To configure security in OBIEE, use the following tools:
1. Oracle Weblogic Server Administration Console.
2. Oracle Fusion Middleware control.
3. Oracle BI Administration tool.
4. Oracle BI Presentation service.
Oracle Web logic Administration:
1. you use Oracle weblogic Administration console to manage the embedded directory server that is used to authenticate users and groups.
Oracle Fusion Middleware Control:
1. To create and manage application roles and application policies.
Oracle BI Administration tool
1. To configure privileges in metadata.
Administration page OBI Presentation Catalog:
1.To configure privileges in BI Server.
In OBIEE 11g, we have following security providers.
a. The default authentication provider is the embedded LDAP server that is installed along with web logic server.
b. The name given for that is "DEFAULT AUTHENTICATOR". This is meant for authenticating users.
2. Policy Store Provider:
a. It provides user to security policy and determines what users can see, what users cannot see, what users can do and what cannot do.
3. Credential Store Provider:
b. It is responsible for storing and providing access to credentials required by OBI
c. Flexible security framework allows users easily linking to external security.
d. All enabled through Oracle platform security service(OPSS)
Installed Application Roles, Groups and Users:
BI System: Role:
1. It is used for inter application communication between the multiple OBI system components.
2. In OBIEE 10g we were having Administrator account for having communication between system components.
3. In OBIEE 11g, if we forget a password for the repository, there is no way to use the repository. i.e.., Lost password=Lost Repository
· Application Role:It is a defined job, role to which permissions are assigned. For example marketing manager, webcatalog Admin.
· Credential Store:Application policies are collection of permissions assigned to the roles.
· Identity Store:LDAP server, Database etc.., that stores users & groups.
· Policy Store:Files ,database etc.., that stores application roles & policies.
· Web logic server Embedded LDAP server: The built in LDAP server within web logic server(restricted use license)(Ex: Pega)
· Security Realms: It is a container for the mechanisms including users, groups, security roles, security policies and security providers that are used to protect web logic resources.
Note: While migrating security , all that we have to do is create users and groups in
the target LDAP server and migrate the application roles. Application roles will
map to the users and groups and security will be enforced as it is.
1.Creating Users and Groups:
· Login to Web logic Admin console
· From left side click on security realms
· From right hand side screen click my realm
· Click on users and Groups
· Click on New to create user.
· Provide name : User1
· Provide Password : Admin123
· Click on OK.
· Click on Groups
· Click on New
· Provide group name: group1
· Click on OK
· Click on Users tab
· Click on user1
· Click on Groups tab
· Select Group1 also select BI Authors
· Click on Save.
2. Creating Application Roles and Assigning Groups:
· Login to Enterprise Manager
· Expand Business Intelligence --> Select Core Application --> Right Click --> Security.
· Click on Create
· Provide the Role Name : Group1
· Provide D.Name : Group1
· Click on Add Group
· Select : Group 1
· Click on OK
· Click on OK
· Restart BI services.
· In Online mode from tool bar of the rpd click on Manage-->Identity--> You can see the User and new application role created in web logic console and Enterprise Manager.
· Now double click on User --> Role. You will be able to see permissions by using that we can implement all levels of security like OBIEE 10g.
i. Object Level Security (Table, Column )
ii. Row level security (Data level)
iii. Time period level security