Categories
How to create proxy connection from DV to oracle database?
We have already implemented data security on database level. Now we would like to use that in datasets. The idea is that we would have only one connection for all the users, but each user would see only the data which he is allowed to. (As defined on the database).
What I currently see it that each user can create his own connection. But if he shares DV report based on that dataset then all the users would see all the data. We would like to give end users the chance to prepare reports for other users, but we don't want to lose the ability to control which user can see which data.
Answers
-
Hi
You can explore setting filters at the dataset level for the relevant tables .Check -
Thanks
Gayathri
1 -
Those are just normal filters. With database security I meant access to tables and rows. With Virtual Private Database you can set really granular security on database level. We don't want to maintain it on two places.
0 -
@Matjaz Zupan - The feature you are looking for is only available for databases where Oracle Analytics supports impersonation. An example of this is Oracle Essbase, where this functionality can be handled while creating the connection.
Reference:
For other databases types it needs to be done at dataset level.
2 -
@Matjaz Zupan You may check the following link
https://docs.oracle.com/en/middleware/bi/analytics-server/metadata-oas/row-level-security.html#GUID-77F6D5E2-6845-457F-A643-DE7FFD7AE1E6
=> Setting Up Row-Level Security in the Database0 -
This works fine if you model everything in RPD. But If you would like to use Database connection then this doesn't work. If you would like to allow end users to add additional tables to the dataset then this solution is not good enough. There is really nice article on how to use proxy user in RPD. But this doesn't work with DV connections as you can't use variable as username.
1 -
@Matjaz Zupan
As you are already aware, the recommended approach is to use the Enterprise Semantic model for data-level security (row-level) to be applied to a data visualization (dv) project. The project must use an RPD subject area as the data set. This is the most robust solution for enterprise and departmental use cases.
However, OAC (and OAS) have released a new(ish) feature that may work for your usecaseLastly, for simple use cases in a calculation or flitter ,you can create a calculation and use the System > USER() function call or the VALUEOF(NQ_SESSION.ROLES)
This will return the name of the user currently logged in or the user application roles
You would have to edit or modify your data so that it returns usernames (such as a user intersection table), then you could filter the DV project based on that user that is logged in.
It is not ideal, but if the use-case is simple, this method can work.
Reference:
How To Implement Data-Level Security In Oracle Analytics Data Visualization Data Sets (Doc ID 2396406.1)
Other comments, welcomed.2 -
Please have a look to
This can be turned to match your use case tested with smiliar user case and worked
1
