Overview of Security in Oracle Business Intelligence:
Oracle Business Intelligence 11g is tightly integrated with the Oracle Fusion Middleware Security architecture and delegates core security functionality to components of that architecture. Specifically, any Oracle Business Intelligence installation makes use of the following types of security providers:
Authentication provider that knows how to access information about the users and groups accessible to Oracle Business Intelligence and is responsible for authenticating users.
Policy store provider that provides access to Application Roles and Application Policies, which forms a core part of the security policy and determines what users can and cannot see and do in Oracle Business Intelligence.
Credential store provider that is responsible for storing and providing access to credentials required by Oracle Business Intelligence.
By default, an Oracle Business Intelligence installation is configured with an authentication provider that uses the Oracle WebLogic Server embedded LDAP server for user and group information. The Oracle Business Intelligence default policy store provider and credential store provider store Credentials, Application Roles and Application Policies in files in the domain.
Authentication: Each Oracle Business Intelligence 11g installation has an associated Oracle WebLogic Server domain. Oracle Business Intelligence delegates user authentication to the first authentication provider configured for that domain.
- The default authentication provider accesses user and group information stored in the LDAP server embedded in the Oracle Business Intelligence's Oracle WebLogic Server domain.
- The Oracle WebLogic Server Administration Console can be used to create and manage users and groups in the embedded LDAP server.
Authorization: After a user has been authenticated, the next critical aspect of security is ensuring that the user can do and see what they are authorized to do and see. Authorization is controlled by a security policy defined in terms of applications roles.
Application Roles represent a functional role that a User has, which gives that User the privileges required to perform that role. For example, having the Sales Analyst Application Role might grant a User access to view, edit and create reports on a company's sales pipeline.
Creating User and Group:
- Log in to Oracle WebLogic Server Administration Console.
- In the Domain Structure tab at the left-hand side, select the Security Realms link.
- In the list of Realms, select the realm that you are configuring.(For example, myrealm.)
- Select User and Groups tab
- In User Sub tab Click on New
And Click OK
- Click on the Group tab → click on New
And Click OK
- Assign users to Group: Select the user
- Select the Groups tab. Select the group and add
Click and Save
Mapping Application Role and Group:
- Login to enterprise manager
- Select the application role (shown below)
- Select the Application Role which need to group mapping
- Click on Edit and click on New in member section
- Select group and click add
- Click OK
- Verify the group is added
No comments:
Post a Comment