Hi, let me bring to your attention that in Essbase 21 users with User role and Database Access permission are still able to access application files system and then download sensitive files such as data import or data exports files.
We discovered this issue last year following an Essbase migration toward Essbase 21 marketplace, as our customer use native security and users had to access the console in order to reset their password.
A enhancement was raised but recently rejected (35782314 - MP: ESSBASE 21.4 RESTRAIN USER ACCESS TO APPLICATION FILES) as you should consider this behavior implemented by design.
In my own personal point of view this is a flaw by design which impacts both Essbase on independent deployment and marketplace.
https://docs.oracle.com/en/database/other-databases/essbase/21/ugess/user-role.html#GUID-59D9A447-F513-4261-B7FB-FEB390C4A9C2 : "With Database Access permission, you can also view the cube outline, and download files and artifacts from the application and cube directories. Job types you can run include building aggregations (if the cube is an aggregate storage cube), and running MDX scripts. Using the Console, you can view database size and monitor your own sessions."
What would be your point of view respect to it ? Thank you