Data Security in NoetixViews
The data security model provided in NoetixViews has the following components:
User authentication: This component concerns the validation of the credentials provided by the user while logging on to business intelligence (BI) tools. The credentials consist of a user name, a password, and, at times, an Oracle E-Business Suite responsibility.
View and answer authorization: This component concerns the privileges of a user to query a Noetix view or run a Noetix answer. Users obtain these privileges by being granted a Noetix role or an access to a folder that contains the views or answers in the BI tools. For information, see “View and Answer Authorization”.
Data access privilege: This component concerns the privilege of a user to access specific data or rows from a Noetix view. This access is determined by the settings of the Noetix query user that is associated with the user querying the data from the views in the BI tool. For information, see Data Access Privilege.
View and Answer Authorization
For querying a view or running an answer in the business intelligence (BI) tool, users need to be assigned the required privileges. For assigning these privileges, the following are done:
For each BI tool user, a corresponding Noetix query user is created. The query user is assigned a Noetix role through the Security Manager dialog box. The role assigned to the query user allows the user to access a set of views corresponding to the role in the BI tool.
The BI tool user is granted access to a folder, business area, group, or role that contains the views or answers in the BI tools. After these privileges are granted, the users can access all the respective views or answers.
Noetix Generators automatically configure access to views and answers in the BI tool for a BI tool user based on the Noetix roles assigned to the associated Noetix query user. In some BI tools where the Noetix Generators do not configure access to views and answers automatically for a BI tool user, the administrator of the BI tool has to manually grant the required permissions to the BI tool user.
The following subsections explain how users are provided with authorization to query views and run answers in various BI tools:
NWQ
The following steps need to be performed while setting up users’ access to views and answers in NWQ:
Using the Security Manager dialog box, add Noetix query users of Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Responsibility (Type R) types for the Oracle E-Business Suite users and responsibilities, and assign roles to them. You can also add database users as Database User (Type U) type users. The roles assigned to the Database User (Type U) type users are automatically assigned to the respective database users in the Oracle database. For information about creating query users and assigning roles, see Data Security in NoetixViews and Data Security in NoetixViews. For information about how Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) type users gain access to views and answers in Oracle BI, see Data Access Privilege.
Run Angles for Oracle Generator for Noetix Platform—Oracle E-Business Suite Edition (Platform Generator).
Angles for Oracle Generator creates folders in NWQ for containing the views and answers that correspond to Noetix roles. It also creates NWQ users for each Database User (Type U) and Oracle E-Business Suite Authenticated User (Type A) type users. A user is also set up for each Oracle E-Business Suite user assigned to the responsibility of the Oracle E-Business Suite Authenticated Responsibility (Type R) type users. Angles for Oracle Generator grants NWQ users those answer folders in NWQ that correspond to the roles assigned to the query user. However, Angles for Oracle Generator does not grant the users access to the NWQ folders containing views. This step is performed by the Noetix Platform administrator.
Oracle Discoverer
The following steps need to be performed while setting up users’ access to views in Oracle Discoverer. Noetix answers are not generated into Discoverer.
Using the Security Manager dialog box, add Noetix query users of Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Responsibility (Type R) types for the Oracle E-Business Suite users and responsibilities, and assign roles to them. You can also add database users as Database User (Type U) type users. The roles assigned to the Database User (Type U) type users are automatically assigned to the respective database users in the Oracle database. For information about creating query users and assigning roles, see Data Security in NoetixViews and Data Security in NoetixViews. For information about how Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) type users gain access to views and answers in Oracle BI, see Data Access Privilege.
Run Angles for Oracle Generator for Oracle Discoverer (Angles for Oracle Generator).
Angles for Oracle Generator creates business areas for each extracted Noetix role. The folders in each business area correspond to the views of that role. Angles for Oracle Generator also automatically configures each user’s access to the business areas. For Applications Mode End User Layers (EULs), Angles for Oracle Generator maps Oracle
E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) type users to their corresponding Oracle E-Business Suite user or responsibility. They are also granted access to the business areas in the EULs based on the roles assigned to the corresponding Noetix query users. For standard EULs, Angles for Oracle Generator maps the Database User (Type U) type users to their corresponding database user in the Oracle Database and grants them the business areas that correspond to the roles assigned to the query user.
