Introduction
This blog
details the steps needed to implement object security for any custom objects
which the Customer has created in the Project Analytics Module in OBIA
11.1.1.7.1 onwards.
Object-level
security controls the visibility to logical objects based on a user's
duty/application roles. The access to following objects can be restricted using
object level security: Presentation tables, Presentation table columns, Subject
Areas, Reports, Dashboards, and Project Specific shared folders.
To apply
object security over subject area, individual tables or individual column the
default access for authenticated user
application role must be set to No
Access.
We need to
explicitly grant read access to duty roles (which are based on adaptor as
explained above) which can access/view the particular subject area or
individual table or individual column.
Supported OBIA release: 11.1.1.7.1 onwards
- Project Analytics Application Roles used for enforcing object security –
In
Enterprise Manager select WebLogic -> Domain -> bifoundation_domain -> Security -> Application Roles, Select obi application stripe and
search for role name which starts with OBIA and you will see the list of all
application roles that start with OBIA.
Following is
the list of OOTB duty roles by adaptor
EBS Adaptor Duty Roles –
OBIA_EBS_PROJECT_EXECUTIVE_ANALYSIS_DUTY
OBIA_EBS_PROJECT_MANAGEMENT_ANALYSIS_DUTY
PSFT Adaptor Duty Roles –
OBIA_PSFT_PROJECT_EXECUTIVE_ANALYSIS_DUTY
OBIA_PSFT_PROJECT_MANAGEMENT_ANALYSIS_DUTY
Fusion Adaptor Duty Roles –
OBIA_PROJECT_EXECUTIVE_ANALYSIS_DUTY
OBIA_PROJECT_MANAGEMENT_ANALYSIS_DUTY
- Project Analytics object security implementation -
2.1 Subject Area:
Eg: Project
- Cost GL Reconciliation is a newly added area for EBS and PSFT adaptors. We
want to ensure that this subject area is not seen by Fusion Adaptor customers.
Bring down
the OBIEE Server, backup the existing rpd and open the rpd in the Admin tool.
Double click
Project - Cost GL Reconciliation à Permissions
As you can
see read access has been granted explicitly to duty roles associated with EBS
and PSFT adaptors. All other duty roles would inherit the default access from
Authenticated User application role which is set to No Access. This ensures
that this subject area is not visible for Fusion adaptor users
2.2 Presentation Table:
Eg: Dim –
Analysis Type is supported only for PSFT adaptor. We hide this presentation
table from EBS and Fusion Adaptor customers.
Under
Project - BillingAnalysis Type Permissions
As it can be
seen above only users associated to PSFT duty roles would be able to view
Analysis Type table. For EBS and Fusion adaptor users this table would be
hidden.
2.3 Individual Columns:
Eg:
Interproject Billing Amount metric in Project-Billing subject area is supported
only for EBS and Fusion adaptors. We hide this individual column from PSFT
customers.
Under
Project - Billing Fact – Project Billing Interproject Invoice Amount à Permissions
As it can be
seen above this metric would be viewed by EBS and Fusion adaptor users and hidden
from PSFT adaptor users.
Save the
rpd, do a consistency check and deploy the updated rpd in the OBIEE server.
- Additional Information –
No comments:
Post a Comment