When working with Oracle Analytics Cloud (OAC) certain users need the super user privileges. The Service Administrator. The user that created the instance gets it by default. The standard setup of inside OAC (Console->Users and Roles->Application Roles->BI Service Administrator) is not enough.
One of the major problems is connecting to Data Modeler Client and getting an Error while all parameters seems fine.
Most of what we need can be found in the A-Team blog, Provisioning Oracle Analytics Cloud Natively in Oracle Cloud Infrastructure. I will summarize the relevant parts.
When creating OAC instances, if the user is not OCI (Oracle Cloud Infrastructure) Admin, the user should be assigned to a group and the group should get a privilege to manage analytics-instances in the relevant compartment see here for more about privileges.
allow group <IAM Group> to manage analytics-instances in compartment <Compartment>
Next we should get to the IDCS screen. Find the relevant Oracle Cloud Service and assign the User, Group or Application Role to the ServiceAdministrator Application Role.
This the detailed description of the above paragraph:
From Burger menu on the left select Identity & Security and Federation:
There click on the Identity Provider
And press the Oracle Identity Cloud Service Console link:
There select the burger menu and Oracle Cloud Services:
You might have one or many services there. Find the ANALYTICSINST that is relevant to you and click on it.
Now find the Application Roles tab. There click on the menu (on the right) for Service Administrator and assign User, Group or Application Role to it.
Once you select an option, a search screen with all possible values appears.
Select who you want to add to Service Administrator Application Role.
If you are interested in the relationship between "Application Roles
Available in Oracle Cloud Infrastructure
Console" and "Permissions in Oracle
Analytics Cloud", you can find it here:
Basic table from documentation:
Application Roles Available in Oracle Cloud Infrastructure Console | Permissions in Oracle Analytics Cloud |
---|---|
ServiceAdministrator |
Member of BI Service Administrator, BI Data Model Author, and BI Data Load Author. Allows users to administer Oracle Analytics Cloud and delegate privileges to others. The user who creates the service is automatically assigned this application role. |
ServiceUser |
Member of BI Content Author and DV Content Author. Allows users to create and share content. |
ServiceViewer |
Member of BI Consumer and DV Consumer. Allows users to view and explore content. |
ServiceDeployer |
Not used in Oracle Analytics Cloud. |
ServiceDeveloper |
Not used in Oracle Analytics Cloud. |
Detailed table from Analytics perspective:
Predefined Application |
Default Members |
Description |
Predefined
Application Roles in Oracle |
ServiceAdministrator |
Administrator
who created the |
Allows users
to administer Oracle Analytics Cloud and |
BI Service Administrator |
ServiceAdministrator |
BI Service Administrator |
Allows users
to manage data models in Oracle |
BI Data Model Author |
ServiceAdministrator |
BI Service Administrator |
Allows users to load data. |
BI Data Load Author |
ServiceUser |
BI Service Administrator |
Allows users
to create visualization projects, load data |
DV Content Author |
ServiceUser |
BI Service Administrator DV Content Author |
Allows users
to create analyses and dashboards in |
BI Content Author |
ServiceViewer |
DV Content Author |
Allows users to explore data visualizations. |
DV Consumer |
ServiceViewer |
DV Content
Author BI Data Load
Author |
Allows users
to view and run reports in Oracle |
BI Consumer |
ServiceDeployer ServiceDeveloper |
|
|
Not used |
Great information. Thank you...
ReplyDelete