You can create Application Roles based on existing Application Policies that are installed by default for Application Roles
So you can create your own Application Policies/Application Roles.
In below post we can see how a custom Application Policy can be created using Web logic Enterprise manager
Application Role,Group,User are mapped to Application Policy based on permissions granted the Business intelligence content is visible to users
There are two methods for creating a new Application Policy:
- Create New - A new Application Policy is created and permissions are added to it.
- Copy Existing - A new Application Policy is created by copying an existing Application Policy. The copy is named and existing permissions are removed or permissions are added.Creating a New Policy :Login to EM and Weblogic Domain - bi foundation Domain --Security -- Application Policies
Click on Create button for a new application security grant
I am going to assign custom Application Policies for my Application Role 'Power User' as shown below
In the Grantee Add your application role in Permissions section click on Add by default the permission class 'oracle.security.jps.ResourcePermission' which contains all the Resource Type
POWER USER Application Role is assigned to below policies :
POWER USER application role is member of BI Admin/BI Author/BI Consumer/Saichand_policy(user)
If a Application Role is part of BI Administrator then the user Should able have privilege to create report/dashboard but the policy which added above will have privilege to manage catalog but not create Analysis/dashboards
create an Application Policy based on an existing one:
It is the same process but here you need to select the application Role and click on Create like button
So new application role Super User has been created using policies of BI Administrator as shown below
Few Application polices with description
Permission Name
|
Description
|
oracle.bi.publisher.administerServer
|
Enables the Administration link to access the Administration page and grants permission to set any of the system settings.
|
oracle.bi.publisher.developDataModel
|
Grants permission to create or edit data models.
|
oracle.bi.publisher.developReport
|
Grants permission to create or edit reports, style templates, and sub templates. This permission also enables connection to the BI Publisher server from the Template Builder.
|
oracle.bi.publisher.runReportOnline
|
Grants permission to open (execute) reports and view the generated document in the report viewer.
|
oracle.bi.publisher.scheduleReport
|
Grants permission to create or edit jobs and also to manage and browse jobs.
|
oracle.bi.publisher.accessReportOutput
|
Grants permission to browse and manage job history and output.
|
oracle.bi.publisher.accessExcelReportAnalyzer
|
Grants permission to download the Analyzer for Excel and to download data from a report to Excel using the Analyzer for Excel. Note that to enable a user to upload an Analyzer for Excel template back to the report definition, the permission oracle.bi.publisher.developReport must also be granted.
|
oracle.bi.publisher.accessOnlineReportAnalyzer
|
Grants permission to launch the Analyzer and manipulate the data. Note that to save an Analyzer template to a report definition, the permission oracle.bi.publisher.developReport must also be granted.
|
oracle.bi.server.impersonateUsers
|
This description is not available.
|
oracle.bi.server.manageRepositories
|
Grants permission to open, view, and edit repository files using the Administration Tool or the Oracle BI Metadata Web Service.
|
oracle.bi.server.queryUserPopulation
|
Internal use only.
|
oracle.bi.scheduler.manageJobs
|
Grants permission to use Job Manager to manage scheduled Delivers jobs.
|
