active users and running analyses, cancel requests, and clear the cache.
From the Home page in Presentation Services, select Administration.
Click the Manage Sessions link.
The Session Management screen is displayed with the following tables:
The Sessions table, which gives information about sessions that have been created for users who have logged in:
The Cursor Cache table, which shows the status of analyses:
To cancel all running requests:
Click Cancel Running Requests.
Click Finished.
Cancel one running analysis as shown below.
In the Cursor Cache table, identify the analysis and click the Cancel link in the Action column.
The user receives a message indicating that the analysis was canceled by an administrator.
Use these steps to clear the web cache.
Clear the cache entry associated with an analysis as described below.
In the Cursor Cache table, identify the analysis and click the Close link in the Action column.
View the query file for information about an analysis as described below.
In the Cursor Cache table, identify the analysis and click the View Log link.
Note:
Query logging must be turned on for data to be saved in this log file.
Oracle BI Presentation Services privileges and Oracle BI Presentation Services Catalog item permissions, use an Access Control List (ACL) to control who has privilege to access Presentation Services functionality and what permissions any given user can have on Presentation Services Catalog items. Privileges are set using the Administration pages in Oracle BI Presentation Services. Permissions are set for Presentation Services Catalog objects through the Analytics user interface, or the Catalog Manager user interface.
When you try to access functionality in Presentation Services, the appropriate privilege is checked; for example, to view the Oracle Business Intelligence page you must have the Access to Answers privilege. Also, when you try to perform any action on a Presentation Services Catalog item, that item's permissions are checked; for example, to view an item in Oracle Business Intelligence, the item's permissions are checked to see if you have read access.
There are 3 types of records that may be added to an ACL:
Individual user records
It is difficult to administer individual user records especially when there might be thousands of users, and hundreds of thousands of Catalog items.
10g Catalog group records
Catalog groups exist purely for backwards compatibility, and are not recommended. They should not be used, instead you should change to using application roles.
11g application roles records
These are the recommended way of managing ACLs.
Oracle Business Intelligence determines user access by sequentially checking 3 types of records. A user's effective privileges or permissions are deduced using the ACL records, looking for an explicit record for the user (if there is one); then looking for any records with the Catalog groups, of which the user is directly and indirectly a member; and then looking for any records with application roles granted to the user either explicitly or implicitly.
This section contains the following topics:
The following tasks describe the sequential checks completed to determine a user's effective privileges and permissions.
Note:
Step 1 takes precedence over Step 2, which takes precedence over Step 3, which takes precedence over Step 4, which takes precedence over Step 5.
Note:
Within an individual step, a privilege access control (ACL) record that is Denied always takes precedence over any other grants. Within an individual step, a permission ACL record that has No Access always takes precedence over any access grant.
The privilege Denied is the same as the permission No Access. The term deny is used interchangeably for both privileges and permissions.
The following sequence represents the checks completed for a user record.
The following sequence represents the checks completed for a user's Catalog groups.
The following sequence represents the checks completed for a user's application roles.
The following sequence represents the checks completed for a specific application role called Authenticated User.
Note:
The Authenticated User application role is deliberately not included in the list of application roles for a user in Task 3 - Check records for this user's application roles, even though that user does technically have this application role.
The diagram shows an example of how privileges are determined with application roles.
At the top of the diagram is a rectangle labelled User1, which specifies that User1 has been explicitly given the application roles Executive and BI Author. Attached beneath the User1 rectangle are two more rectangles - one on the left that represents the Executive role and one on the right that represents the BI Author role.
The Executive role rectangle specifies that Executive is granted the Access to Administration privilege, and that the application roles Finance and Sales have in turn been given to Executive.
The BI Author role rectangle specifies that BI Author is granted the Catalog privilege, is Denied the Agents privilege, and that the application role BI Consumer has in turn been given to BI Author.
Attached beneath the Executive Role rectangle are two more rectangles - one on the left that represents the Finance role and one on the right that represents the Sales role:
The Finance Role rectangle specifies that the Finance role is granted the Scorecard privilege.
