Search code examples
oracle-databaseobiee

How do I restrict access to particular presentation table under a given subject area in Oracle RPD?

My current configuration in the presentation layer is:

  • Generic Sales Subject Area -->Subject Area
    • Sales Measures -->Presentation Table
      • TotalSalesofGoods -->Field
    • Costs Measures -->Presentation Table
      • CostOfGoods -->Field
    • Customer Dimensions -->Presentation Table
      • CustomerAccount -->Field

I have two roles built, "ShouldSeeGenericSalesSubjectArea" and "ShouldSeeCostFields".

  • Permissions
    • "Generic Sales Subject Area"
      • Authenticated User --> No Access
      • ShouldSeeGenericSalesSubjectArea --> Read
      • ShouldSeeCostFields --> Default
    • "Sales Measures"
      • Authenticated User --> Read
      • ShouldSeeGenericSalesSubjectArea --> Default
      • ShouldSeeCostFields --> Default
    • "Cost Measures"
      • Authenticated User --> No Access
      • ShouldSeeGenericSalesSubjectArea --> Default
      • ShouldSeeCostFields --> Read
    • "Customer Dimensions"
      • Authenticated User --> Read
      • ShouldSeeGenericSalesSubjectArea --> Default
      • ShouldSeeCostFields --> Default
    • All Fields have permissions of:
      • Authenticated User --> Read
      • ShouldSeeGenericSalesSubjectArea --> Default
      • ShouldSeeCostFields --> Default
  • Given two users:
    • UserA
      • User has following roles:
        • ShouldSeeGenericSalesSubjectArea
        • ShouldSeeCostFields
      • User can see everything except the Cost Presentation Table
    • UserB
      • User has following roles:
        • ShouldSeeGenericSalesSubjectArea
      • User can see everything except the Cost Presentation Table
  • My ultimate goal is:
    • "ShouldSeeGenericSalesSubjectArea" allows access to see the "Generic Sales Subject Area", but does not show cost measure
    • "ShouldSeeCostFields" allows access to see the "Cost Measures" presentation layer.
    • Example:
      • UserA from above should see everything (including "Cost Measures").
      • UserB from above should see everything except the "Cost Measures".

I have tried several different combinations of permission levels to no avail. From my understanding, Oracle security works through taking the path of least restriction. Am I doing something wrong with my permissions on the "Cost Measures" presentation layer? Please let me know if there is anything I can clarify or if you need more info.

Solution

  • I was able to resolve the issue. I had to grant access at the Subject area to cost. This was required because it needed a link down to the table to inherit the security, without it the link was broken.