Oracle Analytics Cloud: Unwinding User Security in Data Visualization
January 31, 2019
As we were recently setting up several projects in Oracle’s Data Visualization service (part of OAC) and applying security to ensure only the pertinent users could view their appropriate data sets and dashboards, we hit a couple of snags in the process trying to get it to work exactly how we envisioned. No fear though, we decided to document our findings and highlight the ins and outs of security within the tool and how it should be applied to achieve the intended results.
If you are new to Oracle’s Data Visualization service, referred to as DV for short, it is a tool that helps businesses share complex stories about their data. This service gives users the ability to create interactive visuals and seamlessly share their creations. As the saying goes, “With great power comes great responsibility,” administrators must exercise their authority by implementing a basic security model that controls who:
- Creates, edits, and views projects and the canvases inside.
- Creates, edits, and views datasets.
- Shares visibility of projects.
Follow the steps below to ensure your datasets and projects don’t get into the wrong hands!
Setting up Users
First we will create a user. Select the top left Navigator Button -> Console -> Administer Users & Roles.
Select Add. Then fill in the required user information.
Select the “Search” button to see all of the available Application Roles. Then select “DV Content Author” because we want to enable Adam to create projects. See the below table for an explanation of the Application Roles.
Application Role Details
Since projects are built off of data sets, the admin user must allow Adam access to a dataset for this particular user. Data->Navigator button on Data Set -> Inspect -> Permissions -> Search user created. Choose between Full Control, Can Edit, or Can View permissions for the dataset.
Adam can now use the “Adhoc” dataset to build a project. Select the top left Navigator button -> Projects. Then select the button “Create” to create a project.
Upon the project’s request, we will select “Adhoc” as the visual we will create and then select “Add to Project”
Now the designated user can build a project with the dataset.
After the project is built, go back into projects through the left navigator button. Then, hover over your project and select the navigator button in the right corner. From there, select “Move to” and select the “Shared Folder.” Now all DV users who have access to the “Adhoc” data, can see the contents of the project that was created.
Understanding Shared Projects
Now we will highlight the differences between a shared project and the project that was created above. In the shared project view, users are restricted from seeing what dataset is used and cannot add additional metadata (e.g. change the row/column assignments) to the canvas. However, users are able to duplicate the canvas and rearrange the metadata to different sections with each visual. Think of a shared project as a pre-created view for a particular audience. It allows them to visualize their data, but they cannot bring in new data sets or drastically alter the context of the visual in an unallowable fashion.
Hopefully this helps depict the various layers to securing Projects and Data Sets within DV. Oracle is updating features frequently in OAC, including security, and we will do the same as we discover more tips and tricks.