Oracle BI
The following steps need to be performed while setting up users’ access to views and answers in Oracle Business Intelligence (Oracle BI):
Using the Security Manager dialog box, add Noetix query users of Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Responsibility (Type R) types for the Oracle E-Business Suite users and responsibilities, and assign roles to them. You can also add database users as Database User (Type U) type users. The roles assigned to the Database User (Type U) type users are automatically assigned to the respective database users. For information about creating query users and assigning roles, see Data Security in NoetixViews and Data Security in NoetixViews. For information about how Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) type users gain access to views and answers in Oracle BI, see Data Access Privilege.
Run Angles for Oracle Generator for Oracle Business Intelligence (Angles for Oracle Generator).
Angles for Oracle Generator configures the Oracle BI metadata repository with subject areas containing folders, which hold Noetix views and answers. For each folder, Angles for Oracle Generator creates a user group. The Oracle BI administrator makes each Oracle BI user a member of these groups. This allows them to access the views and answers in the respective folders.
IBM Cognos BI
The following steps need to be performed while setting up users’ access to views and answers in IBM Cognos Business Intelligence (Cognos BI):
Using the Security Manager dialog box, add Noetix query users of Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Responsibility (Type R) types for the Oracle E-Business Suite users and responsibilities, and assign roles to them. You can also add database users as Database User (Type U) type users. The roles assigned to the Database User (Type U) type users are automatically assigned to the respective database users. For information about creating query users and assigning roles, see Data Security in NoetixViewsand Data Security in NoetixViews. For information about how Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) type users gain access to views and answers in Cognos BI, see Data Access Privilege.
Run Angles for Oracle Generator for IBM Cognos BI (Angles for Oracle Generator).
Angles for Oracle Generator configures the Cognos Framework Manager model with packages containing folders. These folders contain the query subjects that are mapped to the views in the database. Angles for Oracle Generator creates folders that contain answers. It also creates roles that correspond to Noetix roles and are associated with the respective folders. The Cognos BI administrator grants these roles to the users that allow them to access the corresponding views and answers.
SAP BusinessObjects
The following steps need to be performed while setting up users’ access to views and answers in SAP BusinessObjects:
Using the Security Manager dialog box, add Noetix query users of Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Responsibility (Type R) types for the Oracle E-Business Suite users and responsibilities, and assign roles to them. You can also add database users as Database User (Type U) type users. The roles assigned to the Database User (Type U) type users are automatically assigned to the respective database users. For information about creating query users and assigning roles, see Data Security in NoetixViews and Data Security in NoetixViews. For information about how Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) type users gain access to views and answers in BusinessObjects, see Data Access Privilege.
Run Angles for Oracle Generator for SAP BusinessObjects (Angles for Oracle Generator).
Angles for Oracle Generator configures the BusinessObjects Universes with classes and objects that are mapped to the views in the database and generates the answers. It also creates groups that correspond to Noetix roles. The BusinessObjects administrator grants these roles to the users that allow them to access the corresponding views and answers.
Data Access Privilege
In Noetix views, Oracle Applications mode or custom security can be applied to the data that is returned for BI tool users who may or may not be users of Oracle E-Business Suite.
Data access privilege imply the privileges of the Noetix query users or BI tool users who are linked to Noetix query users of the Oracle E-Business Suite Authenticated User (Type A) type to access data from Noetix views, such as rows from a Noetix view. In NoetixViews, the rows returned by the Noetix views for a Noetix query user is decided based on the row-level security set for the Noetix query user. When row-level security is applied, the Noetix query user's access to data within Noetix views corresponding to a role can be further restricted.
The row-level security consists of organizational unit security and application-specific security. Row-level security is supported in only global forms of the Noetix views for the following Oracle E-Business Suite modules:
Oracle Advanced Benefits
Oracle Assets
Oracle Bills of Material
Oracle Cost Management
Oracle Depot Repair
Oracle Enterprise Asset Management
Oracle Field Service
Oracle General Ledger
Oracle Human Resources
Oracle Install Base
Oracle Inventory
Oracle Master Scheduling/MRP
Oracle Order Management
Oracle Payables
Oracle Payroll
Oracle Projects
Oracle Purchasing
Oracle Quality
Oracle Receivables
Oracle Service Contracts
Oracle TeleService
Oracle Time and Labor
Oracle U.S. Federal Financials
Oracle Work in Process
NoetixViews support only application-specific security for the Noetix views corresponding to Depot Repair, Field Service, and TeleService.
For Noetix query users of the Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) types, the restrictions to access data are applied based on the data access privileges defined in Oracle E-Business Suite. For Noetix query users of the Database User (Type U) type, these restrictions are configured by the Noetix System Administration User (Type N) through NoetixViews Administrator. Row-level security is enforced by global views in the database when a Noetix query user queries data from them. Each global view has an access control list (ACL) that defines the organizational units that a Noetix query can access. These organizational units include business groups, ledgers/sets of books, operating units, and inventory organizations. When a Noetix query user queries data from global views, global views validate the user and ACL information and enforce the row-level security on the user.
Additionally, data security similar to row-level security is supported in standard and Cross Operations Extension (XOP) forms of Noetix views for General Ledger and U.S. Federal Financials. This type of security is also supported in standard form of Noetix views for Advanced Benefits, Human Resources, Time and Labor, and Payroll.
In Oracle E-Business Suite, an Oracle E-Business Suite user can be assigned multiple General Ledger responsibilities to which security rules are attached and multiple Oracle Human Resources Management System (HRMS) responsibilities to which security profiles are attached. After adding this user as a Noetix query user and assigning the Derived from Oracle EBS security mode in NoetixViews Administrator, when the Noetix query user or a BI tool user who is linked to this Noetix query user queries data from the global form of Noetix views for General Ledger, Advanced Benefits, Human Resources, Time and Labor, and Payroll through a business intelligence (BI) tool, the number of rows returned will be further filtered by the responsibility with which the user logs on.
Note: When custom responsibilities for custom applications in Oracle E-Business Suite are added as Noetix query users of the Oracle E-Business Suite Authenticated Responsibility (Type R) type, only custom security can be enforced on the Noetix query user. If the option to derive the security from Oracle E-Business Suite is applied, data will not be returned.
In BI tools, such as NWQ and Oracle Discoverer, Noetix query users of the Oracle
E-Business Suite Authenticated User (Type A) type can select a General Ledger or HRMS responsibility when they log on to these BI tools. After logging on, if the Noetix query users want to select a different General Ledger or HRMS responsibility, they will have to log off from the current user session, and log on to the BI tool again.
In BI tools such as Oracle Business Intelligence (Oracle BI), SAP BusinessObjects, and IBM Cognos Business Intelligence (Cognos BI), BI tool users log on with the responsibility associated with the Noetix query user of the Oracle E-Business Suite Authenticated User (Type A) type to which they are linked. After logging on, if the BI tool users want to select a different General Ledger or HRMS responsibility, they can run the Noetix Responsibility Tool to change the responsibility. This application allows BI tool users to change their General Ledger or HRMS responsibility without logging off from their current user session.
Organizational Unit Security
Organizational unit security is applied to Noetix query users based on their access to organizational units. These organizational units include business groups, ledgers/sets of books, operating units, and inventory organizations. In the global forms of Noetix views that support row-level security, the organizational unit security is applied by default. Additionally, organizational unit security is supported in standard and XOP forms of Noetix views for U.S. Federal Financials. Organizational unit security can be set up for the following types of Noetix query users:
Database User (Type U)
Oracle E-Business Suite Authenticated User (Type A)
Oracle E-Business Suite Authenticated Responsibility (Type R)
Noetix System Administration User (Type N)
NoetixViews also provides the functionality to override the organizational unit security defined for the Noetix query users of the Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) types in Oracle E-Business Suite.
NoetixViews supports organizational unit security for the global forms of the Noetix views for the following Oracle E-Business Suite modules:
Oracle E-Business Suite module | Organizational unit |
Oracle Advanced Benefits, Oracle Human Resources, Oracle Time and Labor, and Oracle Payroll | Business group |
Oracle Assets, Oracle General Ledger, and Oracle U.S. Federal Financials | Ledger/ Set of Books |
Oracle Order Management, Oracle Payables, Oracle Projects, Oracle Purchasing, Oracle Receivables, and Oracle Service Contracts | Operating unit |
Oracle Install Base | Operating unit and Item Instance |
Oracle Bills of Material, Oracle Cost Management, Oracle Enterprise Asset Management, Oracle Inventory, Oracle Master Scheduling/MRP, Oracle Quality, and Oracle Work in Process | Inventory organization |
Also, for Oracle E-Business Suite Release 12 and later, global form of Noetix views support organizational unit security provided by the Multi-Org Access Control (MOAC) feature for Noetix query users of the Oracle E-Business Suite Authenticated User (Type A) type.
