Direct Query Security Options

New apartment
March 31, 2009
Adrian Ward and Rittman Mead merger
April 7, 2009

This is an interesting one. I can see what they’ve tried to accomplish with that, however, to me it sounds as hammering nails with a golden watch. The whole point of OBIEE is to isolate users from PL/SQL and make their life easier. That’s why I get surprised that there’re always numerous questions regarding using stored procedures in OBIEE on OTN forums.

I wonder if you are using many direct query requests at all in your systems?

Someone has been investigating the Direct Query security options under the Admin menu, Manage Privileges in Analytics.

They wish to allow Web Administrators to be able to write direct query requests, and want users to only be able to run the requests and not be able to modify the SQL/Criteria tab.

They have accomplished this by setting the “Issue SQL Directly” option to Web Administrators only, the “Edit Direct Database Requests” option to Web Administrators only, and the “Execute Direct Database Requests” to All Users. This works fine. Now what they want to allow the users to modify the requests but only be able to view the Results tab. The idea here is to not let the users modify the SQL (criteria tab), but to allow them to build pivot tables and charts off of the dataset.

Is this possible? What security need to be set to accomplish this? And the answer was

This is not currently possible

1 Comment

  1. Adrian Ward says:

    My answer would probably have been

    “Why don’t you trust your power users to run SQL?”

    or could be

    “Why not expose the Dataset into Excel (via ODBC) if you just want Pivot tables and Charts, and you don’t trust your power users”


    “Why are you relying on the Direct SQL? Can’t you build the query in a normal way?”


    “Why don’t you expose a special Subject Area which has the dataset in?”

    Mind you, I do think there is a gap in the way that datsets are not manageable in Answers. Some hardened reporting specialist always harken back to the days they could get an extract from the Db (via TOAD or Biz Objects), dump into Excel and do the reporting they were comfortable with.

Leave a Reply