Oracle Cloud Infrastructure Documentation

Manage Roles, Users, and Access

As the functional administrator or security administrator, you manage users and their access to subject areas and data.

About Managing Roles, Users, and Access

As an administrator, one of your initial tasks is to ensure that users have appropriate access to use Oracle Analytics for Applications.

Access to subject areas and data depends on the roles assigned to the users.

About Roles

Oracle Analytics for Applications provides four role types

  • Duty roles – define duties of a job as entitlement to perform a particular action, such as access to AP Transactions subject area.
  • Data roles - provide access to the transactional data in the tables and groups users who have functional access through a particular job role with access to a particular dimension of data. For example, invoices relevant only to their business unit.
  • Application roles - provide a set of system privileges that users can perform after signing in to Oracle Analytics for Applications such as administering system setting, functional setup, use security, or data modeling.
  • Job roles – inherit data, duty, and application roles and are assigned to users. They define a user’s business function such as VP of Sales, HR Analyst, and Procurement Buyer. Job roles and users are synchronized from Oracle Fusion Application Services to Oracle Identity Cloud Service. The job roles are mapped as groups in Oracle Identity Cloud Service. You can also create custom job roles based on your business requirements.
Job Roles

Job roles synchronized from Oracle Fusion Application Services into Oracle Identity Cloud Service are:

Job Role Code Job Roles Name Description Associated Data Role, Duty Role, and Application Role Functional Area
ORA_GL_FINANCIAL_ANALYST_JOB Financial Analyst Has Author privileges

Author

OA4F_FIN_GL_ACCESS_SET_DATA

OA4F_FIN_GL_BALANCE_SHEET_ANALYSIS_DUTY

OA4F_FIN_GL_BUDGETS_ANALYSIS_DUTY

OA4F_FIN_GL_DETAIL_TRANSACTIONS_ANALYSIS_DUTY

OA4F_FIN_GL_PROFITABILITY_ANALYSIS_DUTY

GL
ORA_GL_GENERAL_ACCOUNTANT_JOB General Accountant Has Author privileges

Author

OA4F_FIN_GL_ACCESS_SET_DATA

OA4F_FIN_GL_BALANCE_SHEET_ANALYSIS_DUTY

OA4F_FIN_GL_BUDGETS_ANALYSIS_DUTY

OA4F_FIN_GL_DETAIL_TRANSACTIONS_ANALYSIS_DUTY

OA4F_FIN_GL_PROFITABILITY_ANALYSIS_DUTY

GL
ORA_GL_GENERAL_ACCOUNTING_MANAGER_JOB General Accounting Manager Has Author privileges

Author

OA4F_FIN_GL_ACCESS_SET_DATA

OA4F_FIN_GL_BALANCE_SHEET_ANALYSIS_DUTY

OA4F_FIN_GL_BUDGETS_ANALYSIS_DUTY

OA4F_FIN_GL_DETAIL_TRANSACTIONS_ANALYSIS_DUTY

OA4F_FIN_GL_PROFITABILITY_ANALYSIS_DUTY

GL
ORA_AP_ACCOUNTS_PAYABLE_MANAGER_JOB Accounts Payable Manager Has Author privileges

Author

OA4F_FIN_AP_AGING_ANALYSIS_DUTY

OA4F_FIN_AP_BALANCE_ANALYSIS_DUTY

OA4F_FIN_AP_BUSINESS_UNIT_DATA

OA4F_FIN_AP_EXPENSES_ANALYSIS_DUTY

OA4F_FIN_AP_HOLDS_ANALYSIS_DUTY

OA4F_FIN_AP_INVOICES_ANALYSIS_DUTY

OA4F_FIN_AP_LIABILITIES_ANALYSIS_DUTY

OA4F_FIN_AP_PAYMENTS_ANALYSIS_DUTY

AP
ORA_AP_ACCOUNTS_PAYABLE_SPECIALIST_JOB Accounts Payable Specialist Has Author privileges

Author

OA4F_FIN_AP_AGING_ANALYSIS_DUTY

OA4F_FIN_AP_BALANCE_ANALYSIS_DUTY

OA4F_FIN_AP_BUSINESS_UNIT_DATA

OA4F_FIN_AP_EXPENSES_ANALYSIS_DUTY

OA4F_FIN_AP_HOLDS_ANALYSIS_DUTY

OA4F_FIN_AP_INVOICES_ANALYSIS_DUTY

OA4F_FIN_AP_LIABILITIES_ANALYSIS_DUTY

OA4F_FIN_AP_PAYMENTS_ANALYSIS_DUTY

AP
ORA_AP_ACCOUNTS_PAYABLE_SUPERVISOR_JOB Accounts Payable Supervisor Has Author privileges

Author

OA4F_FIN_AP_AGING_ANALYSIS_DUTY

OA4F_FIN_AP_BALANCE_ANALYSIS_DUTY

OA4F_FIN_AP_BUSINESS_UNIT_DATA

OA4F_FIN_AP_EXPENSES_ANALYSIS_DUTY

OA4F_FIN_AP_HOLDS_ANALYSIS_DUTY

OA4F_FIN_AP_INVOICES_ANALYSIS_DUTY

OA4F_FIN_AP_LIABILITIES_ANALYSIS_DUTY

OA4F_FIN_AP_PAYMENTS_ANALYSIS_DUTY

AP
ORA_AR_ACCOUNTS_RECEIVABLE_MANAGER_JOB Accounts Receivable Manager Has Author privileges

Author

OA4F_FIN_AR_ADJUSTMENTS_ANALYSIS_DUTY

OA4F_FIN_AR_AGING_ANALYSIS_DUTY

OA4F_FIN_AR_APPLICATIONS_ANALYSIS_DUTY

OA4F_FIN_AR_BALANCES_ANALYSIS_DUTY

OA4F_FIN_AR_BUSINESS_UNIT_DATA

OA4F_FIN_AR_CREDITMEMO_ANALYSIS_DUTY

OA4F_FIN_AR_TRANSACTIONS_ANALYSIS_DUTY

AR
ORA_AR_ACCOUNTS_RECEIVABLE_SPECIALIST_JOB Accounts Receivable Specialist Has Author privileges

Author

OA4F_FIN_AR_ADJUSTMENTS_ANALYSIS_DUTY

OA4F_FIN_AR_AGING_ANALYSIS_DUTY

OA4F_FIN_AR_APPLICATIONS_ANALYSIS_DUTY

OA4F_FIN_AR_BALANCES_ANALYSIS_DUTY

OA4F_FIN_AR_BUSINESS_UNIT_DATA

OA4F_FIN_AR_CREDITMEMO_ANALYSIS_DUTY

OA4F_FIN_AR_TRANSACTIONS_ANALYSIS_DUTY

AR
ORA_FND_INTEGRATION_SPECIALIST_JOB Integration Specialist Individual responsible for planning, coordinating, and supervising all activities related to the integration of enterprise information systems. Has author privileges.

Author

OA4F_COMMON_DATA_ADMIN_ANALYSIS_DUTY

Common
Duty Roles

Duty roles to secure subject areas are:

Duty Role Code Duty Role Name Duty Role Description Functional Area Gets access to Subject Area Display Name OR Associated Role
OA4F_FIN_GL_BALANCE_SHEET_ANALYSIS_DUTY General Ledger Balance Sheet Analysis Duty Object security role to control presentation catalog access to Financials GL Balance Sheet subject area. GL Financials - GL Balance Sheet
OA4F_FIN_GL_PROFITABILITY_ANALYSIS_DUTY Profitability Analysis Duty Object security role to control presentation catalog access to Financials GL Profitability subject area. GL Financials - GL Profitability
OA4F_FIN_GL_DETAIL_TRANSACTIONS_ANALYSIS_DUTY General Ledger Detail Transactions Analysis Duty Object security role to control presentation catalog access to Financials GL Detail Transactions subject area. GL Financials - GL Detail Transactions
OA4F_FIN_GL_BUDGETS_ANALYSIS_DUTY General Ledger Budget Analysis Duty Object security role to control presentation catalog access to Financials GL Budgets subject area. GL Financials - GL Budgets
OA4F_FIN_AP_BALANCES_ANALYSIS_DUTY Accounts Payable Balances Analysis Duty Object security role to control presentation catalog access to Financials Accounts Payable Balances subject area. AP Financials – AP Balances
OA4F_FIN_AP_AGING_ANALYSIS_DUTY Accounts Payable Aging Analysis Duty Object security role to control presentation catalog access to Financials Accounts Payable Aging subject area. AP Financials – AP Aging
OA4F_FIN_AP_INVOICES_ANALYSIS_DUTY Accounts Payable Invoices Analysis Duty Object security role to control presentation catalog access to Financials Accounts Payable Invoices subject area. AP Financials – AP Invoices
OA4F_FIN_AP_LIABILITIES_ANALYSIS_DUTY Accounts Payable Liabilities Analysis Duty Object security role to control presentation catalog access to Financials Accounts Payable Liabilities subject area. AP Financials – AP Liabilities
OA4F_FIN_AP_PAYMENTS_ANALYSIS_DUTY Accounts Payable Payments Analysis Duty Object security role to control presentation catalog access to Financials Accounts Payable Payments subject area. AP Financials – AP Payments
OA4F_FIN_AP_EXPENSES_ANALYSIS_DUTY Accounts Payable Expenses Analysis Duty Object security role to control presentation catalog access to Financials Accounts Payable Expenses subject area. AP Financials - AP Expenses
OA4F_FIN_AP_HOLDS_ANALYSIS_DUTY Accounts Payable Holds Analysis Duty Object security role to control presentation catalog access to Financials Accounts Payable Holds subject area. AP Financials - AP Holds
OA4F_FIN_AR_BALANCES_ANALYSIS_DUTY Accounts Receivable Balances Analysis Duty Object security role to control presentation catalog access to Financials Accounts Receivable Balances subject area. AR Financials – AR Balances
OA4F_FIN_AR_AGING_ANALYSIS_DUTY Accounts Receivable Aging Analysis Duty Object security role to control presentation catalog access to Financials Accounts Receivable Aging subject area. AR Financials – AR Aging
OA4F_FIN_AR_TRANSACTIONS_ANALYSIS_DUTY Accounts Receivable Transactions Analysis Duty Object security role to control presentation catalog access to Financials Accounts Receivable Transactions subject area. AR Financials – AR Transactions
OA4F_FIN_AR_APPLICATIONS_ANALYSIS_DUTY Accounts Receivable Receipts and Applications Analysis Duty Object security role to control presentation catalog access to Financials Accounts Receivable Receipts and Applications subject area. AR Financials – AR Receipts and Applications
OA4F_FIN_AR_CREDITMEMO_ANALYSIS_DUTY Accounts Receivable Credit Memo Applications Analysis Duty Object security role to control presentation catalog access to Financials Accounts Receivable Credit Memo Applications subject area. AR Financials – AR Credit Memo Applications
OA4F_FIN_AR_ADJUSTMENTS_ANALYSIS_DUTY Accounts Receivable Adjustments Analysis Duty Object security role to control presentation catalog access to Financials Accounts Receivable Adjustments subject area. AR Financials – AR Adjustments
OA4F_COMMON_DATA_ADMIN_ANALYSIS_DUTY Data Warehouse Refresh and Usage Tracking Analysis Duty Object security role to control presentation catalog access to Warehouse Refresh subject areas and Usage Tracking subject areas. Common Common - Usage Tracking Statistics

Common - Warehouse Refresh Statistics

Data Roles

Data roles to secure data are:

Data Role Code Data Role Name Description Functional Area
OA4F_FIN_GL_ACCESS_SET_DATA General Ledger Access Set Data Security Data security role to access ledger set based data GL
OA4F_FIN_AP_BUSINESS_UNIT_DATA Accounts Payable Business Unit Data Security Data security role to access accounts payable business unit based data AP
OA4F_FIN_AR_BUSINESS_UNIT_DATA Accounts Receivable Business Unit Data Security Data security role to access accounts receivable business unit based data AR
Application Roles

The application roles for Oracle Analytics for Applications available in Oracle Identity Cloud Service through Oracle Analytics for Applications provisioning are:

Role Name Role Description Purpose
Administrator Tenant administrator for service instances Creates and manages Oracle Analytics for Applications instances, administers Oracle Identity Cloud Service users and roles.
Service Administrator Oracle Analytics for Applications service administrator Customer facing (Snapshots, Connections, System Settings) administrator access to Oracle Analytics for Applications.
Functional Administrator Oracle Analytics for Applications functional administrator Performs functional configuration (pipeline, reporting) in Oracle Analytics for Applications.
Security Administrator Oracle Analytics for Applications security administrator Administers application roles and data security.
Modeler Administrator Oracle Analytics for Applications data model administrator Promote data model (RPD) customization to Oracle Analytics Cloud instance.
Modeler Oracle Analytics for Applications modeler Modify the semantic model to bring in custom dimensions and attributes.
Author Oracle Analytics for Applications author Create and edit KPIs, cards, and decks , DV projects, reports and dashboards.
Consumer Oracle Analytics for Applications consumer Read access to content. Can create cards and decks. Read access to Oracle Analytics Cloud content.

About Users

Oracle Analytics for Applications uses the Oracle Fusion Application Services users from Oracle Identity Cloud Service.

You also create job roles in Oracle Identity Cloud Service and then assign the job roles to the users. See Create and Associate Users and Application Roles

About Access

You provide access to subject areas and data by assigning job roles to users in Oracle Fusion Application Services. Job roles are associated with duty and data roles.

Create and Associate Users and Application Roles

To access Oracle Analytics for Applications, create Oracle Fusion Application Services users and groups (these are the equivalent of job roles in Oracle Fusion Application Services) in Oracle Identity Cloud Service and then assign the job roles to users.

You can either manually create users and job roles and associate them in Oracle Identity Cloud Service or synchronize new users and job roles in Oracle Fusion Application Services with Oracle Identity Cloud Service. See Synchronize Oracle Fusion Applications Cloud Service User Identities and Roles with Oracle Identity Cloud Service.
Note

If you create job roles, job role assignments, and users or revoke existing job roles, job role assignments, or users in Oracle Fusion Application Services, then you must also maintain these changes in Oracle Identity Cloud Service each time.
  1. Make a list of the Oracle Fusion Application Services users and job roles who need access to Oracle Analytics for Applications.
    Note

    You need the exact user and job role names as they are in Oracle Fusion Application Services. The names are case-sensitive.
  2. Create Oracle Fusion Application Services users in Oracle Identity Cloud Service.
    1. Sign in to Oracle Identity Cloud Service with your administrator credentials.
    2. Navigate to Users and click Add.
    3. Enter the user details as they are in Oracle Fusion Application Services and then click Finish.
      Note

      The user name is case sensitive.
  3. Create Oracle Fusion Application Services job roles in Oracle Identity Cloud Service.
    1. Navigate to Groups and click Add.
    2. Enter the job role name as it is in Oracle Fusion Application Services and then click Finish.
  4. Assign the job roles to users.
    1. On the Groups page, select a group.
    2. For the group specific to the Oracle Fusion Application Services job role, in the Users tab, click Assign and select the users that you want to associate with the group (job role).
  5. Optional: As a system administrator, you have the necessary privileges to perform the configuration steps yourself. However, if you need to assign the Functional Administrator privileges to a user, please perform the following steps in Oracle Identity Cloud Service.
    1. On the left hand side menu, navigate to Applications.
    2. Select ANALYTICSAPP_<instancename> corresponding to your analytics instance.
    3. In the Application Roles tab, search for and select the Functional Admin role.
    4. Click the hamburger icon and assign users to this role.
The users that you added receive an email to activate their account. After activation, they must sign in to Oracle Analytics for Applications and verify their access to data and objects.

Manage Custom Job Roles

Service administrators create custom job roles in Oracle Fusion Applications and synchronize them into Oracle Identity Cloud Service.

Create Custom Job Roles

As a security administrator, you can create custom job roles to meet your business requirements.

You create custom job roles in the Security Console of Oracle Fusion Application Services. See Create Roles in the Security Console.

