Sharing a data analysis & visualizations with the other team members in a safe and secure manner is a key requirements for Analytics solutions. Oracle Analytics offers the capability for designer to completely control the way their projects are shared and leveraged with other users.
This blog explores various scenarios in which a user can share a project with other users. The brief video below illustrates how a user can share projects with other users and how various rules define the privileges for other user.
Once a project is under the Shared Folders directory, all users with only 'DV Consumer' role in OAC, will be granted Read-Only access to it by default. The purpose of 'DV Consumer' role is to limit the access to users, to only consume content, and not edit it. Irrespective of any permission configuration for underlying projects.
Now, if I want also limit other users with higher roles (like 'DV Content Author') to also have Read-Only access to my project, I need to edit the security configuration of the project using the Share Tab and Access Tab of a project. Share and Access Tabs are accessed by clicking on the project properties and then on inspect menu.
In order to make a project read only, we need to specify these permissions Share : View and Access : Read Only.
With that, when a user with DV Content Author role opens the project, the project will open in read only mode : no Save or Save As option displayed.
Two important notes :
When user opens the project he will have full experience mode but only with Save-As option enabled. He can therefore not modify your project and will have to save edits under a different name.
Controlling the access to projects for other consumers of the analytics system is an important aspect which ensures smooth collaboration between the teams and eliminate any unnecessary tampering of projects by other users. OAC's security mechanism helps the users safely share the projects with other users on the system and collaborate in an secure manner.
This blog explores various scenarios in which a user can share a project with other users. The brief video below illustrates how a user can share projects with other users and how various rules define the privileges for other user.
Scenario 1 : I don't want to share my project with anyone
There could be various instances where the data used for a project could be confidential and cannot be shared with other users. In this scenario the project should not be accessible to other users on the system. In order to achieve this, the owner of the project should save the project under My Folders instead of Shared Folders. All the objects under My Folders are accessible only to the owner, no one else can see them.Scenario 2 : I want selected other users to have Read-Only access to my project
The first pre-requisite for sharing a project with other users is that to have it saved in Shared Folders. Projects that reside under my folders directory will not be visible to anyone else than their owner.Once a project is under the Shared Folders directory, all users with only 'DV Consumer' role in OAC, will be granted Read-Only access to it by default. The purpose of 'DV Consumer' role is to limit the access to users, to only consume content, and not edit it. Irrespective of any permission configuration for underlying projects.
Now, if I want also limit other users with higher roles (like 'DV Content Author') to also have Read-Only access to my project, I need to edit the security configuration of the project using the Share Tab and Access Tab of a project. Share and Access Tabs are accessed by clicking on the project properties and then on inspect menu.
- Share tab is used to specify how the project can be consumed : only viewing the results, or being able to edit the queries and viz definitions.
- Access tab is used to specify if a project can be opened in Read-Only mode or Read-Write mode. ie, can a user save over your project, or is he requested to save-as something else.
In order to make a project read only, we need to specify these permissions Share : View and Access : Read Only.
Two important notes :
- permissions can be granted to roles (groups of users), or to individual users. If a user belongs to a role with access rights, he will benefit permissions assigned to this role.
- If a user is not listed in the permissioning tabs, nor belongs to any role that is listed in these tabs, he will simply not see the project.
Scenario 3 : I want user to be able to Save As, but not Save over
The access and share rules have to be set to Share tab : Edit, Access tab : Read-Only for the project to be opened in edit mode but without Save being enabled.When user opens the project he will have full experience mode but only with Save-As option enabled. He can therefore not modify your project and will have to save edits under a different name.
Scenario 4: I let user have full control on my project.
The access and share rules have to be set to Share tab : Edit, Access tab : Read-Write for the project to be opened in full experience mode with both Save and Save As options enabled.One important point
Even if a project is shared with other users, they will only be able to see results if the data-sources of this project are objects they have access to as well. For example, if the project I just shared is using a data I uploaded from an XSLX file, I may need to visit the inspect tab of this OAC dataset and grant access to respective roles or users.
Securing entire folders
Catalog folders (under shared folders) containing multiple projects and sub-folders can be secured by configuring Access rules for that folder. Read-Only or Read-Write are the privileges available which can be set against a folder. Read-Only will render all the projects under the folder as read-only and Read-Write would provide edit access to the projects under the folder. By default, setting the privilege at the folder level trickles down the permission to all the sub folders and its objects.
The default behavior can be altered by checking the box "Apply access permissions to this folder only". If this check box is checked, then only those projects directly under this folder are affected with the permission settings, the sub folders and its projects are spared.
Controlling the access to projects for other consumers of the analytics system is an important aspect which ensures smooth collaboration between the teams and eliminate any unnecessary tampering of projects by other users. OAC's security mechanism helps the users safely share the projects with other users on the system and collaborate in an secure manner.
Are you an Oracle Analytics customer
or user?
We want to hear your story!
Please voice your experience and provide feedback
with a quick product review for Oracle Analytics Cloud!