Skip Headers
Oracle® Fusion Middleware Security Guide for Oracle Business Intelligence Enterprise Edition
11
g
Release 1 (11.1.1)
Part Number E10543-03
Home
Book List
Index
Master Index
Contact Us
Next
View PDF
Contents
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
System Requirements and Certification
Conventions
New Features in Oracle Business Intelligence Security
New Features for Oracle BI EE 11
g
Release 1 (11.1.1.5)
New Features for Oracle BI EE 11
g
Release 1 (11.1.1.3)
1
Introduction to Security in Oracle Business Intelligence
1.1
High-level Roadmap for Setting Up Security In Oracle Business Intelligence
1.2
Overview of Security in Oracle Business Intelligence
1.3
About Authentication
1.4
About Authorization
1.4.1
About Application Roles
1.4.2
About The Security Policy
1.5
About Pre Configured Users, Groups, and Application Roles
1.6
What Tools Configure Security in Oracle Business Intelligence?
1.6.1
Oracle WebLogic Server Administration Console
1.6.2
Oracle Fusion Middleware Control
1.6.3
Oracle BI Administration Tool
1.6.4
Administration Page in Oracle BI Analytics
1.7
Example: Looking at the Installed Users, Groups, and Application Roles
1.7.1
About Using Oracle WebLogic Server Administration Console
1.7.2
About Using Fusion Middleware Control
1.7.3
About Using the Oracle BI Administration Tool
1.7.4
About Using Administration Page in Oracle BI Presentation Catalog
1.8
Detailed List of Steps for Setting Up Security In Oracle Business Intelligence
1.9
Comparing the Oracle Business Intelligence 10
g
and 11
g
Security Models
1.10
Terminology
2
Managing Security Using the Default Security Configuration
2.1
Working with the Default Users, Groups, and Application Roles
2.2
An Example Security Setup Using the Default Groups and Application Roles
2.3
Creating and Managing Users and Groups in the Embedded WebLogic LDAP Server
2.3.1
Overview of Setting Up Users, Groups, and Application Roles
2.3.1.1
Assigning a User to a Default Group
2.3.1.2
Assigning a User to a New Group and a New Application Role
2.3.2
Launching Oracle WebLogic Server Administration Console
2.3.3
Creating a New User in the Embedded WebLogic LDAP Server
2.3.4
Creating a Group in the Embedded WebLogic LDAP Server
2.3.5
Assigning a User to a Group in the Embedded WebLogic LDAP Server
2.3.6
(Optional) Changing a User Password in the Embedded WebLogic LDAP Server
2.4
Creating and Managing Application Roles and Application Policies Using Fusion Middleware Control
2.4.1
Starting Oracle Fusion Middleware Control and Locating the Pages for Managing Security
2.4.1.1
Overview
2.4.1.2
Displaying the Security Menu in Fusion Middleware Control from coreapplication
2.4.1.3
Displaying the Security Menu in Fusion Middleware Control from bifoundation_domain
2.4.2
Creating Application Roles Using Fusion Middleware Control
2.4.2.1
Overview
2.4.2.2
Creating an Application Role
2.4.2.3
Assigning a Group to an Application Role
2.4.3
Creating Application Policies Using Fusion Middleware Control
2.4.4
Modifying Application Roles Using Oracle Fusion Middleware Control
2.4.4.1
Adding or Removing Permission Grants from an Application Role
2.4.4.2
Adding or Removing Members from an Application Role
2.5
Managing Metadata Repository Privileges Using the Oracle BI Administration Tool
2.5.1
Overview
2.5.2
Setting Repository Privileges for an Application Role
2.5.3
Advanced Security Configuration Topics
2.5.3.1
About Managing Application Roles in the Metadata Repository
2.6
Managing Presentation Services Catalog Privileges Using Application Roles
2.6.1
Overview
2.6.2
About Presentation Services Catalog Privileges
2.6.3
Setting Oracle BI Presentation Catalog Privileges for an Application Role
2.6.4
Advanced Security Configuration Topics
2.6.4.1
About Encryption in BI Presentation Services
2.7
Enabling High Availability of the Default Embedded Oracle WebLogic Server LDAP Identity Store
3
Using Alternative Authentication Providers
3.1
Common Tasks for Deploying an Alternative Authentication Provider
3.2
Configuring an Alternative Authentication Provider
3.2.1
High Level Steps for Configuring an Alternative Authentication Provider