To use the Oracle Fusion Application Services custom job roles in Oracle Analytics for Applications, you must either manually create and associate them in Oracle Identity Cloud Service or synchronize them with Oracle Identity Cloud Service. See Create and Associate Users and Application Roles

Configure Job Roles

As a security administrator, you can map the application roles available for Oracle Analytics for Applications with the job roles.

  1. Sign in to your service.
  2. In Oracle Analytics for Applications, open the Application Navigation menu, click Console, and then click Roles Management.
    You see the Job Roles page displaying all the available job roles.
  3. On the Job Roles page, click a job role. For example, Accounts Payable Manager.
    You see the job role details page listing the various data, duty, and application (system) roles.
  4. On the job role details page, to remove an existing data, duty, or application (system) role mapped to a job role, select the check box for the existing role, and then click Remove.
  5. On the job role details page, to add a data, duty, or application (system) role, click Add.
    You see the Add Roles dialog displaying available roles that have not been assigned to this job role.
  6. Select the data, duty, or application (system) role that you want to add to the job role and click Add.
    You see the Job Roles page with pending changes alert for the job roles that you updated.
  7. Click Discard Changes if you no longer require the updates to the job role or click Apply for the updates to take effect.

Assign Job Roles to Users

Assign job roles to users to define their business function such as VP of Sales, HR Analyst, and Procurement Buyer.

  1. Sign in to your service.
  2. In Oracle Analytics for Applications, open the Application Navigation menu, click Console, and then click User Management to access the Oracle Identity Cloud Service console for assigning roles to users.
  3. In the Oracle Identity Cloud Service console, expand the Navigation menu, and then click Users.
  4. Click the user account that you want to modify.
  5. Click Groups.
    Note

    Groups are equivalent to job roles. See Understand Groups
  6. Click Assign.
    To search for groups to assign to the user account, in the Search field, enter all or part of the beginning of the group names or descriptions that you want to locate, and then click Enter.
  7. In Assign Groups, select the check box for each group that you want to assign to the user account.
  8. Click OK.

Manage Data Security Assignments

As a security administrator, you need to map data security assignments to users to enable them to access content.

Topics:

Use the Manage Data Security Assignments page to search all currently setup data security assignments. You may either search on all records or narrow your search to a specific security context, security value, or user. You can remove a security assignment that you had set up or add new security assignments to a user.

About Data Security Assignments

Data security assignments apply data filters to display only the data corresponding to the security assignment values mapped to the users.

You ensure data level security with a combination of data roles and security assignments mapped to the user. You assign a user one or more job roles. The job roles have data roles assigned to them, and when querying data, the semantic layer applies data filters by data roles. To establish the security permissions, you'd need to map users to security assignments. If no security assignment values are mapped, then users get to see all data sets corresponding to the data role assigned to them. When you add data security assignments to a user, you ensure that the user can access specific data within a security context such as Ledger or AP Business Unit.

Add Security Assignments to a User

The security assignment values that you can assign to a user are based on the user’s access to a ledger or business unit. You can assign a single user multiple security assignment values or multiple users to a single or multiple assignment values.

  1. Sign in to your service.
  2. In Oracle Analytics for Applications, open the Application Navigation menu, click Console, and then click Data Security.
  3. On the Manage Data Security Assignment page, click Add Assignments.
  4. In Add Security Assignments:
    1. Select the security context for which you want to add data security for the user. For example, Ledgers or a business unit.
    2. From the list of security values that you see based on the security context that you selected, select the values that you want to add to the user and move them to the right.
      Note

      Previously added security assignments remain in place. The Add Security Assignment process adds only the new values.
    3. From the list of users that you see, select a user or multiple users to whom you want to assign the data security values and move them to the right.
    4. Click Add Assignments.

Remove Data Security Assignments for a User

As a security administrator, you can remove data security assignments that you had previously assigned.

  1. Sign in to your service.
  2. In Oracle Analytics for Applications, open the Application Navigation menu, click Console, and then click Data Security.
  3. On the Manage Data Security Assignment page, enter a user name in User or select a user from the drop-down list, and click Search.
    You can also filter by context or security value.
  4. From the search results, select the check box for the security assignments that you want to remove and click Remove Assignment.