The Sales Role rectangle specifies that Sales is Denied the Access to Administration privilege and granted the Access to Answers privilege.
And finally, attached beneath the BI Author Role rectangle is a rectangle that represents the BI Consumer role:
The BI Consumer Role rectangle specifies that BI Consumer is granted the Catalog privilege and is granted the Agents privilege.
In this example:
User1 explicitly has the Executive role, and thus implicitly has Finance role and also Sales role.
User1 also explicitly has the BI Author role, and thus also implicitly has BI Consumer role.
So User1's flattened list of application roles is Executive, BI Author, Finance, Sales and BI Consumer.
The effective privileges from Executive Role are Denied Administration privilege, granted Scorecard privilege, and granted Answers privilege. The Sales' Denied Administration privilege takes precedence over Executive's granted privilege, as Deny always takes precedence.
The effective privileges from the BI Author role are granted Catalog privilege, and Denied Agents privilege. The BI Author's Denied Agents privilege takes precedence over BI Consumer's granted, as deny always takes precedence.
The total privileges granted to User1 are as follows:
Denied Administration privilege, because the privilege is specifically denied for Sales.
Granted Scorecard privilege.
Granted Answers privilege.
Granted Catalog privilege.
Denied Agents privilege, because the privilege is specifically denied for BI Author.
The diagram below shows an example of how permissions are determined with application roles.
At the top of the diagram is a rectangle labelled User1, which specifies that User1 has been explicitly given the application roles Executive and BI Author. Attached beneath the User1 rectangle are two more rectangles - one on the left that represents Executive Role and one on the right that represents BI Author Role.
The Executive Role rectangle specifies that Executive has no access to DashboardA, and that the application roles Finance and Sales have in turn been given to Executive.
The BI Author Role rectangle specifies that BI Author role has open access to DashboardD, has no access to DashboardE, and that the BI Consumer role has in turn been given to BI Author.
Attached beneath the Executive Role rectangle are two more rectangles, one on the left that represents Finance role and one on the right that represents Sales role:
The Finance Role rectangle specifies that Finance role has open access to DashboardB.
The Sales Role rectangle specifies that Sales role has no access to DashboardA and full control of DashboardC.
And finally, attached beneath the BI Author Role rectangle is a rectangle that represents BI Consumer role:
The BI Consumer Role rectangle specifies that BI Consumer role has modify access to DashboardD and open access to DashboardE.
In this example:
User1 explicitly has Executive role, and thus implicitly has Finance role and also Sales role.
User1 also explicitly has BI Author role, and thus also implicitly has BI Consumer role.
So User1's flattened list of application roles is Executive, BI Author, Finance, Sales and BI Consumer.
The effective permissions from Executive role are no access to DashboardA, open access to DashboardB, and full control for DashboardC. The Sales role's No Access to DashboardA takes precedence over Executive role's Open, as Deny always takes precedence.
The effective privileges from BI Author role are Open&Modify access to DashboardD, and No Access to DashboardE. The BI Author role's No Access to DashboardE takes precedence over BI Consumer role's Open, as Deny always takes precedence.
The total permissions and privileges granted to User1 are as follows:
No Access to DashboardA, because access is specifically denied for Sales role.
Open Access to DashboardB.
Full Control for DashboardC.
Open&Modify access to DashboardD, the union of Role2's and Role5's access.
No Access to DashboardE, because access is specifically denied for BI Author role.
The diagram shows an example of how privileges are determined with Catalog groups.
At the top of the diagram is a rectangle labelled User1, which specifies that User1 is an explicit member of the Catalog groups, Manager Group and Canada Group. Attached beneath the User1 rectangle are two more rectangles - one on the left that represents Manager Group and one on the right that represents Canada Group.
The Manager Group rectangle specifies that Manager Group is granted the Access to Administration privilege, and that the Manager Group is in turn itself a member of both Marketing Group and Sales Group.
The Canada Group rectangle specifies that Canada Group is granted the Catalog privilege, is denied the Agents privilege, and that the Canada Group is in turn itself a member of the Americas Group.
