Skip to main content
insightsoftware Documentation insightsoftware Documentation
{%article.title%}
Published:
Was this article helpful?
0 out of 0 found this helpful

Data Security in NoetixViews

The data security model provided in NoetixViews has the following components:

  • User authentication: This component concerns the validation of the credentials provided by the user while logging on to business intelligence (BI) tools. The credentials consist of a user name, a password, and, at times, an Oracle E-Business Suite responsibility.

  • View and answer authorization: This component concerns the privileges of a user to query a Noetix view or run a Noetix answer. Users obtain these privileges by being granted a Noetix role or an access to a folder that contains the views or answers in the BI tools. For information, see “View and Answer Authorization”.

  • Data access privilege: This component concerns the privilege of a user to access specific data or rows from a Noetix view. This access is determined by the settings of the Noetix query user that is associated with the user querying the data from the views in the BI tool. For information, see Data Access Privilege.

View and Answer Authorization

For querying a view or running an answer in the business intelligence (BI) tool, users need to be assigned the required privileges. For assigning these privileges, the following are done:

  • For each BI tool user, a corresponding Noetix query user is created. The query user is assigned a Noetix role through the Security Manager dialog box. The role assigned to the query user allows the user to access a set of views corresponding to the role in the BI tool.

  • The BI tool user is granted access to a folder, business area, group, or role that contains the views or answers in the BI tools. After these privileges are granted, the users can access all the respective views or answers.

Noetix Generators automatically configure access to views and answers in the BI tool for a BI tool user based on the Noetix roles assigned to the associated Noetix query user. In some BI tools where the Noetix Generators do not configure access to views and answers automatically for a BI tool user, the administrator of the BI tool has to manually grant the required permissions to the BI tool user.

The following subsections explain how users are provided with authorization to query views and run answers in various BI tools:

NWQ

The following steps need to be performed while setting up users’ access to views and answers in NWQ:

  1. Using the Security Manager dialog box, add Noetix query users of Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Responsibility (Type R) types for the Oracle E-Business Suite users and responsibilities, and assign roles to them. You can also add database users as Database User (Type U) type users. The roles assigned to the Database User (Type U) type users are automatically assigned to the respective database users in the Oracle database. For information about creating query users and assigning roles, see Data Security in NoetixViews and Data Security in NoetixViews. For information about how Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) type users gain access to views and answers in Oracle BI, see Data Access Privilege.

  2. Run Angles for Oracle Generator for Noetix Platform—Oracle E-Business Suite Edition (Platform Generator).

Angles for Oracle Generator creates folders in NWQ for containing the views and answers that correspond to Noetix roles. It also creates NWQ users for each Database User (Type U) and Oracle E-Business Suite Authenticated User (Type A) type users. A user is also set up for each Oracle E-Business Suite user assigned to the responsibility of the Oracle E-Business Suite Authenticated Responsibility (Type R) type users. Angles for Oracle Generator grants NWQ users those answer folders in NWQ that correspond to the roles assigned to the query user. However, Angles for Oracle Generator does not grant the users access to the NWQ folders containing views. This step is performed by the Noetix Platform administrator.

Oracle Discoverer

The following steps need to be performed while setting up users’ access to views in Oracle Discoverer. Noetix answers are not generated into Discoverer.

  1. Using the Security Manager dialog box, add Noetix query users of Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Responsibility (Type R) types for the Oracle E-Business Suite users and responsibilities, and assign roles to them. You can also add database users as Database User (Type U) type users. The roles assigned to the Database User (Type U) type users are automatically assigned to the respective database users in the Oracle database. For information about creating query users and assigning roles, see Data Security in NoetixViews and Data Security in NoetixViews. For information about how Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) type users gain access to views and answers in Oracle BI, see Data Access Privilege.

  2. Run Angles for Oracle Generator for Oracle Discoverer (Angles for Oracle Generator).

    Angles for Oracle Generator creates business areas for each extracted Noetix role. The folders in each business area correspond to the views of that role. Angles for Oracle Generator also automatically configures each user’s access to the business areas. For Applications Mode End User Layers (EULs), Angles for Oracle Generator maps Oracle
    E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) type users to their corresponding Oracle E-Business Suite user or responsibility. They are also granted access to the business areas in the EULs based on the roles assigned to the corresponding Noetix query users. For standard EULs, Angles for Oracle Generator maps the Database User (Type U) type users to their corresponding database user in the Oracle Database and grants them the business areas that correspond to the roles assigned to the query user.

Oracle BI

The following steps need to be performed while setting up users’ access to views and answers in Oracle Business Intelligence (Oracle BI):

  1. Using the Security Manager dialog box, add Noetix query users of Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Responsibility (Type R) types for the Oracle E-Business Suite users and responsibilities, and assign roles to them. You can also add database users as Database User (Type U) type users. The roles assigned to the Database User (Type U) type users are automatically assigned to the respective database users. For information about creating query users and assigning roles, see Data Security in NoetixViews and Data Security in NoetixViews. For information about how Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) type users gain access to views and answers in Oracle BI, see Data Access Privilege.

  2. Run Angles for Oracle Generator for Oracle Business Intelligence (Angles for Oracle Generator).

    Angles for Oracle Generator configures the Oracle BI metadata repository with subject areas containing folders, which hold Noetix views and answers. For each folder, Angles for Oracle Generator creates a user group. The Oracle BI administrator makes each Oracle BI user a member of these groups. This allows them to access the views and answers in the respective folders.

IBM Cognos BI

The following steps need to be performed while setting up users’ access to views and answers in IBM Cognos Business Intelligence (Cognos BI):

  1. Using the Security Manager dialog box, add Noetix query users of Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Responsibility (Type R) types for the Oracle E-Business Suite users and responsibilities, and assign roles to them. You can also add database users as Database User (Type U) type users. The roles assigned to the Database User (Type U) type users are automatically assigned to the respective database users. For information about creating query users and assigning roles, see Data Security in NoetixViewsand Data Security in NoetixViews. For information about how Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) type users gain access to views and answers in Cognos BI, see Data Access Privilege.

