OEDQ provides a highly granular permissions model, allowing enterprise customers to divide users into segregated roles with different access to the OEDQ user applications, and different functional permissions within each application.
Functional permissions are added and removed from user groups using the User Configuration pages of the Launchpad.
The available permissions are organized and named in categories as follows:
Case Management includes a set of static functional permissions, and also allows the creation of custom dynamic permissions.
Static functional permissions, which are prefixed with 'C.M.Static:', operate in the same way as other functional permissions, and restrict the actions that users in the various groups can perform.
Dynamic functional permissions, prefixed with 'C.M.Dynamic:', are defined in the Case Management Administration user application and can be used to restrict access to cases and alerts, either by Case Source, or at the individual case or alert level, and can also be used to prevent insufficiently privileged users from applying inappropriate transitions.
The following table provides a full guide to all static permissions:
| Permission | Use |
|---|---|
| Apply Bulk Deletes | Allows the user to delete all cases and alerts under a given search |
| Apply Bulk Updates | Allows the user to apply bulk updates to all cases and alerts under a given search. The updates that a user can make is further restricted by the other permissions granted to them (see C.M.Static Edit Case, C.M.Static Change Assignment, C.M.Static Change State and C.M.Static Restrict Cases) |
| Change Assignment | Allows the user to change the assignment of a specific case or alert |
| Change Invalid States | Allows the user to change the state of alerts or cases which are currently in an invalid state |
| Change State | Allows the user to change the state of a case or alert. Note that specific state transitions may not be allowed by the workflow permissions. This permission exists so that it is possible to create a group of users who cannot change case or alert states at all |
| Create Sources | Allows the user to create and edit case sources |
| Delete Attachments | Allows the user to delete attachments from view in Case Management. The attachments are not deleted from the database, and so are still available in the back office audit trail |
| Delete Comments | Allows the user to delete comments from view in Case Management. The comments are not deleted from the back office audit trail, so can still be reported on by OEDQ processes |
| Delete Sources | Allows the user to delete case sources |
| Edit Attachments | Allows the user to edit attachments. This permission is not normally given to any users as it allows the user to delete information from the audit trail. It is therefore more powerful than the C.M.Static: Delete Attachments permission, which only deletes the attachment from view, and not from the audit trail |
| Edit Case | Allows the user to amend the following attributes of a case or alert:
|
| Edit Comments | Allows the user to edit comments. This permission is not normally given to any users as it allows the user to delete information from the audit trail. It is therefore more powerful than the C.M.Static: Delete Comments permission, which only deletes the comment from view, and not from the audit trail |
| Edit State Expiry Time | Allows the user to edit the time after which a case or alert's state will expire |
| Edit Global Filters | Allows the user to create and modify global filters. These are the filters that all users can see in the Case Browser, such as 'All alerts assigned to me'. Note that the actual search will only return alerts that users are allowed to see (that is, if the filter includes all issues, but a user is only allowed to see those assigned to him/her, the filter would only return those assigned alerts to that user). In addition, the user will not see Global Filters that specify case sources that the user does not have permission to access |
| Edit Supplementary Data | Allows the user to customize the set of attributes that users see when reviewing alerts for a given case source. Note that this customization is not a temporary setting for the current user, but affects the settings for all users when reviewing alerts from the source. Therefore, these customizations should be made before reviewers begin work |
| Edit User Filters | Allows the user to create and modify filters that will only be available to him or her, in his/her Case Browser. As described above, the search always stays within the user's permissions. If this permission is not granted, it means the user cannot search for cases or alerts. |
| Restrict Attachments | Allows the user to restrict other users' access to an attachment |
| Restrict Cases | Allows the user to change the permission of an alert or case, so that only certain users can see it |
| Restrict Comments | Allows the user to restrict other users' access to a comment |
| View Cases | Allows the user to drilldown from reports and list views of cases and alerts to view case and alert details |
| View Cases Assigned To Other Users | Allows the user to view cases and alerts assigned to other users |
| View Unassigned Cases | Allows the user to view unassigned cases and alerts |
The Configuration Analysis permissions control access to the Configuration Analysis ('diff') and Reporting capabilities, accessible both within the Director UI and in the dedicated Configuration Analysis UI. They are prefixed with 'Config Analysis:'
| Permission | Use |
|---|---|
| Perform Config Analysis | Allows users to run configuration analysis tasks, such as Director configuration Diffs, using the Configuration Analysis UI. |
| Perform Config Reporting | Allows users to produce configuration reports either within Director or using the Configuration Analysis UI. |
Dashboard permissions apply within the Dashboard user application. Note that Dashboard Administration can be used to control Dashboard permissions at a finer level, for example to make different Dashboard results available to different user groups.
