Configuring Discoverer Plus OLAP 5-9 5.3.1 Characteristics of the folder structure of the Discoverer Catalog? After users and roles are authorized, they can create folders within the existing folder structure of the Discoverer Catalog using Discoverer Plus OLAP. The folder structure has the following characteristics: ■ The folder structure is created automatically when you install the Discoverer Catalog. ■ Folders for each user and role are created automatically within the structure when users and roles are authorized. ■ The folder structure was designed so that users can quickly store and find their own objects, but the structure also allows for sharing of objects.

5.3.2 Folders in the structure

The structure of the Discoverer Catalog consists of one root folder that contains the following main folders: ■ Users The Users folder contains a subfolder for each user or role that is authorized to use Discoverer Plus OLAP and is intended to store that user’s or role’s private objects. This subfolder is named with the user or role name, in all uppercase letters. Initially, each users and role’s subfolder contains no other subfolders, but users can create subfolders to suit their needs using Discoverer Plus OLAP. Each user or role has Full Control privileges on his or her subfolder. The D4OSYS user has Full Control privileges over the Users folder and all of its subfolders. No other users or roles have any privileges on the subfolders that belong to other users or roles. ■ Shared The subfolders in the Shared folder enable sharing of objects among users of Discoverer Plus OLAP. The Shared folder contains a subfolder for each user or role that is authorized to use Discoverer Plus OLAP. Initially, each users and role’s subfolder contains no other subfolders. Users can create subfolders to suit their needs using Discoverer Plus OLAP, because they have Full Control privileges for their own subfolders. Each user and role has Read privileges on all other subfolders under the Shared folder, because the D4OPUB role has Read privileges and all Discoverer Plus OLAP users have the D4OPUB role. A user can give other users and roles Write privileges on the subfolders in that user’s or role’s Shared subfolder. The D4OSYS user also has Full Control privileges over the Shared folder and all of its subfolders.

5.3.3 Types of privileges for objects and folders

The following list describes the privileges that are available for objects and folders in the Discoverer Catalog. Note that users can also have no privileges on certain objects and folders. ■ Add to Folder: Enables you to view the contents of a folder, to open a folder and the objects in it, and to create a folder or object applies to folders only. ■ Full Control: Enables you to change privileges on a folder or object and to create or change the folder or object. ■ List: Enables you to view the contents of a folder applies to folders only. ■ Read: Enables you to open a folder or object. 5-10 Oracle Fusion Middleware Configuration Guide for Oracle Business Intelligence Discoverer ■ Write: Enables you to create, delete, or change a folder or object. Privileges are cumulative. That is, the higher-level privileges inherit the controls of the privileges lower in the list. For example, the Write privilege inherits the controls of Read, List, and so on. If a certain privilege is not applicable, then the next privilege down in the list is acquired. For example, suppose you have Write privileges on a folder on which the user that is named Sam has List privilege which applies only to folders. You create an object in that folder. The user Sam acquires the privilege below the List privilege on that object, which is no privileges, so the user Sam cannot even see the object.

5.3.4 Managing privileges as the D4OSYS user

End users have Full Control privileges on all folders and objects in their Usersusername folder and on the Sharedusername folder, if they have been assigned that role. The D4OSYS user has Full Control privileges on the Shared folder and on the Users folder and on all their subfolders and objects. While the D4OSYS user can change the default privileges that are assigned to all folders and objects when the Discoverer Catalog is installed, such practice is not recommended. Similarly, users could invoke their Full Control privileges to reduce the privileges of the D4OSYS user. Such practice is strongly discouraged, because it prevents the D4OSYS user from backing up users’ objects.

5.3.5 Ensuring that users can use Discoverer Plus OLAP