  2. Run Angles for Oracle Generator for IBM Cognos BI (Angles for Oracle Generator).

    Angles for Oracle Generator configures the Cognos Framework Manager model with packages containing folders. These folders contain the query subjects that are mapped to the views in the database. Angles for Oracle Generator creates folders that contain answers. It also creates roles that correspond to Noetix roles and are associated with the respective folders. The Cognos BI administrator grants these roles to the users that allow them to access the corresponding views and answers.

SAP BusinessObjects

The following steps need to be performed while setting up users’ access to views and answers in SAP BusinessObjects:

  1. Using the Security Manager dialog box, add Noetix query users of Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Responsibility (Type R) types for the Oracle E-Business Suite users and responsibilities, and assign roles to them. You can also add database users as Database User (Type U) type users. The roles assigned to the Database User (Type U) type users are automatically assigned to the respective database users. For information about creating query users and assigning roles, see Data Security in NoetixViews and Data Security in NoetixViews. For information about how Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) type users gain access to views and answers in BusinessObjects, see Data Access Privilege.

  2. Run Angles for Oracle Generator for SAP BusinessObjects (Angles for Oracle Generator).

    Angles for Oracle Generator configures the BusinessObjects Universes with classes and objects that are mapped to the views in the database and generates the answers. It also creates groups that correspond to Noetix roles. The BusinessObjects administrator grants these roles to the users that allow them to access the corresponding views and answers.

Data Access Privilege

In Noetix views, Oracle Applications mode or custom security can be applied to the data that is returned for BI tool users who may or may not be users of Oracle E-Business Suite.

Data access privilege imply the privileges of the Noetix query users or BI tool users who are linked to Noetix query users of the Oracle E-Business Suite Authenticated User (Type A) type to access data from Noetix views, such as rows from a Noetix view. In NoetixViews, the rows returned by the Noetix views for a Noetix query user is decided based on the row-level security set for the Noetix query user. When row-level security is applied, the Noetix query user's access to data within Noetix views corresponding to a role can be further restricted.

The row-level security consists of organizational unit security and application-specific security. Row-level security is supported in only global forms of the Noetix views for the following Oracle E-Business Suite modules:

  • Oracle Advanced Benefits

  • Oracle Assets

  • Oracle Bills of Material

  • Oracle Cost Management

  • Oracle Depot Repair

  • Oracle Enterprise Asset Management

  • Oracle Field Service

  • Oracle General Ledger

  • Oracle Human Resources

  • Oracle Install Base

  • Oracle Inventory

  • Oracle Master Scheduling/MRP

  • Oracle Order Management

  • Oracle Payables

  • Oracle Payroll

  • Oracle Projects

  • Oracle Purchasing

  • Oracle Quality

  • Oracle Receivables

  • Oracle Service Contracts

  • Oracle TeleService

  • Oracle Time and Labor

  • Oracle U.S. Federal Financials

  • Oracle Work in Process

NoetixViews support only application-specific security for the Noetix views corresponding to Depot Repair, Field Service, and TeleService.

For Noetix query users of the Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) types, the restrictions to access data are applied based on the data access privileges defined in Oracle E-Business Suite. For Noetix query users of the Database User (Type U) type, these restrictions are configured by the Noetix System Administration User (Type N) through NoetixViews Administrator. Row-level security is enforced by global views in the database when a Noetix query user queries data from them. Each global view has an access control list (ACL) that defines the organizational units that a Noetix query can access. These organizational units include business groups, ledgers/sets of books, operating units, and inventory organizations. When a Noetix query user queries data from global views, global views validate the user and ACL information and enforce the row-level security on the user.

Additionally, data security similar to row-level security is supported in standard and Cross Operations Extension (XOP) forms of Noetix views for General Ledger and U.S. Federal Financials. This type of security is also supported in standard form of Noetix views for Advanced Benefits, Human Resources, Time and Labor, and Payroll.

In Oracle E-Business Suite, an Oracle E-Business Suite user can be assigned multiple General Ledger responsibilities to which security rules are attached and multiple Oracle Human Resources Management System (HRMS) responsibilities to which security profiles are attached. After adding this user as a Noetix query user and assigning the Derived from Oracle EBS security mode in NoetixViews Administrator, when the Noetix query user or a BI tool user who is linked to this Noetix query user queries data from the global form of Noetix views for General Ledger, Advanced Benefits, Human Resources, Time and Labor, and Payroll through a business intelligence (BI) tool, the number of rows returned will be further filtered by the responsibility with which the user logs on.

Note: When custom responsibilities for custom applications in Oracle E-Business Suite are added as Noetix query users of the Oracle E-Business Suite Authenticated Responsibility (Type R) type, only custom security can be enforced on the Noetix query user. If the option to derive the security from Oracle E-Business Suite is applied, data will not be returned.

In BI tools, such as NWQ and Oracle Discoverer, Noetix query users of the Oracle
E-Business Suite Authenticated User (Type A) type can select a General Ledger or HRMS responsibility when they log on to these BI tools. After logging on, if the Noetix query users want to select a different General Ledger or HRMS responsibility, they will have to log off from the current user session, and log on to the BI tool again.

In BI tools such as Oracle Business Intelligence (Oracle BI), SAP BusinessObjects, and IBM Cognos Business Intelligence (Cognos BI), BI tool users log on with the responsibility associated with the Noetix query user of the Oracle E-Business Suite Authenticated User (Type A) type to which they are linked. After logging on, if the BI tool users want to select a different General Ledger or HRMS responsibility, they can run the Noetix Responsibility Tool to change the responsibility. This application allows BI tool users to change their General Ledger or HRMS responsibility without logging off from their current user session.