3.2.2
Prerequisites for Using Alternative Authentication Providers
3.2.3
Configuring Oracle Business Intelligence To Use Alternative Authentication Providers
3.2.3.1
Configuring Oracle Business Intelligence to use Oracle Internet Directory as the Authentication Provider
3.2.3.2
Configuring Oracle Business Intelligence to use Active Directory as the Authentication Provider
3.2.4
Configuring User And Group Name Attributes In The Identity Store
3.2.4.1
Configuring the User Name Attribute in the Identity Store
3.2.4.2
(Optional for Active Directory) To Change Group Name Attributes
3.2.5
Configuring the GUID Attribute in the Identity Store
3.2.6
Configuring a New Trusted User (BISystemUser)
3.2.7
Regenerating User GUIDs
3.3
Configuring OID as the Policy Store and Credential Store
3.4
Configuring an LDAP Authentication Provider as the Single Source
3.4.1
Configuring OID LDAP Authentication as the Single Source
3.4.2
Troubleshooting
4
Enabling SSO Authentication
4.1
SSO Configuration Tasks for Oracle Business Intelligence
4.2
Understanding SSO Authentication and Oracle Business Intelligence
4.2.1
How an Identity Asserter Works
4.2.2
How Oracle Business Intelligence Operates With SSO Authentication
4.3
SSO Implementation Considerations
4.4
Configuring SSO in an Oracle Access Manager Environment
4.4.1
Configuring a New Authenticator for Oracle WebLogic Server
4.4.2
Configuring Oracle Access Manager as a New Identity Asserter for Oracle WebLogic Server
4.5
Configuring Custom SSO Environments
4.6
Using Fusion Middleware Control to Enable SSO Authentication
5
SSL Configuration in Oracle Business Intelligence
5.1
Common SSL Configuration Tasks for Oracle Business Intelligence
5.2
About SSL
5.2.1
SSL in Oracle Business Intelligence
5.2.2
Creating Certificates and Keys in Oracle Business Intelligence
5.2.3
Credential Storage
5.3
Configuring the Web Server to Use the HTTPS Protocol
5.4
Configuring SSL Communication Between Components
5.4.1
Locking the Configuration
5.4.2
Generating the SSL Certificates
5.4.3
Commit the SSL Configuration Changes
5.4.3.1
Troubleshooting Tip
5.4.4
Verifying the SSL Credentials in the Credential Store
5.4.5
Enabling the SSL Configuration
5.4.6
Confirming SSL Status
5.4.7
Configuring the SMTP Server
5.4.8
Updating Expired SSL Certificates
5.5
Additional SSL Configuration Options
5.5.1
Using SASchInvoke When BI Scheduler is SSL-Enabled
5.5.2
Configuring Oracle BI Job Manager
5.5.3
Enabling the Online Catalog Manager to Connect
5.5.4
Configuring the Oracle BI Administration Tool
5.5.5
Configuring an ODBC DSN for Remote Client Access
5.6
Advanced SSL Configuration Options
A
Alternative Security Administration Options
A.1
Alternative Authentication Options
A.1.1
Setting Up LDAP Authentication
A.1.1.1
Setting Up an LDAP Server
A.1.1.2
Defining a USER Session Variable for LDAP Authentication
A.1.1.3
Setting the Logging Level
A.1.2
Setting Up External Table Authentication
A.1.3
About Oracle BI Delivers and External Initialization Block Authentication
A.1.4
Order of Authentication
A.1.5
Authenticating by Using a Custom Authenticator Plug-In
A.1.6
Managing Session Variables
A.1.7
Managing Server Sessions
A.1.7.1
Using the Session Manager
A.2
Alternative Authorization Options
A.2.1
Changes Affecting Security in Presentation Services
A.2.2
Managing Presentation Services Catalog Privileges Using Catalog Groups
B
Understanding the Default Security Configuration
B.1
About Securing Oracle Business Intelligence
B.2
About the Security Framework
B.2.1
Oracle Platform Security Services
B.2.2
Oracle WebLogic Server Domain
B.3
Key Security Elements
B.4
Default Security Configuration
B.4.1
Default Policy Store Provider
B.4.1.1
Default Permissions
B.4.1.2
Default Application Roles
B.4.1.3
Default Application Roles, Permission Grants, and Group Mappings
B.4.2
Default Authentication Provider
B.4.2.1
Default Groups and Members
B.4.2.2
Default Users and Passwords
B.4.3
Default Credential Store Provider
B.4.3.1
Default Credentials
B.4.4
How Permissions Are Granted Using Application Roles
B.4.4.1
Permission Inheritance and Role Hierarchy
