It is certainly all those with an Obie for some time working concept known Security Groups that are defined in the metadata of the BI server and are used to restrictions defined in the metadata (object constraints for objects, and presentation layers will "data level" defining the limits of so-called security filters) . Obie standard documentation, specifically the document, " Server Administration Guide "explains (in Chapter 15," Security in Oracle BI "paragraph Working with Groups, part of the" Group Inheritance "application of the" Least Restrictive "rule in the case that the user is allocated to more groups with the "conflict" have calendar access privileges: "If there are multiple groups acting on a user or group at the Same Level with Conflicting security attributes, the user or group is Granted theLeast Restrictive security attribute . Any explicit permissions on a user acting take precedence over Any privileges on the objects AMsame Granted That's through user groups. " Basically, if defined security group GROUP , such as the right to "read" on the field operators SA1 presentation layer metadata and security groupGROUPB , which has "Read" privilege on the SA1 area operators explicitly removed, then a user USER1 assigned as GROUP and GROUPB, then the user has (thanks to the "Least Restrictive" rule) "Read" right to operators SA1 area. This rule is not true the definitions of "data level security" with "security filters": Here the contrary is true "bridge Restrictive" rule - ie if I have defined a business model at the logical facts table Fact1 , and 2 security groupsGROUP and GROUPB , for the GROUP defines the logical facts of this table "security filter" for the group and GROUPB this filter is not defined. If the user USER1 , which is assigned as group GROUP , the group GROUPB polls (Answers in the tool) to the facts table metrics, he is facts of this data table is always limited by the filter defined for the group GROUP (even though both belong to the group and GROUPBthat the facts in this table is not defined with no filter). So in the case of security filters, do not confuse the description in the standard documentation Obie, the behavior of the BI server do not.