Organizational Unit Security

Organizational unit security is applied to Noetix query users based on their access to organizational units. These organizational units include business groups, ledgers/sets of books, operating units, and inventory organizations. In the global forms of Noetix views that support row-level security, the organizational unit security is applied by default. Additionally, organizational unit security is supported in standard and XOP forms of Noetix views for U.S. Federal Financials. Organizational unit security can be set up for the following types of Noetix query users:

  • Database User (Type U)

  • Oracle E-Business Suite Authenticated User (Type A)

  • Oracle E-Business Suite Authenticated Responsibility (Type R)

  • Noetix System Administration User (Type N)

NoetixViews also provides the functionality to override the organizational unit security defined for the Noetix query users of the Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) types in Oracle E-Business Suite.

NoetixViews supports organizational unit security for the global forms of the Noetix views for the following Oracle E-Business Suite modules:

Oracle E-Business Suite module

Organizational unit

Oracle Advanced Benefits, Oracle Human Resources, Oracle Time and Labor, and Oracle Payroll

Business group

Oracle Assets, Oracle General Ledger, and Oracle U.S. Federal Financials

Ledger/ Set of Books

Oracle Order Management, Oracle Payables, Oracle Projects, Oracle Purchasing,

Oracle Receivables, and Oracle Service Contracts

Operating unit

Oracle Install Base

Operating unit and Item Instance

Oracle Bills of Material, Oracle Cost Management, Oracle Enterprise Asset Management, Oracle Inventory, Oracle Master Scheduling/MRP,

Oracle Quality, and Oracle Work in Process

Inventory organization

Also, for Oracle E-Business Suite Release 12 and later, global form of Noetix views support organizational unit security provided by the Multi-Org Access Control (MOAC) feature for Noetix query users of the Oracle E-Business Suite Authenticated User (Type A) type.

Application-Specific Security

Application-specific security is applied over the existing organizational unit based security applied to Noetix query users. The application-specific security restricts their access to data in Noetix views based on security rules, security profiles, budget access levels, and service request types. NoetixViews supports application-specific security in global Noetix views for the following Oracle E-Business Suite modules:

Oracle E-Business Suite module

Application-specific security based on

Advanced Benefits, Human Resources, Time and Labor, and Payroll

Security profiles

General Ledger

Security rules for the Accounting Flexfield

U.S. Federal Financials

Budget access levels

Oracle Depot Repair, Oracle Field Service, and Oracle TeleService

Service request types

Application-specific security is also supported in standard and XOP forms of views for U.S. Federal Financials and General Ledger and in standard form of views for Human Resources, Advanced Benefits, Payroll, and Time and Labor. By default, for the standard views of Human Resources, Advanced Benefits, Payroll, and Time and Labor, application-specific security is defined in Oracle E-Business Suite and cannot be modified through NoetixViews Administrator.

Application-specific security that is applied based on security rules and budget access levels can be set up for the following Noetix query users:

  • Database User (Type U)

  • Oracle E-Business Suite Authenticated User (Type A)

  • Oracle E-Business Suite Authenticated Responsibility (Type R)

  • Noetix System Administration User (Type N)

Application-specific security that is applied based on security profiles can be set up for the following Noetix query users:

  • Oracle E-Business Suite Authenticated User (Type A)

  • Oracle E-Business Suite Authenticated Responsibility (Type R)

Note: For Noetix query users of the Database User (Type U) and Noetix System Administration User (Type N) types, the security profiles will apply only if the Noetix query users are also defined in Human Resources as reporting users for the security profiles.

NoetixViews also provides the functionality to override the application-specific security defined for the Noetix query users of the Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) types in Oracle E-Business Suite.

The following list provides information about the Noetix views that support application-specific security:

For Advanced Benefits, the following views support application-specific security:

  • BEN COBRA Beneficiaries

  • BEN Elig Elec Enrollments

  • BEN Emp Dependents

  • BEN Life Evnt Workflow

  • BEN Payroll Ben Costs

  • BEN Potential Life Evnts

  • BEN Ptpnt Benefit Costs

  • BEN Ptpnt Communications

  • BEN Ptpnt Court Orders

  • BEN Ptpnt Electabilities

  • BEN Ptpnt Eligibilities

  • BEN Ptpnt Enroll Actions

  • BEN Ptpnt Enrollments

  • BEN Ptpnt Flex Credits

  • BEN Ptpnt Flex Spending

  • BEN Ptpnt Life Events

  • BEN Ptpnt Mthly Premiums

For Depot Repair, the following views support application-specific security:

  • CSD AP Repair Invoices

  • CSD AR Repair Invoices

  • CSD OE Repair Actuals

  • CSD OE Repair RMA Orders

  • CSD OE Repair Shipments

  • CSD PO Repair Req Orders

  • CSD Repair Estimate Notes

  • CSD Repair Estimates

  • CSD Repair Notes

  • CSD Repair Order Services

  • CSD Repair Orders

  • CSD Repair Task Notes

  • CSD Repair Tasks

  • CSD Service Requests

  • CSD WIP Repair Jobs

For Field Service, the following views support application-specific security:

  • CSF Debrief Charge Lines

  • CSF Debrief Expense Lines

  • CSF Debrief Labor Lines

  • CSF Debrief Material Lines

  • CSF Task Resources

For TeleService, the following views support application-specific security:

  • CS Interaction Activities

  • CS Service Request Audits

  • CS Service Request Notes

  • CS Service Request Tasks

  • CS Service Requests

  • CS SR Attachments

  • CS SR Task Audits

  • CS Task Notes

For U.S. Federal Financials, the following views support application-specific security:

