Categories
Control Dataset access to certain custom role
Organization Name (Required - If you are an Oracle Partner, please provide the organization you are logging the idea on behalf of):
Oracle Advertising (Oracle Internal)
Description (Required):
OAC supports custom roles for object level security to restrict access of certain folder content to set of users belongs to the custom role.
Also, we can assign the custom roles to RPD subject areas so only the users belong to the custom role gets access to view the subject area to create/view reports via OAC Classic.
Similar approach is missing for Datasets and DV Workbooks. In order for someone to create a DV Workbook, one must have DV Content Author role. Once the person receives the DV Content Author role, he/she automatically gain access to pretty much all the datasets, because DV Content Author role should be granted write access in order to enable anyone to create workbook using the dataset.
We are unable to restrict the dataset access to the custom roles as needed.
Use Case and Business Need (Required):
We have "Dataset 1" & "Dataset 2" (via Dataset option). These two datasets are for two different teams i.e Team1 & Team2 respectively. Below is the business rule for the usage of these two datasets by assigning two different custom roles for Team1 & Team2.
- ONLY "Team1" should be able to access "Dataset 1" to create reports. Others (except BI admins) should not have access to view/create reports using "Dataset 1" and also "Team2" should not have access to "Dataset 1" either from DV Home page Data Option or from Classic View Create Option.
- ONLY "Team2" should be able to access "Dataset 2" to create reports. Others (except BI admins) should not have access to view/create reports using "Dataset 2" and also "Team2" should not have access to "Dataset 1" either from DV Home page Data Option or from Classic View Create Option.
Enhancement Request / Service Request:
SR 3-31428048161
Comments
-
Hi,
As per my understanding of your issue, I am suggesting this. If you click on Inspect of Dataset/Workbook there is an option Access,
In that you can provide access to required Users or Roles and remove unwanted Roles if any are there. Check if this is the solution you are looking for.
0 -
Hi Subhakara,
I followed-up this through Oracle Support and Prod Dev via SR# 3-31428048161.
We very well aware of this access limitation via Inspect option.
The problem or limitation here is, DV Content Author should be given read-write access in order for any user with author role to create a workbook using the dataset. And, one has to have minimum of DV Content Author role to create DV Workbook.
With that said, if the user has DV Content Author role, they pretty much have access to all the datasets whichever is given Read-Write access to DV Content Author role.
But, we planning to achieve the below access goal from the system.
- Team1 to gain access to DV Content Author role to create workbooks ONLY with the datasets that are given Read-Write access to Team1 custom role.
- Team2 to gain access to DV Conent Author role to create workbooks ONLY with the datasets that are given Read-Write access to Team2 custom role.
BTW, all our permissions goes through roles (including custom role) and we don't add individual users to the datasets to avoid the complexity in maintenance.
Thanks,
Arun
0 -
See "What's New" for the November 2023 update
Grant permissions to user-defined application roles at a finer grain than previously possible, enabling you to fine-tune your security. See About Permissions.
0