| Permission | Use |
|---|---|
| Dashboard Administration | Allows users access to the Dashboard Administration user application, accessible within Dashboard. |
| View Dashboard | Allows users access to the Dashboard user application. |
Data permissions are special permissions used to control users' ability to view data, and purge data from the results database. They apply within the Director, and Server Console user applications, as specified below, and are prefixed with 'Data:'
| Permission | Use |
|---|---|
| Purge Data | Allows users to purge results in the Director UI |
| Server Console: Purge Data | Allows users to purge results in the Server Console UI |
| Server Console: View Data | Allows users to view staged data in the Server Console UI |
| View Data | Allows users to view staged data in the Director UI |
| View Reference Data | Allows users to view reference data in the Director UI |
A wide range of permissions are provided in order to control users' functional access in the Director user application. The following table provides a full guide to these:
| Permission | Use |
|---|---|
| Access User List Data Store | Allows users to access (for example, snapshot) the internal user tables using the System Information data store. |
| Data Interface Mappings.Add | Allows users to add data interface mappings |
| Data Interface Mappings.Delete | Allows users to delete data interface mappings |
| Data Interface Mappings: Modify | Allows users to modify data interface mappings |
| Data Interface: Add | Allows users to add data interfaces |
| Data Interface: Delete | Allows users to delete data interfaces |
| Data Interface: Modify | Allows users to modify data interfaces |
| Data Store: Add | Allows users to add data stores |
| Data Store: Delete | Allows users to delete data stores |
| Data Store: Modify | Allows users to modify data stores |
| Export: Add | Allows users to add data exports |
| Export: Delete | Allows users to delete data exports |
| Export: Modify | Allows users to modify data exports |
| External Tasks: Add | Allows users to add external tasks |
| External Tasks: Delete | Allows users to delete external tasks |
| External Tasks: Modify | Allows users to modify external tasks |
| Job: Add | Allows users to add jobs |
| Job: Cancel | Allows users to cancel jobs and Delete Schedules from the Schedules dialog |
| Job: Delete | Allows users to delete jobs |
| Job: Execute | Allows users to execute jobs, either in the Director UI or from the Command Line using the runjob command |
| Job: Modify | Allows users to modify jobs |
| Note: Add | Allows users to add project notes |
| Note: Delete | Allows users to delete project notes |
| Note: Modify | Allows users to modify project notes |
| Package | Allows users to package Director configuration to file |
| Process: Add | Allows users to add processes |
| Process: Delete | Allows users to delete processes |
| Process: Modify | Allows users to modify processes |
| Project: Add | Allows users to add projects. Note that this permission also implicitly grants users at least read access to all existing projects, so should be granted with care. |
| Project: Delete | Allows users to delete projects. |
| Project: Modify | Allows users to change the name or description of projects. |
| Published Processor: Add | Allows users to add published processors |
| Published Processor: Delete | Allows users to delete published processors |
| Published Processor: Modify | Allows users to modify published processors |
| ReferenceData: Add | Allows users to add reference data in projects |
| ReferenceData: Delete | Allows users to delete reference data in projects |
| ReferenceData: Modify | Allows users to modify reference data in projects |
| Result Book Export: Add | Allows users to add results book exports |
| Result Book Export: Delete | Allows users to delete results book exports |
| Result Book Export: Modify | Allows users to modify results book exports |
| Result Book: Add | Allows users to add results books |
| Result Book: Delete | Allows users to delete results books |
| Result Book: Modify | Allows users to modify results books |
| Snapshot: Add | Allows users to add snapshots |
| Snapshot: Delete | Allows users to delete snapshots |
| Snapshot: Modify | Allows users to modify snapshots |