  • FV Budget Appr GL JE

  • FV Budget Auth SLA GL JE

  • FV Budget Authority Trans

  • FV Budget Transactions

  • FV Fund Distr GL JE

  • FV Fund Distr SLA GL JE

  • FV Fund Distributions

  • FV SLA Budget Auth Trans

  • FV SLA Budget RPR Trans

  • FV SLA Budget Trans

  • FV SLA Fund Distributions

For General Ledger, the following views support application-specific security:

  • GL All Balances

  • GL All Budgets

  • GL All Encumb Je Lines

  • GL All Je Lines

  • GL AP Inv Je Line Details

  • GL Archived Balances

  • GL Archived Je Lines

  • GL Balances

  • GL Budget Actuals Encumb

  • GL Budget To Actuals

  • GL Budgets

  • GL Encumbrance Balances

  • GL Foreign Balances

  • GL Foreign Je Lines

  • GL Foreign Summaries

  • GL Funds Available

  • GL Je AP Inv Dist Details

  • GL Je AP Pmt Dist Details

  • GL Je SLA AP Inv Dist

  • GL Je SLA AP Pmt Dist

  • GL Je SLA AR Adj Dist

  • GL Je SLA AR Misc Rcpt Dist

  • GL Je SLA AR Std Rcpt Dist

  • GL Je SLA AR Tran Dist

  • GL Je Tran AR Adj Dist

  • GL Je Tran AR Misc Dist

  • GL Je Tran AR Pymt Dist

  • GL Je Tran AR Tran Dist

  • GL Journal Entry Lines

  • GL Org Balances

  • GL Org Budget To Actuals

  • GL Org Budgets

  • GL Parent Budget To Actuals

  • GL Parent Child Balances

  • GL Parent Child Budgets

  • GL Rollup Account Balances

  • GL Rollup Account Budgets

  • GL Rollup Parent Balances

  • GL Rollup Parent Budgets

  • GL Stat Balances

  • GL Stat Budget To Actuals

  • GL Stat Budgets

  • GL Summary Balances

  • GL Summary Budget To Actuals

  • GL Summary Budgets

  • XLA GL All Balances

  • XLA GL Journal Lines

  • XLA SLA Hub Journal Lines

For Human Resources, the following views support application-specific security:

  • HR Accrual Pln Hist

  • HR Address Hist

  • HR AP 1099 Payments

  • HR Applicant Hist

  • HR Ben Elig Info

  • HR Budgets

  • HR Carrier Asg Hist

  • HR COBRA Prem Stat

  • HR COBRA Track

  • HR Contact Hist

  • HR Contingent Worker Info

  • HR EI Academic Rank

  • HR EI Asg Ben Derived

  • HR EI Asg Federal

  • HR EI Asg Locality

  • HR EI Asg Types

  • HR EI GHR Probations

  • HR EI GHR Sep Retire

  • HR EI Job Types

  • HR EI Loc Types

  • HR EI Per Types

  • HR EI Pos Types

  • HR EI US Add Details

  • HR EI US Passport Dtls

  • HR EI US Visa Dtls

  • HR Element Links

  • HR Emp Absence Hist

  • HR Emp ADA Info

  • HR Emp Asg Details

  • HR Emp Assign Costs

  • HR Emp Assign Costs Hist

  • HR Emp Assign Hist

  • HR Emp Ben Health

  • HR Emp Ben Others

  • HR Emp Beneficiary

  • HR Emp Element Entry Vals

  • HR Emp Emergency

  • HR Emp Ethnic Info

  • HR Emp Headcnt Hist

  • HR Emp Headcounts

  • HR Emp Info

  • HR Emp LOS

  • HR Emp Reviews

  • HR Emp Sal Analysis

  • HR Emp Sal Hist

  • HR Emp Sal Pro Current

  • HR Emp Sal Pro Hist

  • HR Emp Tax Details

  • HR Emp Terms Hist

  • HR Emp Total Comp

  • HR Emp Veteran Info

  • HR Emp Work Hist

  • HR Emp Xfers Hist

  • HR New Hire Hist

  • HR Oth Headcnt Hist

  • HR Pay Scales

  • HR People Grp Hist

  • HR Person Hist

  • HR Phones Hist

  • HR Pos Hierarchies

  • HR Pos Requirements

  • HR Req Vac Track

  • HR Schools Attended

  • HR SI Type

  • HR Turnover Hist

  • HR Vac Job Match

  • HR Vac Pos Match

For Time and Labor, the following views support application-specific security:

  • HXC Assignment Time Info

  • HXC BEE Batch Headers

  • HXC BEE Batch Lines

  • HXC BEE Error Messages

  • HXC PUI Latest Timecards

  • HXC PUI Missing Timecards

  • HXC PUI Timecard History

  • HXC SS Latest Timecards

  • HXC SS Missing Timecards

  • HXC SS Time Category Hours

  • HXC SS Timecard History

  • HXC Timecard Summary

For Payroll, the following views support application-specific security:

  • PAY Accruals

  • PAY Check Register

  • PAY Costing Analysis

  • PAY Costing Details

  • PAY Costing Summary

  • PAY Custom Balances

  • PAY Deductions Owed

  • PAY Emp Not Paid

  • PAY Gre Totals

  • PAY Gross And Net Balances

  • PAY Gross To Net Summary

  • PAY Hours By Cost Center

  • PAY Invalid Addresses

  • PAY Payment Methods

  • PAY Payment Register

  • PAY Payroll Activities

  • PAY Payroll Audit

  • PAY Payroll Messages

  • PAY Payroll Proc Summary

  • PAY Run Results

  • PAY Tax Balances

  • PAY Third Party Register

  • PAY US Payroll Register

  • PAY US W2 Register

  • PAY Void Payments

Published:

Data Security in NoetixViews

The data security model provided in NoetixViews has the following components:

  • User authentication: This component concerns the validation of the credentials provided by the user while logging on to business intelligence (BI) tools. The credentials consist of a user name, a password, and, at times, an Oracle E-Business Suite responsibility.