B.4.4.2
Presentation Services Catalog Groups and Precedence
B.5
Common Security Tasks After Installation
B.5.1
Common Security Tasks to Evaluate Oracle Business Intelligence
B.5.2
Common Security Tasks to Implement Oracle Business Intelligence
B.6
About the Default Security Configuration After Upgrade
B.6.1
Security-Related Changes After Upgrading
B.6.1.1
Changes Affecting the Identity Store
B.6.1.2
Changes Affecting the Policy Store
B.6.1.3
Changes Affecting the Default Repository File
B.6.1.4
Changes Affecting the Oracle BI Presentation Catalog
B.6.2
Planning to Upgrade a 10
g
Repository
B.6.3
Upgrading an Existing SSL Environment
B.6.4
Upgrading an Existing SSO Environment
C
Troubleshooting Security in Oracle Business Intelligence
C.1
Resolving Inconsistencies With the Identity Store
C.1.1
User is Deleted From the Identity Store
C.1.2
User is Renamed in the Identity Store
C.1.3
User Name is Reused in the Identity Store
C.2
Resolving Inconsistencies With the Policy Store
C.2.1
Application Role Was Deleted From the Policy Store
C.2.2
Application Role is Renamed in the Policy Store
C.2.3
Application Role Name is Reused in the Policy Store
C.2.4
Application Role Reference is Added to a Repository in Offline Mode
C.3
Resolving SSL Communication Problems
C.4
Resolving Issues with BISystemUser Credentials
C.5
Resolving Custom SSO Environment Issues
C.6
Resolving IBM LDAP Init Block Based Authentication on Linux x86 (64-Bit)
D
Managing Security for Dashboards and Analyses
D.1
Managing Security for Users of Oracle BI Presentation Services
D.1.1
Where Are Oracle BI Presentation Services Security Settings Made?
D.1.2
What are the Security Goals in Oracle BI Presentation Services?
D.1.3
How Are Permissions and Privileges Assigned to Users?
D.2
Managing Users Using Administration Pages
D.2.1
Understanding the Administration Pages
D.2.2
Working with Catalog Groups
D.2.2.1
Creating Catalog Groups
D.2.2.2
Deleting Catalog Groups
D.2.2.3
Editing Catalog Groups
D.2.3
Managing Presentation Services Privileges
D.2.3.1
What are Privileges?
D.2.3.2
Setting Privileges in Oracle BI Presentation Services Administration
D.2.3.3
Default Oracle BI Presentation Services Privilege Assignments
D.2.3.3.1
Access to Oracle BI Enterprise Edition Actions
D.2.3.3.2
Access to Oracle BI for Microsoft Office Privilege
D.2.3.3.3
Save Content with HTML Markup Privilege
D.2.4
Managing Sessions in Oracle BI Presentation Services
D.3
Inheritance of Permissions and Privileges for Oracle BI Presentation Services
D.3.1
Rules for Inheritance for Permissions and Privileges
D.3.2
Example of Inherited Privileges for Application Roles
D.3.3
Example of Inherited Privileges for Catalog Groups
D.4
Providing Shared Dashboards for Users
D.4.1
Understanding the Catalog Structure for Shared Dashboards
D.4.2
Creating Shared Dashboards
D.4.3
Testing the Dashboards
D.4.4
Releasing Dashboards to the User Community
D.5
Controlling Access to Saved Customization Options in Dashboards
D.5.1
Overview of Saved Customizations in Dashboards
D.5.2
Administering Saved Customizations
D.5.2.1
Privileges for Saved Customizations
D.5.2.2
Permissions for Saved Customizations
D.5.2.2.1
Assigning Permissions to Dashboards
D.5.2.2.2
Assigning Permissions for Customizations on a Dashboard Page
D.5.2.2.3
Catalog Folder Structure for Saved Customizations
D.5.3
Permission and Privilege Settings for Creating Saved Customizations
D.5.4
Example Usage Scenario for Saved Customization Administration
D.6
Enabling Users to Act for Others
D.6.1
Why Enable Users to Act for Others?
D.6.2
What are the Proxy Levels?
D.6.3
Process of Enabling Users to Act for Others
D.6.3.1
Defining the Association Between Proxy Users and Target Users
D.6.3.2
Creating Session Variables for Proxy Functionality
D.6.3.3
Modifying the Configuration File Settings for Proxy Functionality
D.6.3.4
Creating a Custom Message Template for Proxy Functionality
D.6.3.5
Assigning the Proxy Privilege
D.6.3.6
Assigning the manageRepositories Permission
Index
Scripting on this page enhances content navigation, but does not change the content in any way.