Вы находитесь на странице: 1из 8

Restricting BI Answers Access for Fusion

Application Users
ORACLE WHITE PAPER | APRIL 2019
Disclaimer
The following is intended to outline our general product direction. It is intended for information
purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any
material, code, or functionality, and should not be relied upon in making purchasing decisions. The
development, release, and timing of any features or functionality described for Oracle’s products
remains at the sole discretion of Oracle.

[O.FOOTER] ENTER TITLE OF DOCUMENT HERE


Table of Contents

Disclaimer 1

Summary 2

Restrict BI Answers Access through Manage Privileges 2

Use Scenarios: 3

Preserving Custom BI Privileges during Upgrade 5

1 | ENTER TITLE OF DOCUMENT HERE


Summary

By default, Fusion authenticated users inherit BI Consumer role, which gives them access to BI
catalog. For various practical reasons, customers need to remove BI catalog access to certain
roles, e.g. employees or line managers. This paper outlines steps customers can take to restrict
user access to BI catalog.

Restrict BI Answers Access through Manage Privileges


Starting in Fusion Release 13, customers can no longer modify the shipped BI factory catalog
including permissions. Oracle development is working on a solution that will allow customers to
hide the entire or selective BI catalog folders. In the meanwhile, this paper documents steps that
allow customers to restrict BI catalog access to BI Consumer or Fusion application roles.

Customers can control access to BI catalog by changing the default setting in BI Privileges from
Administration page. BI Privileges control user access to objects in the BI Answers interface.

To limit access to areas within the BI Answers interface, do the following:

1. Login to Answers as a BI Administrator user. Click on the Administration link in the Menu
and navigate to Manage Privileges (under the Security section).

2. In Manage Privileges UI, you see several privileges under the Home and Header
section. These privileges control what menu options are available in Answers. By
default, most options are available to users with the BI Consumer role (all Fusion users ).

2 | ENTER TITLE OF DOCUMENT HERE


The following table describes the privileges in more detail.

Privilege Description
Access Home Page Allows users to access the home page from the global header.
Access Catalog UI Allows users to access the catalog from the global header.
Access Catalog Search UI Allows users to access the search fields from the global header.
Simple Search Field Allows users to access the Search field in the global header.
Advanced Search Link Allows users to access the Advanced link in the global header.
Open Menu Allows users to access the Open menu from the global header.
New Menu Allows users to access the New menu from the global header.
Help Menu Allows users to access the Help menu from the global header.

Dashboards Menu Allows users to access the Dashboards menu from the global header.

Favorites Menu Allows users to access the Favorites menu from the global header.

Allows users to access the My Account link when they click on their Signed In As
My Account Link
name in the global header.

Allows users to access the custom links that the administrator added to the
Custom Links
global header.

3. To limit access to a specific privilege, you click on the link detailing the current role
granted for the privilege; i.e. BI Consumer. In the Permissions dialog, you select the X
icon to remove the current access and then the + icon to add the desired role. Click OK
to Save Changes.
Global Header Menu:

Use Scenarios
1. You have removed access to Reports and Analytics in Fusion application UI and you only
allow BI Author users to access Answers and navigate the Catalog folders. To prevent
users from accessing BI Answers, you can remove BI Consumer access and add BI
Author access to all privileges under Home and Header.

By removing BI Consumer and granting BI Platform Author access to menu items in BI


global header, you remove BI Consumer access to BI catalog and only allow BI Platform
Author access to BI catalog.
Below is a screenshot of BI Platform Author granted privilege to Home and Header in
Manage Privileges:

3 | ENTER TITLE OF DOCUMENT HERE


You can also grant privileges to selective Fusion application role. For example, you can
limit this access to specific Fusion job roles like Payroll Managers or Sales Administrators
instead of all BI Author users.

2. You need to block reporting access to certain external users. You can add the job role
you would like to block and change the access to Denied. This can be used for roles like
Partner. Note that if you change the access to Denied, this will revoke this privilege
from any user inheriting this role.
Example: Remove BI home page access to Partner Sales Manager

3. You need to block access to seeded OTBI and BI Publisher content but allow users to
continue to see data in the Custom folder. While you cannot selectively disable/enable
access to specific folders, you can follow the instruction as documented in the first use
scenario to block access to all content. In addition, you create a custom dashboard that
includes the custom BI reports for user access (or folder links to custom report folder)

4 | ENTER TITLE OF DOCUMENT HERE


and embed the custom BI dashboard in Fusion UI. This restricts user reporting access to
Fusion application UI without exposing the BI catalog.

Preserving Custom BI Privileges during Upgrade


Please note currently changes made to Manage Privileges are not preserved during a
patching/upgrade. An enhancement is planned to preserve custom privilege changes. In the
interim, you need to reapply custom privilege changes manually after an upgrade.

Oracle Corporation, World Headquarters Worldwide Inquiries


500 Oracle Parkway Phone: +1.650.506.7000
Redwood Shores, CA 94065, USA Fax: +1.650.506.7200

5 | ENTER TITLE OF DOCUMENT HERE


CONNECT W ITH US

blogs.oracle.com/oracle Copyright © 2014, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the
contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other
facebook.com/oracle warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or
fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are
formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means,
twitter.com/oracle electronic or mechanical, for any purpose, without our prior written permission.

oracle.com Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and
are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are
trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. 0419

2 | ENTER TITLE OF
C ODOCUMENT
N N E C T WHERE
ITH US

blogs.oracle.com/oracle