  • View and answer authorization: This component concerns the privileges of a user to query a Noetix view or run a Noetix answer. Users obtain these privileges by being granted a Noetix role or an access to a folder that contains the views or answers in the BI tools. For information, see “View and Answer Authorization”.

  • Data access privilege: This component concerns the privilege of a user to access specific data or rows from a Noetix view. This access is determined by the settings of the Noetix query user that is associated with the user querying the data from the views in the BI tool. For information, see Data Access Privilege.

View and Answer Authorization

For querying a view or running an answer in the business intelligence (BI) tool, users need to be assigned the required privileges. For assigning these privileges, the following are done:

  • For each BI tool user, a corresponding Noetix query user is created. The query user is assigned a Noetix role through the Security Manager dialog box. The role assigned to the query user allows the user to access a set of views corresponding to the role in the BI tool.

  • The BI tool user is granted access to a folder, business area, group, or role that contains the views or answers in the BI tools. After these privileges are granted, the users can access all the respective views or answers.

Noetix Generators automatically configure access to views and answers in the BI tool for a BI tool user based on the Noetix roles assigned to the associated Noetix query user. In some BI tools where the Noetix Generators do not configure access to views and answers automatically for a BI tool user, the administrator of the BI tool has to manually grant the required permissions to the BI tool user.

The following subsections explain how users are provided with authorization to query views and run answers in various BI tools:

NWQ

The following steps need to be performed while setting up users’ access to views and answers in NWQ:

  1. Using the Security Manager dialog box, add Noetix query users of Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Responsibility (Type R) types for the Oracle E-Business Suite users and responsibilities, and assign roles to them. You can also add database users as Database User (Type U) type users. The roles assigned to the Database User (Type U) type users are automatically assigned to the respective database users in the Oracle database. For information about creating query users and assigning roles, see Data Security in NoetixViews and Data Security in NoetixViews. For information about how Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) type users gain access to views and answers in Oracle BI, see Data Access Privilege.

  2. Run Angles for Oracle Generator for Noetix Platform—Oracle E-Business Suite Edition (Platform Generator).

Angles for Oracle Generator creates folders in NWQ for containing the views and answers that correspond to Noetix roles. It also creates NWQ users for each Database User (Type U) and Oracle E-Business Suite Authenticated User (Type A) type users. A user is also set up for each Oracle E-Business Suite user assigned to the responsibility of the Oracle E-Business Suite Authenticated Responsibility (Type R) type users. Angles for Oracle Generator grants NWQ users those answer folders in NWQ that correspond to the roles assigned to the query user. However, Angles for Oracle Generator does not grant the users access to the NWQ folders containing views. This step is performed by the Noetix Platform administrator.

Oracle Discoverer

The following steps need to be performed while setting up users’ access to views in Oracle Discoverer. Noetix answers are not generated into Discoverer.

  1. Using the Security Manager dialog box, add Noetix query users of Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Responsibility (Type R) types for the Oracle E-Business Suite users and responsibilities, and assign roles to them. You can also add database users as Database User (Type U) type users. The roles assigned to the Database User (Type U) type users are automatically assigned to the respective database users in the Oracle database. For information about creating query users and assigning roles, see Data Security in NoetixViews and Data Security in NoetixViews. For information about how Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) type users gain access to views and answers in Oracle BI, see Data Access Privilege.

  2. Run Angles for Oracle Generator for Oracle Discoverer (Angles for Oracle Generator).

    Angles for Oracle Generator creates business areas for each extracted Noetix role. The folders in each business area correspond to the views of that role. Angles for Oracle Generator also automatically configures each user’s access to the business areas. For Applications Mode End User Layers (EULs), Angles for Oracle Generator maps Oracle
    E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) type users to their corresponding Oracle E-Business Suite user or responsibility. They are also granted access to the business areas in the EULs based on the roles assigned to the corresponding Noetix query users. For standard EULs, Angles for Oracle Generator maps the Database User (Type U) type users to their corresponding database user in the Oracle Database and grants them the business areas that correspond to the roles assigned to the query user.

Oracle BI

The following steps need to be performed while setting up users’ access to views and answers in Oracle Business Intelligence (Oracle BI):

  1. Using the Security Manager dialog box, add Noetix query users of Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Responsibility (Type R) types for the Oracle E-Business Suite users and responsibilities, and assign roles to them. You can also add database users as Database User (Type U) type users. The roles assigned to the Database User (Type U) type users are automatically assigned to the respective database users. For information about creating query users and assigning roles, see Data Security in NoetixViews and Data Security in NoetixViews. For information about how Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) type users gain access to views and answers in Oracle BI, see Data Access Privilege.

  2. Run Angles for Oracle Generator for Oracle Business Intelligence (Angles for Oracle Generator).

    Angles for Oracle Generator configures the Oracle BI metadata repository with subject areas containing folders, which hold Noetix views and answers. For each folder, Angles for Oracle Generator creates a user group. The Oracle BI administrator makes each Oracle BI user a member of these groups. This allows them to access the views and answers in the respective folders.

IBM Cognos BI

The following steps need to be performed while setting up users’ access to views and answers in IBM Cognos Business Intelligence (Cognos BI):

  1. Using the Security Manager dialog box, add Noetix query users of Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Responsibility (Type R) types for the Oracle E-Business Suite users and responsibilities, and assign roles to them. You can also add database users as Database User (Type U) type users. The roles assigned to the Database User (Type U) type users are automatically assigned to the respective database users. For information about creating query users and assigning roles, see Data Security in NoetixViewsand Data Security in NoetixViews. For information about how Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) type users gain access to views and answers in Cognos BI, see Data Access Privilege.

