When working with Oracle Analytics Cloud (OAC) certain users need the super user privileges. The Service Administrator. The user that created the instance gets it by default. The standard setup of inside OAC (Console->Users and Roles->Application Roles->BI Service Administrator) is not enough.
One of the major problems is connecting to Data Modeler Client and getting an Error while all parameters seems fine.
Most of what we need can be found in the A-Team blog, Provisioning Oracle Analytics Cloud Natively in Oracle Cloud Infrastructure. I will summarize the relevant parts.
When creating OAC instances, if the user is not OCI (Oracle Cloud Infrastructure) Admin, the user should be assigned to a group and the group should get a privilege to manage analytics-instances in the relevant compartment see here for more about privileges.
allow group <IAM Group> to manage analytics-instances in compartment <Compartment>
Next we should get to the IDCS screen. Find the relevant Oracle Cloud Service and assign the User, Group or Application Role to the ServiceAdministrator Application Role.
This the detailed description of the above paragraph:
From Burger menu on the left select Identity & Security and Federation:
There click on the Identity Provider
And press the
Oracle Identity Cloud Service Console link:
There select the burger menu and Oracle Cloud Services:
You might have one or many services there. Find the ANALYTICSINST that is relevant to you and click on it.
Now find the Application Roles tab. There click on the menu (on the right) for Service Administrator and assign User, Group or Application Role to it.
Once you select an option, a search screen with all possible values appears.
Select who you want to add to Service Administrator Application Role.
If you are interested in the relationship between "Application Roles
Available in Oracle Cloud Infrastructure
Console" and "Permissions in Oracle
Analytics Cloud", you can find it here:
https://docs.oracle.com/en/cloud/paas/analytics-cloud/acabi/users-and-groups.html#GUID-811DEC21-ECF8-4E98-86F3-8BC2088A11A4
Basic table from documentation:
Detailed table from Analytics perspective:
|
Predefined Application
Role in
Oracle Identity
Cloud Service
|
Default Members
|
Description
|
Predefined
Application Roles in Oracle
Analytics Cloud
|
|
ServiceAdministrator
|
Administrator
who created the
service
|
Allows users
to administer Oracle Analytics Cloud and
delegate
privileges to others using the Console.
|
BI
Service Administrator
|
|
ServiceAdministrator
|
BI Service Administrator
|
Allows users
to manage data models in Oracle
Analytics
Cloud using Data Modeler
|
BI
Data Model Author
|
|
ServiceAdministrator
|
BI Service
Administrator
|
Allows users
to load data.
|
BI
Data Load Author
|
|
ServiceUser
|
BI Service
Administrator
|
Allows users
to create visualization projects, load data
for data
visualizations, and explore data
visualizations.
|
DV
Content Author
|
|
ServiceUser
|
BI Service
Administrator
DV
Content Author
|
Allows users
to create analyses and dashboards in
Oracle
Analytics Cloud and share them with others.
|
BI
Content Author
|
|
ServiceViewer
|
DV Content
Author
|
Allows users
to explore data visualizations.
|
DV
Consumer
|
|
ServiceViewer
|
DV Content
Author
BI Content
Author
BI Data Load
Author
|
Allows users
to view and run reports in Oracle
Analytics
Cloud (projects, analyses, dashboards).
Use this
application role to control who has access to
the service.
|
BI
Consumer
|
|
ServiceDeployer
ServiceDeveloper
|
|
|
Not
used
|