Attached beneath the Manager Group rectangle are two more rectangles - one on the left that represents Marketing Group and one on the right that represents Sales Group:
The Marketing Group rectangle specifies that Marketing Group is granted the Scorecard privilege.
The Sales Group rectangle specifies that Sales Group is denied the Access to Administration privilege and granted the Access to Answers privilege.
And finally, attached beneath the Canada Group rectangle is a rectangle that represents the Americas Group:
The Americas Group rectangle specifies that Americas Group is granted the Catalog privilege and is granted the Agents privilege.
In this example:
User1 is explicitly in the Manager Group, and thus is implicitly in the Marketing Group and Sales Group too.
User1 also is explicitly in the Canada Group, and thus is also implicitly in the Americas Group too.
So User1's initial list of Catalog groups is Manager Group and Canada Group. If required, User1's parent list of Catalog groups is Marketing Group, Sales Group and Americas Group. The grandparent list of Catalog groups is empty, as the Catalog group hierarchy is only two levels deep.
The effective privileges from the Manager Group are granted the Administration privilege, granted Scorecard privilege, and granted the Answers privilege. The explicit Manager Group's record for Administration takes precedence over implicit Sale Group's record, as the more immediate ancestor Catalog group always takes precedence over more distant ancestor Catalog group.
The effective privileges from the Canada group are granted the Catalog privilege, and denied Agents privilege. The explicit Canada Group's records for both Catalog and Agents takes precedence over implicit Americas Group's records, as the more immediate ancestor Catalog group always takes precedence over more distant ancestor Catalog group.
The total privileges granted to User1 are as follows:
Granted Access to Administration privilege, because the Manager Group takes precedence over Sales group.
Granted Scorecard privilege.
Granted Answers privilege.
Granted Catalog privilege, because Canada Group takes precedence over Americas Group.
Denied Agents privilege, because the Canada Group takes precedence over Americas.
The diagram below shows an example of how permissions are determined with removed Catalog groups.
At the top of the diagram is a rectangle labelled User1, which specifies that User1 is an explicit member of Catalog groups Manager Group and Canada Group. Attached beneath the User1 rectangle are two more rectangles - one on the left that represents Manager Group and one on the right that represents Canada Group.
The Manager Group rectangle specifies that Manager Group has open access to DashboardA, and that the Manager Group is in turn itself a member of both Marketing Group and Sales Group.
The Canada Group rectangle specifies that Canada Group has open access to DashboardD, has no access to DashboardE, and that the Canada Group is in turn itself a member of the Americas Group.
Attached beneath the Manager Group rectangle are two more rectangles - one on the left that represents Marketing Group and one on the right that represents Sales Group:
The Marketing Group rectangle specifies that Marketing Group has open access to DashboardB.
The Sales Group rectangle specifies that Sales Group has full control of DashboardC and no access to DashboardA.
And finally, attached beneath the Canada Group rectangle is a rectangle that represents the Americas Group:
The Americas Group rectangle specifies that Americas Group has Modify access to DashboardD and Open access to DashboardE.
In this example:
User1 is explicitly in the Manager Group, and thus is implicitly in the Marketing Group and Sales Group too.
User1 also is explicitly in the Canada Group, and thus is also implicitly in the Americas Group too.
So User1's initial list of Catalog groups is Manager Group and Canada Group. If required, User1's parent list of Catalog groups is Marketing Group, Sales Group and Americas Group. The grandparent list of Catalog groups is empty, as the Catalog group hierarchy is only two levels deep.
The effective permissions from the Manager Group are open access to DashboardA, open access to DashboardB, and full control of DashboardC. Note explicit Manager Group's record for DashboardA takes precedence over implicit Sale Group's record, as the more immediate ancestor Catalog group always takes precedence over more distant ancestor Catalog group.
The effective permissions from the Canada group are open access to DashboardD, and no access to DashboardE. Note explicit Canada Group's records for both DashboardD and DashboardE takes precedence over implicit Americas Group's records, as the more immediate ancestor Catalog group always takes precedence over more distant ancestor Catalog group.
