Secure Dashboard Access in Oracle BI Cloud Service (BICS): Sales and Marketing Dashboard Example

Oracle Business Intelligence Cloud Service (BICS) is part of Oracle’s Platform as Service (PaaS) offerings.  The Oracle cloud offerings permit enterprise IT teams to rapidly build and deploy applications without the need to set up expensive infrastructure.  There’s still a need, however, for strong security capabilities in the cloud, and this blog post discusses how BICS security works and how to set up secure dashboard access in the solution via a sales and marketing dashboard sample business case.

How Oracle Cloud Security Works

When your business signs up for an Oracle Cloud account, Oracle Cloud creates an identity domain specific to your company. As users log in to an Oracle Cloud service, Oracle cloud identity management controls the user authentication and the features of the service users can access using Oracle Enterprise Single Sign-On (SSO).  SSO may be federated between on-premise and cloud SSO.  Oracle Cloud uses LDAP schemas for storing the identities.

User and Role Management Overview

BICS Security is comprised of two items:  1. Oracle Cloud Identity Domain Users and Roles and 2. Oracle BICS Application Users and Roles.

First, we add the user to Oracle Cloud Identity Management using the Identity Management Administrator credentials.  Click “Users,” then on the following form, click “Add”:

Typically, we use the email address as the user name.

A few things have changed in this form.  We can now set a role in the Cloud Service for each user.  If the new user just views reports, we will click on the “Service” drop down, select “BICS (Business Intelligence),” and then click the button with the two “greater than” signs. This pushes the roles to the “Selected Roles” box.  If the user is not a reports or dashboard author, then uncheck: “bics BI Cloud Service Advanced Content Authors” as shown above.

Click “Add to save the user.

Next, open BICS as an administrator to complete user creation.  Open “Console” and select “Users” and “Roles.”

In BICS, there are five predefined application roles.  We do not have to add our new user to any of the predefined application roles.

Sales and Marketing Dashboard Example

Let’s say we want to secure our data by sales region.  We have a global sales manager who should be able to see all sales regions.  In our fact table, we have the name of the sales region on each data row.  We want to secure the dashboard to only the members of the sales department, and then to filter the data where the salesperson may only see their own regional data and the sales manager should be able to see all regions.  Let’s also say there are marketing departmental dashboards in BICS and marketing should not be able to see the sales dashboard and sales should not be able to see the marketing dashboard.

To do this, we can establish two application roles to manage the dashboard level.  Add “Sales Dashboard.” Click “Save.”  Repeat for the marketing dashboard.

Add members (users) to “Sales” by selecting the button at the right end of the “Sales Application Role” and then by selecting “Manage Members:”

Search for “John Doe” and add this user to the “Sales Dashboard Role” by clicking the user name in the left box and then by clicking the single arrow to place the user in the “Selected Users” panel.  Click “OK” to save.

Create the marketing dashboard role and add users to that role using the same process.

Next, we will create roles to secure the data in the “Sales” fact. Open “Application Role” and add the following roles: