To control access to objects (such as a folder in the catalog or a section in a dashboard), you assign permissions to Application roles, Catalog groups, and users. The permissions that you can assign vary depending on the type of object with which you are working.
The permissions that are available from the "Permissions dialog" are usually parent permissions, meaning that each parent permission contains several child permissions (for example, if the Open permission is applied to a folder, the users of that folder can read, traverse, and run Oracle BI Publisher reports located in that folder). Applying parent permissions, rather than building custom permissions for every object, is an easy way to consistently assign and maintain permissions. The available parent permissions differ based on the object type with which you are working: folders, BI Publisher objects, or business intelligence objects. BI Publisher objects include reports, data models, sub templates, and style templates. Business intelligence objects include analyses, dashboards, KPIs, scorecards, filters, and prompts.
If in the "Permissions dialog" you select the Custom permission, then the "Custom Permissions dialog" is displayed where you can select the permissions to apply to the object. For example, if you are working with a folder object, then you can select the traverse, read, and delete permissions.
Table 13-2 includes the name of each permissions and its definition. For more information about the parent permissions that you can assign to an object and what the parent permission includes based on the type of object with which you are working, see "Permissions Available by Object Type."
Table 13-2 Permission Descriptions
Permission | Description |
---|---|
Read |
Use this option to give authority to access, but not modify, the object. |
Write |
Use this option to give authority to edit the object. |
Delete |
Use this option to give authority to delete the object. |
Traverse |
Use this option to give authority to access objects within the selected folder when the user does not have permission to the selected folder. Access to these objects is required when the objects in the folder, such as analyses, are embedded in a dashboard or WebCenter Portal application page that the user has permission to access. For example, if you grant users the Traverse permission to the /Shared Folders/Test folder, then they can access objects, through the Catalog or embedded in dashboards or WebCenter Portal application pages, stored in the/Shared Folders/Test folder and stored in sub-folders, such as the /Shared Folders/Test/Guest folder. However, users cannot access (meaning view, expand, or browse) the folder and sub-folders from the Catalog. |
Run Publisher Report |
Use this option to give authority to read, traverse the folder that contains the object, and regenerate the report so that it includes the most recent data. |
Schedule Publisher Report |
Use this option to give authority to read, traverse the folder that contains the object, and schedule the report. |
View Publisher Report |
Use this option to give authority to read, traverse the folder that contains the object, and view, but not regenerate, the report. |
Execute |
Use this option to give authority to run an object, such as an action, agent, or a briefing book. |
Change Permissions |
Use this option to give authority to change the object's permissions. |
Set Ownership |
Use this option to give authority to reassign ownership of the object. |
Full Control |
Use this option to give authority to perform all tasks (modify and delete, for example) on the object. |
No Access |
Use this option to deny access to the object. Explicitly denying access takes precedence over any other permission. |
Modify |
Use this option to give authority to read, write, and delete the object. |
Open |
Use this option to give authority to access, but not modify, the object. If you are working with an Oracle BI Publisher object, this option enables you to traverse the folder that contains the object. |
Custom |
Use this option to display the "Custom Permissions dialog," where you grant read, write, execute, and delete permissions. |
Granted |
Use this option to give authority to access a section in a dashboard. This permission can be set in the dashboard, only. This permission overrides any catalog permissions set on the section's objects that would prevent the corresponding roles, Catalog groups, and users from accessing them (for example, No Access). For more information, see "Changing the Properties of a Dashboard and its Pages." |
Denied |
Use this option to deny access to a section in a dashboard. This permission can be set in the dashboard, only. This permission overrides any catalog permissions set on the section's objects that would allow the corresponding roles, Catalog groups, and users to access them (for example, View). For more information, see "Changing the Properties of a Dashboard and its Pages." |