  2. Run Angles for Oracle Generator for IBM Cognos BI (Angles for Oracle Generator).

    Angles for Oracle Generator configures the Cognos Framework Manager model with packages containing folders. These folders contain the query subjects that are mapped to the views in the database. Angles for Oracle Generator creates folders that contain answers. It also creates roles that correspond to Noetix roles and are associated with the respective folders. The Cognos BI administrator grants these roles to the users that allow them to access the corresponding views and answers.

SAP BusinessObjects

The following steps need to be performed while setting up users’ access to views and answers in SAP BusinessObjects:

  1. Using the Security Manager dialog box, add Noetix query users of Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Responsibility (Type R) types for the Oracle E-Business Suite users and responsibilities, and assign roles to them. You can also add database users as Database User (Type U) type users. The roles assigned to the Database User (Type U) type users are automatically assigned to the respective database users. For information about creating query users and assigning roles, see Data Security in NoetixViews and Data Security in NoetixViews. For information about how Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) type users gain access to views and answers in BusinessObjects, see Data Access Privilege.

  2. Run Angles for Oracle Generator for SAP BusinessObjects (Angles for Oracle Generator).

    Angles for Oracle Generator configures the BusinessObjects Universes with classes and objects that are mapped to the views in the database and generates the answers. It also creates groups that correspond to Noetix roles. The BusinessObjects administrator grants these roles to the users that allow them to access the corresponding views and answers.

Data Access Privilege

In Noetix views, Oracle Applications mode or custom security can be applied to the data that is returned for BI tool users who may or may not be users of Oracle E-Business Suite.

Data access privilege imply the privileges of the Noetix query users or BI tool users who are linked to Noetix query users of the Oracle E-Business Suite Authenticated User (Type A) type to access data from Noetix views, such as rows from a Noetix view. In NoetixViews, the rows returned by the Noetix views for a Noetix query user is decided based on the row-level security set for the Noetix query user. When row-level security is applied, the Noetix query user's access to data within Noetix views corresponding to a role can be further restricted.

The row-level security consists of organizational unit security and application-specific security. Row-level security is supported in only global forms of the Noetix views for the following Oracle E-Business Suite modules:

  • Oracle Advanced Benefits

  • Oracle Assets

  • Oracle Bills of Material

  • Oracle Cost Management

  • Oracle Depot Repair

  • Oracle Enterprise Asset Management

  • Oracle Field Service

  • Oracle General Ledger

  • Oracle Human Resources

  • Oracle Install Base

  • Oracle Inventory

  • Oracle Master Scheduling/MRP

  • Oracle Order Management

  • Oracle Payables

  • Oracle Payroll

  • Oracle Projects

  • Oracle Purchasing

  • Oracle Quality

  • Oracle Receivables

  • Oracle Service Contracts

  • Oracle TeleService

  • Oracle Time and Labor

  • Oracle U.S. Federal Financials

  • Oracle Work in Process

NoetixViews support only application-specific security for the Noetix views corresponding to Depot Repair, Field Service, and TeleService.

For Noetix query users of the Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) types, the restrictions to access data are applied based on the data access privileges defined in Oracle E-Business Suite. For Noetix query users of the Database User (Type U) type, these restrictions are configured by the Noetix System Administration User (Type N) through NoetixViews Administrator. Row-level security is enforced by global views in the database when a Noetix query user queries data from them. Each global view has an access control list (ACL) that defines the organizational units that a Noetix query can access. These organizational units include business groups, ledgers/sets of books, operating units, and inventory organizations. When a Noetix query user queries data from global views, global views validate the user and ACL information and enforce the row-level security on the user.

Additionally, data security similar to row-level security is supported in standard and Cross Operations Extension (XOP) forms of Noetix views for General Ledger and U.S. Federal Financials. This type of security is also supported in standard form of Noetix views for Advanced Benefits, Human Resources, Time and Labor, and Payroll.

In Oracle E-Business Suite, an Oracle E-Business Suite user can be assigned multiple General Ledger responsibilities to which security rules are attached and multiple Oracle Human Resources Management System (HRMS) responsibilities to which security profiles are attached. After adding this user as a Noetix query user and assigning the Derived from Oracle EBS security mode in NoetixViews Administrator, when the Noetix query user or a BI tool user who is linked to this Noetix query user queries data from the global form of Noetix views for General Ledger, Advanced Benefits, Human Resources, Time and Labor, and Payroll through a business intelligence (BI) tool, the number of rows returned will be further filtered by the responsibility with which the user logs on.

Note: When custom responsibilities for custom applications in Oracle E-Business Suite are added as Noetix query users of the Oracle E-Business Suite Authenticated Responsibility (Type R) type, only custom security can be enforced on the Noetix query user. If the option to derive the security from Oracle E-Business Suite is applied, data will not be returned.

In BI tools, such as NWQ and Oracle Discoverer, Noetix query users of the Oracle
E-Business Suite Authenticated User (Type A) type can select a General Ledger or HRMS responsibility when they log on to these BI tools. After logging on, if the Noetix query users want to select a different General Ledger or HRMS responsibility, they will have to log off from the current user session, and log on to the BI tool again.

In BI tools such as Oracle Business Intelligence (Oracle BI), SAP BusinessObjects, and IBM Cognos Business Intelligence (Cognos BI), BI tool users log on with the responsibility associated with the Noetix query user of the Oracle E-Business Suite Authenticated User (Type A) type to which they are linked. After logging on, if the BI tool users want to select a different General Ledger or HRMS responsibility, they can run the Noetix Responsibility Tool to change the responsibility. This application allows BI tool users to change their General Ledger or HRMS responsibility without logging off from their current user session.

