My Oracle Support Banner

Release 13.18A OTBI Catalog Lockdown (Doc ID 2412231.1)

Last updated on SEPTEMBER 03, 2021

Applies to:

Oracle Fusion Project Control Cloud Service - Version 11.13.18.02.0 and later
Oracle Fusion Procurement Contracts Cloud Service - Version 11.13.18.02.0 and later
Oracle Fusion Financials Common Module Cloud Service - Version 11.13.18.02.0 and later
Oracle Fusion Global Human Resources Cloud Service - Version 11.13.18.02.0 and later
Oracle Fusion CX Sales Cloud Service - Version 11.13.18.02.0 and later
Information in this document applies to any platform.

Details

Release 13.19D Factory BI Catalog Lockdown

Users are provisioned with the BI Consumer role, which allows you to navigate the entire BI catalog folder structure. Analytics and reports are properly secured based on your security profile. You may have a need to hide some or all of the factory BI catalog content. To allow modification of catalog folder access, BI has introduced a new set of BI catalog reporting duty roles to secure catalog root folders. The new feature provides the ability to :

Steps to Enable

Make the feature accessible by assigning or updating privileges and/or job roles. Details are provided in the Role section below.

You can hide top-level catalog folders, for example Financials, Human Capital Management, and so on. As an example, to hide the factory root folders by removing access to non-CRM folders for all CRM users.

  1. Open the Security Console.
  2. Search for Custom BI Webcat Reporting Duty.
  3. Click the Actions button in the Search Result Count area and select Edit Role.
  4. Click Next to navigate to the Role Hierarchy step and delete all non-CRM related roles until only CRM reporting duty roles remain.
  5. Synchronize security changes. Select Scheduled Processes in the Navigator and submit the Import User and Role Application Security Data process.
  6. Refresh BI caches. Navigate to Oracle BI and click Administration. In the Maintenance and troubleshooting section, select Reload Files and Metadata.
  7. Log in to Answers. Only CRM root folders are displayed.

 Tips And Considerations

New BI folder reporting duty roles are:

BI_COMMON_CONTENT_REPORTING_DUTY Common Content Folder Reporting Duty

CUSTOM_BI_WEBCAT_REPORTING_DUTY

Custom BI Webcat Reporting Role

BI_CDM_REPORTING_DUTY Customer Data Management Folder Reporting Duty
BI_OKC_REPORTING_DUTY Enterprise Contracts Folder Reporting Duty
BI_EXT_REPORTING_DUTY Extension Folder Reporting Duty
BI_FIN_REPORTING_DUTY Financials Folder Reporting Duty
BI_HED_REPORTING_DUTY Higher Education Folder Reporting Duty
BI_HCM_REPORTING_DUTY Human Capital Management Folder Reporting Duty
BI_IC_REPORTING_DUTY Incentive Compensation Folder Reporting Duty
BI_LOY_REPORTING_DUTY Loyalty Folder Reporting Duty
BI_MFG_REPORTING_DUTY Manufacturing Folder Reporting Duty
BI_MKT_REPORTING_DUTY Marketing Folder Reporting Duty
BI_ZPM_REPORTING_DUTY Partner Folder Reporting Duty
BI_PRC_REPORTING_DUTY Procurement Folder Reporting Duty
BI_PRJ_REPORTING_DUTY Projects Folder Reporting Duty
BI_PSC_REPORTING_DUTY Public Sector Folder Reporting Duty
BI_GRC_REPORTING_DUTY Risk Management Folder Reporting Duty
BI_ZBS_REPORTING_DUTY Sales Folder Reporting Duty
BI_SVC_REPORTING_DUTY Service Folder Reporting Duty
BI_OSS_REPORTING_DUTY Subscription Management Folder Reporting Duty
BI_SCM_REPORTING_DUTY Supply Chain Management Folder Reporting Duty

Release 13.18A Factory BI Catalog Lockdown

To minimize upgrade regression, an enhancement has been introduced in the 13.18A release to permanently make the shipped BI catalog content read-only. If users attempt to modify the shipped BI catalog content including folder permissions, they will receive an alert "You are not allowed to modify factory content. Save your own content in /Shared/Custom." Customers that upgrade from R12 to R13 will no longer be able to make changes to the delivered BI catalog even with BI Administrator role. Starting with R13.18A, BI catalog folders will behave as follows:

You must save all custom content in /Shared/Custom folder or create new sub-folders under /Shared/Custom to maintain custom content.
Except for /Shared/Custom folder, customers can no longer make any modifications to the delivered BI catalog. If a user attempts to add, change or remove any object including permission list in the delivered catalog folder, he/she will get an error "You are not allowed to modify factory content. Save your own content in /Shared/Custom."
Customers are permitted to retain EXISTING custom top-level folders under Shared. All existing content in those top-level custom folders will be preserved.
Customers cannot add, remove or change permissions on the shipped folders, e.g. /Shared/ Human Capital Management
Customers cannot modify the folder permissions to 'hide' the shipped factory catalog folder, e.g. hide /Shared/Marketing.


Impact on R12 upgrade customers:
For customers upgrading from R12, all existing custom content in /Shared/Custom or custom folders under /Shared and their sub-folders will remain as they are. However, if you have modified the content in the delivered BI catalog folders, e.g. added custom reports, modified delivered reports, modified folder or report permission, all changes to this content will be lost after the R13 upgrade. You are advised to archive custom BI catalog to a file prior to R13 upgrade; and after R13 upgrade you can unarchive the custom projects in the /Shared/Custom folder.

Fusion application users are auto-provisioned with BI Consumer role, which allows them to read and traverse the BI catalog folders. This access is for folder viewing and navigation only and doesn't give the user the privilege to view, open, edit and execute BI reports, for which the user has no security authorization. An enhancement is in development to restrict access to BI catalog folders such that a user will no longer be able to see and traverse BI catalog folders that he or she has no security authorization to access.

Due to catalog lockdown, after upgrade to Release 13.18A of Fusion Application, you will receive notification as seen bellow:

In-place customizations are not allowed on factory delivered content. Save your customizations in /shared/custom.

Please refer to the following Customer Connect notes for further information:

R13.18A OTBI BI Catalog Lockdown (HCM Reporting & Analytics forum):  https://cloudcustomerconnect.oracle.com/posts/afc45060ac

R13.18A OTBI BI Catalog Lockdown (ERP Reporting & Analytics forum):   https://cloudcustomerconnect.oracle.com/posts/2a21ef8098

R13.18A OTBI BI Catalog Lockdown (Sales Reporting & Analytics forum):  https://cloudcustomerconnect.oracle.com/posts/3b4979d9da

R13.18A OTBI BI Catalog Lockdown (SCM Reporting & Analytics forum):  https://cloudcustomerconnect.oracle.com/posts/1b0d7de3f

 

Actions

OTBI reports are secured by OTBI duty roles which inherit BI Consumer role.  In order for you to access Fusion-shipped reports, OTBI has granted 'BI Consumer' Read/Traverse access to the entire BI catalog.  This causes all OTBI users to see and navigate the entire BI catalog even though they can't see, or execute the 'unsecured' reports.

Contacts

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Details
Actions
Contacts
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.