The total privileges granted to User1 are as follows:
Open access to DashboardA, because the Manager group takes precedence over Sales group.
Open access to DashboardB.
Full control of DashboardC.
Open access to DashboardD, because the Canada group takes precedence over Americas group.
No access to DashboardE, because the Canada group takes precedence over Americas group.
This section contains the following topics on providing shared dashboards for users:
Learn about the catalog structure of My Folders and Shared Folders for shared dashboards.
The Oracle BI Presentation Catalog has two main folders:
My Folders contain the personal storage for individual users. Includes a Subject Area Contents folder where you save objects such as calculated items and groups.
Shared Folders contain objects and folders that are shared across users. Dashboards that are shared across users are saved in a Dashboards subfolder under a common subfolder under the /Shared Folders
folder
Note:
If a user is given permission to an analysis in the Oracle BI Presentation Catalog that references a subject area to which the user does not have permission, then the BI Server still prevents the user from executing the analysis.
After setting up the Oracle BI Presentation Catalog structure and setting permissions, you can create shared dashboards and content for use by others.
One advantage to creating shared dashboards is that pages that you create in the shared dashboard are available for reuse. Users can create their own dashboards using the pages from your shared dashboards and any new pages that they create. You can add pages and content as described in User's Guide for Oracle Business Intelligence Enterprise Edition.
If you plan to allow multiple users to modify a shared default dashboard, then consider putting these users into an application role. For example, suppose that you create an application role called Sales and create a default dashboard called SalesHome. Of the 40 users that have been assigned the Sales application role, suppose that there are three who must have the ability to create and modify content for the SalesHome dashboard. Create a SalesAdmin application role, with the same permissions as the primary Sales application role. Add the three users who are allowed to make changes to the SalesHome dashboard and content to this new SalesAdmin application role, and give this role the appropriate permissions in the Oracle BI Presentation Catalog. This allows those three users to create and modify content for the SalesHome dashboard. If a user no longer requires the ability to modify dashboard content, then you can change the user's role assignment to Sales. If an existing Sales role user must have the ability to create dashboard content, then the user's role assignment can be changed to SalesAdmin.
See Managing Dashboards in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition.
Before releasing dashboards and content to the user community, perform some tests.
This section provides an overview of saved customizations and information about administering saved customizations. It contains the following topics:
Saved customizations allow users to save and view dashboard pages in their current state with their most frequently used or favorite choices for items such as filters, prompts, column sorts, drills in analyses, and section expansion and collapse.
By saving customizations, users need not make these choices manually each time that they access the dashboard page.
Users and groups with the appropriate permissions and dashboard access rights can perform the following activities:
Save various combinations of choices as saved customizations, for their personal use or use by others.
Specify a saved customization as the default customization for a dashboard page, for their personal use or use by others.
Switch between their saved customizations.
You can restrict this behavior in the following ways:
Users can view only the saved customizations that are assigned to them.
Users can save customizations for personal use only.
Users can save customizations for personal use and for use by others.
This topic describes the privileges and permissions that are required to administer saved customizations.
In Oracle BI Presentation Services Administration, the following privileges in the Dashboards area, along with permission settings for key dashboard elements, control whether users or groups can save or assign customizations:
Save Customizations
Assign Default Customizations
You can set either privilege, one privilege, or both privileges for a user or group, depending on the level of access desired. For example, a user who has neither privilege can view only the saved customization that is assigned as his or her default customization.
Permissions are required so users can administer Oracle BI Presentation Catalog on shared and personal saved customizations.
The topic describes user roles and specific permission settings that you can grant to users for creating saved customizations.