Organizational Unit Security

Organizational unit security is applied to Noetix query users based on their access to organizational units. These organizational units include business groups, ledgers/sets of books, operating units, and inventory organizations. In the global forms of Noetix views that support row-level security, the organizational unit security is applied by default. Additionally, organizational unit security is supported in standard and XOP forms of Noetix views for U.S. Federal Financials. Organizational unit security can be set up for the following types of Noetix query users:

  • Database User (Type U)

  • Oracle E-Business Suite Authenticated User (Type A)

  • Oracle E-Business Suite Authenticated Responsibility (Type R)

  • Noetix System Administration User (Type N)

NoetixViews also provides the functionality to override the organizational unit security defined for the Noetix query users of the Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) types in Oracle E-Business Suite.

NoetixViews supports organizational unit security for the global forms of the Noetix views for the following Oracle E-Business Suite modules:

Oracle E-Business Suite module

Organizational unit

Oracle Advanced Benefits, Oracle Human Resources, Oracle Time and Labor, and Oracle Payroll

Business group

Oracle Assets, Oracle General Ledger, and Oracle U.S. Federal Financials

Ledger/ Set of Books

Oracle Order Management, Oracle Payables, Oracle Projects, Oracle Purchasing,

Oracle Receivables, and Oracle Service Contracts

Operating unit

Oracle Install Base

Operating unit and Item Instance

Oracle Bills of Material, Oracle Cost Management, Oracle Enterprise Asset Management, Oracle Inventory, Oracle Master Scheduling/MRP,

Oracle Quality, and Oracle Work in Process

Inventory organization

Also, for Oracle E-Business Suite Release 12 and later, global form of Noetix views support organizational unit security provided by the Multi-Org Access Control (MOAC) feature for Noetix query users of the Oracle E-Business Suite Authenticated User (Type A) type.

Application-Specific Security

Application-specific security is applied over the existing organizational unit based security applied to Noetix query users. The application-specific security restricts their access to data in Noetix views based on security rules, security profiles, budget access levels, and service request types. NoetixViews supports application-specific security in global Noetix views for the following Oracle E-Business Suite modules:

Oracle E-Business Suite module

Application-specific security based on

Advanced Benefits, Human Resources, Time and Labor, and Payroll

Security profiles

General Ledger

Security rules for the Accounting Flexfield

U.S. Federal Financials

Budget access levels

Oracle Depot Repair, Oracle Field Service, and Oracle TeleService

Service request types

Application-specific security is also supported in standard and XOP forms of views for U.S. Federal Financials and General Ledger and in standard form of views for Human Resources, Advanced Benefits, Payroll, and Time and Labor. By default, for the standard views of Human Resources, Advanced Benefits, Payroll, and Time and Labor, application-specific security is defined in Oracle E-Business Suite and cannot be modified through NoetixViews Administrator.

Application-specific security that is applied based on security rules and budget access levels can be set up for the following Noetix query users:

  • Database User (Type U)

  • Oracle E-Business Suite Authenticated User (Type A)

  • Oracle E-Business Suite Authenticated Responsibility (Type R)

  • Noetix System Administration User (Type N)

Application-specific security that is applied based on security profiles can be set up for the following Noetix query users:

  • Oracle E-Business Suite Authenticated User (Type A)

  • Oracle E-Business Suite Authenticated Responsibility (Type R)

Note: For Noetix query users of the Database User (Type U) and Noetix System Administration User (Type N) types, the security profiles will apply only if the Noetix query users are also defined in Human Resources as reporting users for the security profiles.

NoetixViews also provides the functionality to override the application-specific security defined for the Noetix query users of the Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) types in Oracle E-Business Suite.

The following list provides information about the Noetix views that support application-specific security:

For Advanced Benefits, the following views support application-specific security:

  • BEN COBRA Beneficiaries

  • BEN Elig Elec Enrollments

  • BEN Emp Dependents

  • BEN Life Evnt Workflow

  • BEN Payroll Ben Costs

  • BEN Potential Life Evnts

  • BEN Ptpnt Benefit Costs

  • BEN Ptpnt Communications

  • BEN Ptpnt Court Orders

  • BEN Ptpnt Electabilities

  • BEN Ptpnt Eligibilities

  • BEN Ptpnt Enroll Actions

  • BEN Ptpnt Enrollments

  • BEN Ptpnt Flex Credits

  • BEN Ptpnt Flex Spending

  • BEN Ptpnt Life Events

  • BEN Ptpnt Mthly Premiums

For Depot Repair, the following views support application-specific security:

  • CSD AP Repair Invoices

  • CSD AR Repair Invoices

  • CSD OE Repair Actuals

  • CSD OE Repair RMA Orders

  • CSD OE Repair Shipments

  • CSD PO Repair Req Orders

  • CSD Repair Estimate Notes

  • CSD Repair Estimates

  • CSD Repair Notes

  • CSD Repair Order Services

  • CSD Repair Orders

  • CSD Repair Task Notes

  • CSD Repair Tasks

  • CSD Service Requests

  • CSD WIP Repair Jobs

For Field Service, the following views support application-specific security:

  • CSF Debrief Charge Lines

  • CSF Debrief Expense Lines

  • CSF Debrief Labor Lines

  • CSF Debrief Material Lines

  • CSF Task Resources

For TeleService, the following views support application-specific security:

  • CS Interaction Activities

  • CS Service Request Audits

  • CS Service Request Notes

  • CS Service Request Tasks

  • CS Service Requests

  • CS SR Attachments

  • CS SR Task Audits

  • CS Task Notes

For U.S. Federal Financials, the following views support application-specific security:

  • FV Budget Appr GL JE

  • FV Budget Auth SLA GL JE

  • FV Budget Authority Trans

  • FV Budget Transactions

  • FV Fund Distr GL JE

  • FV Fund Distr SLA GL JE

  • FV Fund Distributions

  • FV SLA Budget Auth Trans

  • FV SLA Budget RPR Trans

  • FV SLA Budget Trans

  • FV SLA Fund Distributions

For General Ledger, the following views support application-specific security:

  • GL All Balances

  • GL All Budgets

  • GL All Encumb Je Lines

  • GL All Je Lines

  • GL AP Inv Je Line Details

  • GL Archived Balances

  • GL Archived Je Lines

  • GL Balances

  • GL Budget Actuals Encumb

  • GL Budget To Actuals

  • GL Budgets

  • GL Encumbrance Balances

  • GL Foreign Balances

  • GL Foreign Je Lines

  • GL Foreign Summaries

  • GL Funds Available

  • GL Je AP Inv Dist Details

  • GL Je AP Pmt Dist Details

  • GL Je SLA AP Inv Dist

  • GL Je SLA AP Pmt Dist

  • GL Je SLA AR Adj Dist

  • GL Je SLA AR Misc Rcpt Dist

  • GL Je SLA AR Std Rcpt Dist

  • GL Je SLA AR Tran Dist

  • GL Je Tran AR Adj Dist

  • GL Je Tran AR Misc Dist

  • GL Je Tran AR Pymt Dist

  • GL Je Tran AR Tran Dist

  • GL Journal Entry Lines

  • GL Org Balances

  • GL Org Budget To Actuals

  • GL Org Budgets

  • GL Parent Budget To Actuals

  • GL Parent Child Balances

  • GL Parent Child Budgets

  • GL Rollup Account Balances

  • GL Rollup Account Budgets

  • GL Rollup Parent Balances

  • GL Rollup Parent Budgets

  • GL Stat Balances

  • GL Stat Budget To Actuals

  • GL Stat Budgets

  • GL Summary Balances

  • GL Summary Budget To Actuals

  • GL Summary Budgets

  • XLA GL All Balances

  • XLA GL Journal Lines

  • XLA SLA Hub Journal Lines

For Human Resources, the following views support application-specific security:

  • HR Accrual Pln Hist

  • HR Address Hist

  • HR AP 1099 Payments

  • HR Applicant Hist

  • HR Ben Elig Info

  • HR Budgets

  • HR Carrier Asg Hist

  • HR COBRA Prem Stat

  • HR COBRA Track

  • HR Contact Hist

  • HR Contingent Worker Info

  • HR EI Academic Rank

  • HR EI Asg Ben Derived

  • HR EI Asg Federal

  • HR EI Asg Locality

  • HR EI Asg Types

  • HR EI GHR Probations

  • HR EI GHR Sep Retire

  • HR EI Job Types

  • HR EI Loc Types

  • HR EI Per Types

  • HR EI Pos Types

  • HR EI US Add Details

  • HR EI US Passport Dtls

  • HR EI US Visa Dtls

  • HR Element Links

  • HR Emp Absence Hist

  • HR Emp ADA Info

  • HR Emp Asg Details

  • HR Emp Assign Costs

  • HR Emp Assign Costs Hist

  • HR Emp Assign Hist

  • HR Emp Ben Health

  • HR Emp Ben Others

  • HR Emp Beneficiary

  • HR Emp Element Entry Vals

  • HR Emp Emergency

  • HR Emp Ethnic Info

  • HR Emp Headcnt Hist

  • HR Emp Headcounts

  • HR Emp Info

  • HR Emp LOS

  • HR Emp Reviews

  • HR Emp Sal Analysis

  • HR Emp Sal Hist

  • HR Emp Sal Pro Current

  • HR Emp Sal Pro Hist

  • HR Emp Tax Details

  • HR Emp Terms Hist

  • HR Emp Total Comp

  • HR Emp Veteran Info

  • HR Emp Work Hist

  • HR Emp Xfers Hist

  • HR New Hire Hist

  • HR Oth Headcnt Hist

  • HR Pay Scales

  • HR People Grp Hist

  • HR Person Hist

  • HR Phones Hist

  • HR Pos Hierarchies

  • HR Pos Requirements

  • HR Req Vac Track

  • HR Schools Attended

  • HR SI Type

  • HR Turnover Hist

  • HR Vac Job Match

  • HR Vac Pos Match

For Time and Labor, the following views support application-specific security:

  • HXC Assignment Time Info

  • HXC BEE Batch Headers

  • HXC BEE Batch Lines

  • HXC BEE Error Messages

  • HXC PUI Latest Timecards

  • HXC PUI Missing Timecards

  • HXC PUI Timecard History

  • HXC SS Latest Timecards

  • HXC SS Missing Timecards

  • HXC SS Time Category Hours

  • HXC SS Timecard History

  • HXC Timecard Summary

For Payroll, the following views support application-specific security:

  • PAY Accruals

  • PAY Check Register

  • PAY Costing Analysis

  • PAY Costing Details

  • PAY Costing Summary

  • PAY Custom Balances

  • PAY Deductions Owed

  • PAY Emp Not Paid

  • PAY Gre Totals

  • PAY Gross And Net Balances

  • PAY Gross To Net Summary

  • PAY Hours By Cost Center

  • PAY Invalid Addresses

  • PAY Payment Methods

  • PAY Payment Register

  • PAY Payroll Activities

  • PAY Payroll Audit

  • PAY Payroll Messages

  • PAY Payroll Proc Summary

  • PAY Run Results

  • PAY Tax Balances

  • PAY Third Party Register

  • PAY US Payroll Register

  • PAY US W2 Register

  • PAY Void Payments

For an optimal Community experience, Please view on Desktop