Skip to main content
insightsoftware Documentation insightsoftware Documentation
{%article.title%}
Published:
Was this article helpful?
0 out of 0 found this helpful

Managing Security

This chapter provides information about how the Angles for Oracle Generator manages user access and related security features.

Row Level Data Security

The global form of NoetixViews enables security administrators to take advantage of the data access privileges that they have already set up in Oracle E-Business Suite. Reports and dashboards built against the global views will have their data sets automatically filtered based on the access privileges configured for a user.

Global views look up a given user’s access privileges using the business intelligence tool user’s login name. This section defines the process that must be undertaken to configure the connection pool in the Oracle Analytics repository to enable this login name look up. For more information about the specifics of row level security in global views, see the NoetixViews documentation.

This section is applicable to only the global form of NoetixViews. Row-level security is not available for standard or Cross Operations Extension (XOP) forms of NoetixViews.

To configure the connection pool for row level security

  1. Generate global views into the Oracle Analytics repository. For more information about generating NoetixViews into Oracle Analytics, see the "Generating UDML Files and Repository Using Angles for Oracle Generator section in Generating Oracle Analytics Repository.
  2. Open the repository using the Oracle Analytics Client Tools.
  3. Navigate to the connection pool created by the generator, and open Properties.
  4. Select Require fully qualified table names on the General tab if it is not already selected.
  5. Change the user name for the shared logon to use the Oracle E-Business Suite database’s APPS account. Provide the password for the APPS account in the Password box.

    The APPS account option is required for row level security to work for certain modules because they utilize Oracle E-Business Suite security capabilities that require the APPS account.

  6. Navigate to the Connection Scripts tab. Add the following PL/SQL block as an Execute before query script:

    BEGIN dbms_session.reset_package; END;

  7. Add another Execute before query script after the one mentioned in the previous step for the following PL/SQL block:

    BEGIN

    apps.xxnao_map_user_apps_init(

    '[NOETIX_SYS Schema Name]',

    'VALUEOF(NQ_SESSION.USER)',

    '[Registered BI Tool Name]' );

    END;

    Line breaks must be removed from the PL/SQL block before using it with Oracle Analytics. A bug in some versions of Oracle Analytics may cause errors in multiline scripts.

  8. Replace [NOETIX_SYS Schema Name] in the PL/SQL block from the previous step with the name of the NOETIX_SYS schema associated with the global views generation, in upper case.

    Replace [Registered BI Tool Name] in the PL/SQL block from the previous step with the name of the Oracle Analytics, as it was registered in NoetixViews Administrator. For more information about registering a BI tool server, see the NoetixViews Administrator Help File.

  9. Add the following PL/SQL block as an Execute after query script:

    BEGIN dbms_session.reset_package; END;

  10. Select OK to save the changes made to the connection pool. The Oracle Analytics repository is now configured to enable row level security in the global views. If you have mOracle Analyticsultiple instances of NoetixViews Global Extension in the Oracle Analytics repository, repeat this process with each additional instance to configure row-level security for those instances as well.

    With this connection pool configuration, BI tool users must be registered in Noetix Security Manager before users will be able to retrieve rows from the global views. An error will be returned in Oracle Analytics Presentation Services if a user attempts to run reports or view dashboards prior to being registered. For more information about registering BI tool users, see the Noetix Views Administrator Guide.

    insightsoftware recommends registering the Oracle Analytics “administrator” user as a BI tool user in Noetix Security Manager. That will make it possible to return data from NoetixViews when dashboards or requests are executed as the administrator.

  11. Then, upload the .rpd file into Oracle Analytics. For information about uploading the .rpd file, refer to the section 'Uploading the .rpd File into Oracle Analytics in Generating Oracle Analytics Repository.

Configuring Oracle Analytics to Support Row Level Data Security

The row-level data security available in the global form of NoetixViews utilizes security packages embedded in the NoetixViews themselves. As a result, end users will only be able to access the rows they have permission to see when any reports or dashboard requests are submitted against these NoetixViews.

