Oracle Analytics Cloud and Server Idea Lab

Home Oracle Analytics Oracle Analytics Idea Labs Oracle Analytics Cloud and Server Idea Lab

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

Implement True Object-Level Visibility Security in OAC DV

Submitted
17
Views
0
Comments
Ajinkya Vyawahare
Ajinkya Vyawahare Rank 5 - Community Champion
in Oracle Analytics Cloud and Server Idea Lab

Problem Statement

Currently, Oracle Analytics Cloud Data Visualization has a critical security limitation where all users can see all DV objects in the catalog, regardless of their assigned application roles. This occurs because:

  • Every application role inherits DV Consumer permissions by default
  • DV Consumer role cannot be deleted or modified
  • Object visibility is not controlled at the application role level
  • Users see object tiles/icons even for content they cannot access

Business Impact

This limitation creates serious enterprise security and compliance issues:

Real-World Example

CEO Dashboard containing sensitive financial metrics and strategic data is visible in the catalog to all managers, directors, and other users - even though they cannot open it. This violates:

  • Data governance policies
  • Principle of least privilege
  • Regulatory compliance requirements (SOX, GDPR)
  • Executive confidentiality standards

Current Workaround Limitations

  • Cannot remove DV Consumer role from application roles
  • Project-level sharing only controls access, not visibility
  • Folder organization doesn't hide objects from catalog view
  • Fine-grained permissions (Nov 2023 update) only control access, not catalog visibility

Proposed Solution

Implement true object-level visibility controls that:

  1. Separate Visibility from Access: Allow administrators to control both who can see objects and who can access them
  2. Application Role Integration: Enable application roles to control catalog visibility, not just access permissions
  3. Granular Catalog Controls: Provide options to hide specific objects/folders from users without appropriate roles
  4. Administrative Override: Allow admins to configure whether objects are visible by default or require explicit visibility grants

Expected Benefits

  • Enhanced Security: Sensitive content remains completely hidden from unauthorized users
  • Regulatory Compliance: Meets enterprise data governance requirements
  • Improved User Experience: Users only see relevant content in their catalogs
  • Enterprise Adoption: Makes OAC DV suitable for organizations with strict hierarchical data access requirements

Use Cases

  • Executive Dashboards: Hide C-level financial and strategic reports
  • HR Analytics: Restrict visibility of compensation and performance data
  • Regional Data: Show only relevant geographic content to regional users
  • Department-Specific: Display only relevant departmental content to respective teams

Implementation Suggestions

  1. Add a new permission type: "Catalog Visibility" separate from "Access"
  2. Enable application role-based visibility rules
  3. Provide catalog filtering options in admin console
  4. Allow object-level visibility settings during creation/sharing

Community Impact

This enhancement would make OAC DV enterprise-ready for organizations requiring strict data confidentiality while maintaining the collaborative features that make Data Visualization powerful.

Please vote if you believe Oracle Analytics Cloud needs true object-level visibility security controls!

Tagged:
7
Up
7 votes

Submitted · Last Updated