User Role | Permission and Privilege Settings |
---|---|
Power users such as IT users perform the following tasks:
|
In the Shared section of the catalog, requires Full Control permission to the following folders:
You do not need to assign additional privileges. |
Technical users such as managers perform the following tasks:
Users cannot create or edit underlying dashboards, or assign view customizations to others as default customizations. |
In the Shared section of the catalog, requires
In the Shared section of the catalog, requires
You do not need to assign additional privileges. |
Everyday users that save customizations for personal use only. |
In Oracle BI Presentation Services Administration, requires the following privilege to be set:
In the dashboard page, requires that the following option is set:
In the catalog, you do not need to assign additional privileges. |
Casual users who must view only their assigned default customization. |
In the Shared section of the catalog, the user needs
In the catalog, you do not need to assign additional privileges. |
Depending on the privileges set and the permissions granted, you can achieve various combinations of user and group rights for creating, assigning, and using saved customizations.
For example, suppose a group of power users cannot change dashboards in a production environment, but they are allowed to create saved customizations and assign them to other users as default customizations. The following permission settings for the group are required:
Open access to the dashboard, using the Catalog page.
Modify access to the _selections
and _defaults
subfolders within the dashboard folder in the Oracle BI Presentation Catalog, which you assign using the Dashboard Properties dialog in the Dashboard Builder. After selecting a page in the list in the dialog, click Specify Who Can Save Shared Customizations and Specify Who Can Assign Default Customizations.
This section contains the following topics on enabling users to act for others:
You can enable one user to act for another user in Oracle BI Presentation Services.
When a user, called the proxy user, acts as target user, the proxy user can access the objects in the catalog for which the target (another) user has permission.
Enabling a user to act for another is useful such as when a manager wants to delegate some of his work to one of his direct reports or when IT support staff wants to troubleshoot problems with another user's objects.
When you enable a user to be a proxy user, you also assign an authority level (called the proxy level). The proxy level determines the privileges and permissions granted to the proxy user when accessing the catalog objects of the target user.
The following list describes the proxy levels:
Restricted
Users have read-only permissions to the objects that the target user can access. Privileges are determined by the proxy user's account, not the target user's account.
For example, suppose a proxy user has not been assigned the Access to Answers privilege, and the target user has. When the proxy user is acting as the target user, the target user cannot access Answers.
Full
Users inherit permissions and privileges from the target user's account.
For example, suppose a proxy user has not been assigned the Access to Answers privilege, and the target user has. When the proxy user is acting as the target user, the target user can access Answers.
When you have enabled a user to act as a proxy user, that user can display the Act As option in the global header of Presentation Services to select the target user to act as, provided the Act As Proxy privilege has been set.
Before a proxy user can act as a target user, the target user must have signed into Presentation Services at least once and accessed a dashboard.
Note:
If another user can impersonate you as proxy user, you can see the users with the permission to proxy (Act As) you. To see these users, log in to Oracle Business Intelligence go to the My Account dialog box and display the extra tab called Delegate Users. This tab displays the users who can connect as you, and the permission they have when they connect as you (Restricted or Full).
To enable users to act for others, perform the following tasks:
You define the association between proxy users and target users in the database by identifying, for each proxy user/target user association, the following:
ID of the proxy user
ID of the target user
Proxy level (either full or restricted)
For example, you might create a table called Proxies in the database that looks like this:
proxyId | targetId | proxyLevel |
---|---|---|
Ronald |
Eduardo |
full |
Timothy |
Tracy |
restricted |
Pavel |
Natalie |
full |
William |
Sonal |
restricted |
Maria |
Imran |
restricted |
After you define the association between proxy users and target users, you must import the schema to the physical layer of the BI Server.
To authenticate proxy users, you must create the two session variables along with their associated initialization blocks. For both variables, modify the sample SQL statement using the database schema.
PROXY
Use the PROXY
variable to store the name of the proxy user.
ProxyBlock
, and include code such as the following:
select targetId from Proxies where UPPER(targetid) = UPPER('VALUEOF(NQ_SESSION.RUNAS)') and UPPER(proxyid) = UPPER(':USER')
PROXYLEVEL
Use PROXYLEVEL
variable to store the proxy level as Restricted or Full. If you do not create the PROXYLEVEL
variable, then the Restricted level is assumed.