| Staged Data: Add | Allows users to add staged data sets |
| Staged Data: Delete | Allows users to delete staged data sets |
| Staged Data: Modify | Allows users to modify staged data sets |
| System Data Store: Add | Allows users to add system-level data stores |
| System Data Store: Delete | Allows users to delete system-level data stores |
| System Data Store: Modify | Allows users to modify system-level data stores |
| System ReferenceData: Add | Allows users to add system-level reference data |
| System ReferenceData: Delete | Allows users to delete system-level reference data |
| System ReferenceData: Modify | Allows users to modify system-level reference data |
| Upload Images | Allows users to upload custom images |
| Web Service: Add | Allows users to add web services |
| Web Service: Delete | Allows users to delete web services |
| Web Service: Modify | Allows users to modify web services |
The Issue Management permission gives users access to add, modify and delete issues both in the Director application, and in the standalone Issue Management application
| Permission | Use |
|---|---|
| Administer Issues | Allows users to add, modify and delete issues. |
The Match Review permission grants users the ability to edit review comments in Match Review. Note that specific decision permissions can be granted to different user groups by using a customized workflow.
| Permission | Use |
|---|---|
| Edit Review Comments | Allows users to edit review comments in Match Review. This permission is not normally granted to most users as it allows users to change the audit trail. Users without this permission can still add and 'delete' comments, though deleted comments are retained in the audit trail. |
| Permission | Use |
|---|---|
| Access Server Administration | Allows users to access the Server Configuration pages from the Launchpad. |
| Add Extension | Allows users to add extensions on the OEDQ server via the Extensions page within Server Configuration. |
| Change Functional Packs | Allows users to change the functional pack enablement configuration of the OEDQ server. |
| Delete Extension | Allows users to delete extensions from the OEDQ server via the Extensions page within Server Configuration. |
| Modify Database Configuration | Allows users to modify the OEDQ database configuration in the Database Setup page within Server Configuration. |
| Set Configuration Directory | Allows users to modify the OEDQ configuration directory in the Configuration Directory page within Server Configuration. |
| Permission | Use |
|---|---|
| Job: Execute | Allows users to execute jobs in the Server Console UI or from the Command Line using the runopsjob command |
| View all Events in Event Log | Allows users access to the Event Log |
| Permission | Use |
|---|---|
| Connect to Messaging System | Allows users to connect to the messaging system (web services and/or JMS) |
| System Administration | Allows access to system administration functionality such as using the JMX interface |
| Upload files via FTP | Allows users to upload files to the OEDQ server by FTP |
| Permission | Use |
|---|---|
| Access User Administration | Allows users to access the User Configuration pages on the Launchpad |
| Add Group | Allows users to add new groups |
| Add User | Allows users to add new users |
| Block User | Allows users to block user accounts |
| Change/Reset User Passwords | Allows users to change or reset user passwords |
| Delete Group | Allows users to delete groups |
| Delete User | Allows users to delete users |
| Modify Account Security Options | Allows users to modify the account security options such as minimum password strength |
| Modify External Group Permissions | Allows users to modify the map from external groups (for example, Active Directory groups) to OEDQ groups |
| Modify Group | Allows users to modify (rename) groups |
| Modify User Details | Allows users to modify user details |
| Modify User Group Permissions | Allows users to modify the permissions associated with each group |
| Set User Application Access | Allows users to set the user groups that are granted access to each OEDQ user application |
| Unblock User | Allows users to unblock user accounts |
Oracle ® Enterprise Data Quality Help version 9.0
Copyright ©
2006,2012, Oracle and/or its affiliates. All rights reserved.