Application-Specific Security
Application-specific security is applied over the existing organizational unit based security applied to Noetix query users. The application-specific security restricts their access to data in Noetix views based on security rules, security profiles, budget access levels, and service request types. NoetixViews supports application-specific security in global Noetix views for the following Oracle E-Business Suite modules:
Oracle E-Business Suite module | Application-specific security based on |
Advanced Benefits, Human Resources, Time and Labor, and Payroll | Security profiles |
General Ledger | Security rules for the Accounting Flexfield |
U.S. Federal Financials | Budget access levels |
Oracle Depot Repair, Oracle Field Service, and Oracle TeleService | Service request types |
Application-specific security is also supported in standard and XOP forms of views for U.S. Federal Financials and General Ledger and in standard form of views for Human Resources, Advanced Benefits, Payroll, and Time and Labor. By default, for the standard views of Human Resources, Advanced Benefits, Payroll, and Time and Labor, application-specific security is defined in Oracle E-Business Suite and cannot be modified through NoetixViews Administrator.
Application-specific security that is applied based on security rules and budget access levels can be set up for the following Noetix query users:
Database User (Type U)
Oracle E-Business Suite Authenticated User (Type A)
Oracle E-Business Suite Authenticated Responsibility (Type R)
Noetix System Administration User (Type N)
Application-specific security that is applied based on security profiles can be set up for the following Noetix query users:
Oracle E-Business Suite Authenticated User (Type A)
Oracle E-Business Suite Authenticated Responsibility (Type R)
Note: For Noetix query users of the Database User (Type U) and Noetix System Administration User (Type N) types, the security profiles will apply only if the Noetix query users are also defined in Human Resources as reporting users for the security profiles.
NoetixViews also provides the functionality to override the application-specific security defined for the Noetix query users of the Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) types in Oracle E-Business Suite.
The following list provides information about the Noetix views that support application-specific security:
For Advanced Benefits, the following views support application-specific security:
BEN COBRA Beneficiaries
BEN Elig Elec Enrollments
BEN Emp Dependents
BEN Life Evnt Workflow
BEN Payroll Ben Costs
BEN Potential Life Evnts
BEN Ptpnt Benefit Costs
BEN Ptpnt Communications
BEN Ptpnt Court Orders
BEN Ptpnt Electabilities
BEN Ptpnt Eligibilities
BEN Ptpnt Enroll Actions
BEN Ptpnt Enrollments
BEN Ptpnt Flex Credits
BEN Ptpnt Flex Spending
BEN Ptpnt Life Events
BEN Ptpnt Mthly Premiums
For Depot Repair, the following views support application-specific security:
CSD AP Repair Invoices
CSD AR Repair Invoices
CSD OE Repair Actuals
CSD OE Repair RMA Orders
CSD OE Repair Shipments
CSD PO Repair Req Orders
CSD Repair Estimate Notes
CSD Repair Estimates
CSD Repair Notes
CSD Repair Order Services
CSD Repair Orders
CSD Repair Task Notes
CSD Repair Tasks
CSD Service Requests
CSD WIP Repair Jobs
For Field Service, the following views support application-specific security:
CSF Debrief Charge Lines
CSF Debrief Expense Lines
CSF Debrief Labor Lines
CSF Debrief Material Lines
CSF Task Resources
For TeleService, the following views support application-specific security:
CS Interaction Activities
CS Service Request Audits
CS Service Request Notes
CS Service Request Tasks
CS Service Requests
CS SR Attachments
CS SR Task Audits
CS Task Notes
For U.S. Federal Financials, the following views support application-specific security:
FV Budget Appr GL JE
FV Budget Auth SLA GL JE
FV Budget Authority Trans
FV Budget Transactions
FV Fund Distr GL JE
FV Fund Distr SLA GL JE
FV Fund Distributions
FV SLA Budget Auth Trans
FV SLA Budget RPR Trans
FV SLA Budget Trans
FV SLA Fund Distributions
For General Ledger, the following views support application-specific security:
GL All Balances
GL All Budgets
GL All Encumb Je Lines
GL All Je Lines
GL AP Inv Je Line Details
GL Archived Balances
GL Archived Je Lines
GL Balances
GL Budget Actuals Encumb
GL Budget To Actuals
GL Budgets
GL Encumbrance Balances
GL Foreign Balances
GL Foreign Je Lines
GL Foreign Summaries
GL Funds Available
GL Je AP Inv Dist Details
GL Je AP Pmt Dist Details
GL Je SLA AP Inv Dist
GL Je SLA AP Pmt Dist
GL Je SLA AR Adj Dist
GL Je SLA AR Misc Rcpt Dist
GL Je SLA AR Std Rcpt Dist
GL Je SLA AR Tran Dist
GL Je Tran AR Adj Dist
GL Je Tran AR Misc Dist
GL Je Tran AR Pymt Dist
GL Je Tran AR Tran Dist
GL Journal Entry Lines
GL Org Balances
GL Org Budget To Actuals
GL Org Budgets
GL Parent Budget To Actuals
GL Parent Child Balances
GL Parent Child Budgets
GL Rollup Account Balances
GL Rollup Account Budgets
GL Rollup Parent Balances
GL Rollup Parent Budgets
GL Stat Balances
GL Stat Budget To Actuals
GL Stat Budgets
GL Summary Balances
GL Summary Budget To Actuals
GL Summary Budgets
XLA GL All Balances
XLA GL Journal Lines
XLA SLA Hub Journal Lines
For Human Resources, the following views support application-specific security:
HR Accrual Pln Hist
HR Address Hist
HR AP 1099 Payments
HR Applicant Hist
HR Ben Elig Info
HR Budgets
HR Carrier Asg Hist
HR COBRA Prem Stat
HR COBRA Track
HR Contact Hist
HR Contingent Worker Info
HR EI Academic Rank
HR EI Asg Ben Derived
HR EI Asg Federal
HR EI Asg Locality
HR EI Asg Types
HR EI GHR Probations
HR EI GHR Sep Retire
HR EI Job Types
HR EI Loc Types
HR EI Per Types
HR EI Pos Types
HR EI US Add Details
HR EI US Passport Dtls
HR EI US Visa Dtls
HR Element Links
HR Emp Absence Hist
HR Emp ADA Info
HR Emp Asg Details
HR Emp Assign Costs
HR Emp Assign Costs Hist
HR Emp Assign Hist
HR Emp Ben Health
HR Emp Ben Others
HR Emp Beneficiary
HR Emp Element Entry Vals
HR Emp Emergency
HR Emp Ethnic Info
HR Emp Headcnt Hist
HR Emp Headcounts
HR Emp Info
HR Emp LOS
HR Emp Reviews
HR Emp Sal Analysis
HR Emp Sal Hist
HR Emp Sal Pro Current
HR Emp Sal Pro Hist
HR Emp Tax Details
HR Emp Terms Hist
HR Emp Total Comp
HR Emp Veteran Info
HR Emp Work Hist
HR Emp Xfers Hist
HR New Hire Hist
HR Oth Headcnt Hist
HR Pay Scales
HR People Grp Hist
HR Person Hist
HR Phones Hist
HR Pos Hierarchies
HR Pos Requirements
HR Req Vac Track
HR Schools Attended
HR SI Type
HR Turnover Hist
HR Vac Job Match
HR Vac Pos Match
For Time and Labor, the following views support application-specific security:
HXC Assignment Time Info
HXC BEE Batch Headers
HXC BEE Batch Lines
HXC BEE Error Messages
HXC PUI Latest Timecards
HXC PUI Missing Timecards
HXC PUI Timecard History
HXC SS Latest Timecards
HXC SS Missing Timecards
HXC SS Time Category Hours
HXC SS Timecard History
HXC Timecard Summary
For Payroll, the following views support application-specific security:
PAY Accruals
PAY Check Register
PAY Costing Analysis
PAY Costing Details
PAY Costing Summary
PAY Custom Balances
PAY Deductions Owed
PAY Emp Not Paid
PAY Gre Totals
PAY Gross And Net Balances
PAY Gross To Net Summary
PAY Hours By Cost Center
PAY Invalid Addresses
PAY Payment Methods
PAY Payment Register
PAY Payroll Activities
PAY Payroll Audit
PAY Payroll Messages
PAY Payroll Proc Summary
PAY Run Results
PAY Tax Balances
PAY Third Party Register
PAY US Payroll Register
PAY US W2 Register
PAY Void Payments