Use the initialization block named ProxyLevel and include code such as the following:
select proxyLevel from Proxies where UPPER(targetid) = UPPER('VALUEOF(NQ_SESSION.RUNAS)') and UPPER(proxyid) = UPPER(':USER')
Use various elements in the instanceconfig.xml file to configure the proxy functionality.
You must create a custom message template for the proxy functionality that contains the SQL statement to perform the following tasks:
Obtain the list of target users that a proxy user can act as. This list is displayed in the User field in the Act As dialog box.
Verify whether the proxy user can act as the target user.
Obtain the list of proxy users that can act as the target user. This list is displayed on the target user's My Account screen.
In the custom message template, you place the SQL statement to retrieve this information in the following XML elements:
Element | Description |
---|---|
getValues |
Specifies the SQL statement to return the list of target users and corresponding proxy levels. The SQL statement must return either one or two columns, where the:
|
verifyValue |
Specifies the SQL statement to verify if the current user can act as the specified target user. The SQL statement must return at least one row if the target user is valid or an empty table if the target user is invalid. |
getDelegateUsers |
Specifies the SQL statement to obtain the list of proxy users that can act as the current user and their corresponding proxy levels. The SQL statement must return either one or two columns, where the:
|
You can create the custom message template in one of the following files:
The original custom message file in the directory
A separate XML file in the directory
The name that you specify in the WebMessage element must match the name that you specify in the TemplateMessageName
element in the instanceconfig.xml
file. See Modifying the Configuration File Settings for Proxy Functionality.
To create the custom message template in the original custom message file:
Make a backup of the original custom message file in a separate directory.
Make a development copy in a different directory and open it in a text or XML editor.
To create the custom message template in a separate XML file, create and open the file in the BI_DOMAIN/bidata/components/OBIPS/custommessages
directory.
You must configure a folder (custommessages) as an application in WebLogic Server, to make Oracle BI Presentation Services aware of it.
Start the custom message template by adding the WebMessage element's begin and end tags. For example:
<WebMessage name="LogonParamSQLTemplate"> </WebMessage>
After the </WebMessage>
tag:
Add the <XML> and </XML> tags
Between the <XML> and </XML> tags, add the <logonParam name="RUNAS"> and </logonParam> tags.
Between the <logonParam name="RUNAS">
and </logonParam>
elements, add each of the following elements along with its corresponding SQL statements:
<getValues> and </getValues>
<verifyValue> and </verifyValue>
<getDelegateUsers> and </getDelegateUsers>
The following entry is an example:
<?xml version="1.0" encoding="utf-8" ?> <WebMessageTables xmlns:sawm="com.example.analytics.web.messageSystem"> <WebMessageTable system="SecurityTemplates" table="Messages"> <WebMessage name="LogonParamSQLTemplate"> <XML> <logonParam name="RUNAS"> <getValues>EXECUTE PHYSICAL CONNECTION POOL "01 - Sample App Data (ORCL)"."Sample Relational Connection" select targetId from SAMP_USERS_PROXIES where proxyId='@{USERID}'</getValues> <verifyValue>EXECUTE PHYSICAL CONNECTION POOL "01 - Sample App Data (ORCL)"."Sample Relational Connection" select targetId from SAMP_USERS_PROXIES where proxyId='@{USERID}' and targetId='@{VALUE}'</verifyValue> <getDelegateUsers>EXECUTE PHYSICAL CONNECTION POOL "01 - Sample App Data (ORCL)"."Sample Relational Connection" select proxyId, proxyLevel from SAMP_USERS_PROXIES where targetId='@{USERID}'</getDelegateUsers> </logonParam> </XML> </WebMessage> </WebMessageTable> </WebMessageTables>
You must modify the example SQL statement according to the schema of the database. In the example, the database and connection pool are both named Proxy, the proxyId is PROXYER, and the targetId is TARGET.
If you created the custom message template in the development copy of the original file, then replace the original file in the custom messages directory with the newly edited file.
Test the new file.
(Optional) If you created the custom message template in the development copy of the original file, then delete the backup and development copies.
Load the custom message template by either restarting the server or by clicking the Reload Files and Metadata link on the BI Server Administration screen.