Data caching in Oracle Analytics can hinder row-level security from working correctly because it redirects requests to cached result sets instead of redirecting to the NoetixViews in the Oracle database. Users switching between Oracle E-Business Suite responsibilities may not see updated data sets based on the new responsibility because Oracle Analytics will use the cached result set that was specific to the previous responsibility. In addition, if a previously granted responsibility is revoked from a user, that user may still be able to view data sets specific to the now revoked responsibility if Oracle Analytics has cached result sets pertaining to that user and responsibility.

To eliminate these conditions, insightsoftware recommends:

  • Turning off data caching in the Oracle Analytics by modifying the BI Server Cache settings in Oracle Enterprise Manager. If turning data caching off at the server level is too invasive, caching can be turned off at the table level in the Oracle Analytics repository through the use of a generator hookscript.
  • Turning off Presentation Services caching by modifying the instanceconfig.xml file.

For more information about making these changes, see the documentation that ships with Oracle Analytics.

To use generator hookscripts to disable caching at the physical table level

  1. Navigate to the <Angles for Oracle Generator Installation Folder>\Scripts folder.
  2. Open the hk_popgvw.sql hookscript using a text editor.
  3. Add the following statements to the file, and then save it:

    @utlspon &GEN_API_DIR/hk_popgvw

    update n_gen_views

    set cache_mode = 'NoCache';

    commit;

    @utlspoff

  4. Open the hk_popglov.sql hookscript using a text editor.
  5. Add the following statements to the file, and then save it:

    @utlspon &GEN_API_DIR/hk_popglov

    update n_gen_lovs

    set lov_cache_mode = 'NoCache';

    commit;

    @utlspoff

  6. These hookscripts will disable caching on all Angles for Oracle Generator-generated physical tables, including ones based on list of values (LoV) views.
  7. Regenerate Angles for Oracle Generator content into the Oracle Analytics repository. Make sure that the Cacheable check box in the properties of the Angles for Oracle Generator-generated physical tables is not selected when you inspect the repository after the regeneration completes.

Published:

Managing Security

This chapter provides information about how the Angles for Oracle Generator manages user access and related security features.

Row Level Data Security

The global form of NoetixViews enables security administrators to take advantage of the data access privileges that they have already set up in Oracle E-Business Suite. Reports and dashboards built against the global views will have their data sets automatically filtered based on the access privileges configured for a user.

Global views look up a given user’s access privileges using the business intelligence tool user’s login name. This section defines the process that must be undertaken to configure the connection pool in the Oracle Analytics repository to enable this login name look up. For more information about the specifics of row level security in global views, see the NoetixViews documentation.

This section is applicable to only the global form of NoetixViews. Row-level security is not available for standard or Cross Operations Extension (XOP) forms of NoetixViews.

To configure the connection pool for row level security

  1. Generate global views into the Oracle Analytics repository. For more information about generating NoetixViews into Oracle Analytics, see the "Generating UDML Files and Repository Using Angles for Oracle Generator section in Generating Oracle Analytics Repository.
  2. Open the repository using the Oracle Analytics Client Tools.
  3. Navigate to the connection pool created by the generator, and open Properties.
  4. Select Require fully qualified table names on the General tab if it is not already selected.
  5. Change the user name for the shared logon to use the Oracle E-Business Suite database’s APPS account. Provide the password for the APPS account in the Password box.

    The APPS account option is required for row level security to work for certain modules because they utilize Oracle E-Business Suite security capabilities that require the APPS account.

  6. Navigate to the Connection Scripts tab. Add the following PL/SQL block as an Execute before query script:

    BEGIN dbms_session.reset_package; END;

  7. Add another Execute before query script after the one mentioned in the previous step for the following PL/SQL block:

    BEGIN

    apps.xxnao_map_user_apps_init(

    '[NOETIX_SYS Schema Name]',

    'VALUEOF(NQ_SESSION.USER)',

    '[Registered BI Tool Name]' );

    END;

    Line breaks must be removed from the PL/SQL block before using it with Oracle Analytics. A bug in some versions of Oracle Analytics may cause errors in multiline scripts.

