Whatâs new w.r.t. security in 11g ?
- Users and Groups are now managed via WebLogic instead of the RPD
- New concept of âApplication Rolesâ is introduced which is maintained in Enterprise Manager
- Administrator user is no longer default user for inter-component communication
- Separate is password required to access RPD
- SSL an SSO is now much easier to implement
- Built-in LDAP to support Authorization
- âCredential Storeâ function is now under Weblogic control
- In Admin tool âManage > Identityâ inplace of âManage > Securityâ
Here is the OBIEE
11g security model
How it works ?
Users and Groups are maintained under Weblogic Administration
Console and by default OBIEE uses Weblogic embedded LDAP store for authentication.
(However, alternative
âIdentity Providersâ can be configured e.g. OID, AD etc)
Once authenticated, users are then mapped to Application
Roles which govern what users can do within each individual application.
Application roles are managed under Weblogic
Enterprise Manager.
Security Policies are then applied based on the userâs
Application Roles.
For example,
John is a Sales Manager. He will be authenticated by the LDAP
Identity Provider. After authentication he will be authorized by assigning to
the âSales Dashboard Usersâ application role. All Security Policies associated
with the application role will be applied on the user. For example, John will
get access to the âSales Dashboardâ but she can only see data for the Corporate
Accounts that he manages.
Default Security Setup
The âdefault Rolesâ have the following privileges in Oracle BI EE 11g:
BIAdministrator Role
- Manage BI Repository (RPD)
- Administer BI Publisher
BIAuthor Role
- Privileges defined in BI Presentation Catalog
- BI Publisher Develop / Design / Schedule Reports
BIConsumer Role
- Privileges defined in BI Presentation Catalog
- BI Publisher Excel / On-line Report Analyzer
âManage Privilegesâ within Oracle BI. (See below Privileges
defined in BI Presentation Catalog)