  8. Replace [NOETIX_SYS Schema Name] in the PL/SQL block from the previous step with the name of the NOETIX_SYS schema associated with the global views generation, in upper case.

    Replace [Registered BI Tool Name] in the PL/SQL block from the previous step with the name of the Oracle Analytics, as it was registered in NoetixViews Administrator. For more information about registering a BI tool server, see the NoetixViews Administrator Help File.

  9. Add the following PL/SQL block as an Execute after query script:

    BEGIN dbms_session.reset_package; END;

  10. Select OK to save the changes made to the connection pool. The Oracle Analytics repository is now configured to enable row level security in the global views. If you have mOracle Analyticsultiple instances of NoetixViews Global Extension in the Oracle Analytics repository, repeat this process with each additional instance to configure row-level security for those instances as well.

    With this connection pool configuration, BI tool users must be registered in Noetix Security Manager before users will be able to retrieve rows from the global views. An error will be returned in Oracle Analytics Presentation Services if a user attempts to run reports or view dashboards prior to being registered. For more information about registering BI tool users, see the Noetix Views Administrator Guide.

    insightsoftware recommends registering the Oracle Analytics “administrator” user as a BI tool user in Noetix Security Manager. That will make it possible to return data from NoetixViews when dashboards or requests are executed as the administrator.

  11. Then, upload the .rpd file into Oracle Analytics. For information about uploading the .rpd file, refer to the section 'Uploading the .rpd File into Oracle Analytics in Generating Oracle Analytics Repository.

Configuring Oracle Analytics to Support Row Level Data Security

The row-level data security available in the global form of NoetixViews utilizes security packages embedded in the NoetixViews themselves. As a result, end users will only be able to access the rows they have permission to see when any reports or dashboard requests are submitted against these NoetixViews.

Data caching in Oracle Analytics can hinder row-level security from working correctly because it redirects requests to cached result sets instead of redirecting to the NoetixViews in the Oracle database. Users switching between Oracle E-Business Suite responsibilities may not see updated data sets based on the new responsibility because Oracle Analytics will use the cached result set that was specific to the previous responsibility. In addition, if a previously granted responsibility is revoked from a user, that user may still be able to view data sets specific to the now revoked responsibility if Oracle Analytics has cached result sets pertaining to that user and responsibility.

To eliminate these conditions, insightsoftware recommends:

  • Turning off data caching in the Oracle Analytics by modifying the BI Server Cache settings in Oracle Enterprise Manager. If turning data caching off at the server level is too invasive, caching can be turned off at the table level in the Oracle Analytics repository through the use of a generator hookscript.
  • Turning off Presentation Services caching by modifying the instanceconfig.xml file.

For more information about making these changes, see the documentation that ships with Oracle Analytics.

To use generator hookscripts to disable caching at the physical table level

  1. Navigate to the <Angles for Oracle Generator Installation Folder>\Scripts folder.
  2. Open the hk_popgvw.sql hookscript using a text editor.
  3. Add the following statements to the file, and then save it:

    @utlspon &GEN_API_DIR/hk_popgvw

    update n_gen_views

    set cache_mode = 'NoCache';

    commit;

    @utlspoff

  4. Open the hk_popglov.sql hookscript using a text editor.
  5. Add the following statements to the file, and then save it:

    @utlspon &GEN_API_DIR/hk_popglov

    update n_gen_lovs

    set lov_cache_mode = 'NoCache';

    commit;

    @utlspoff

  6. These hookscripts will disable caching on all Angles for Oracle Generator-generated physical tables, including ones based on list of values (LoV) views.
  7. Regenerate Angles for Oracle Generator content into the Oracle Analytics repository. Make sure that the Cacheable check box in the properties of the Angles for Oracle Generator-generated physical tables is not selected when you inspect the repository after the regeneration completes.

For an optimal Community experience, Please view on Desktop