4 Extending Security in Oracle BI Applications

You can extend the preconfigured Oracle Business Intelligence Applications (Oracle BI Applications) security model to match your operational source system. When you extend Oracle BI Applications, you need to ensure that your customizations and any new objects are valid and functional.

You can also leverage the existing Oracle BI Applications security objects when extending data-level security. To do this, copy existing security objects for secured dimensions, such as initialization blocks and Duty Roles, and then modify them to apply to the additional dimensions.

To work with security objects like Duty Roles and initialization blocks, see:

The general process for extending data-level security for repository objects is as follows:

  1. Extend the physical table by adding the attribute by which the dimension or fact needs to be secured. (This step results in a change to the data model.)
  2. Populate the relevant attribute value for each row in the fact or dimension table. (This step results in a change to the ETL mapping.)
  3. Use the Oracle BI Administration Tool to create an initialization block to fetch the attribute values and populate them into a session variable when each user logs into Oracle BI Applications. You can create a target session variable for the initialization block if the initialization block is not a row-wise initialization block. (This step results in a change to the Oracle BI Repository.) See Associating Variables with Initialization Blocks in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition.
  4. Use Oracle Enterprise Manager Fusion Middleware Control to create a Duty Role in the policy store. Then, restart the Oracle BI Server. See Creating and Deleting Application Roles Using Fusion Middleware Control in Security Guide for Oracle Business Intelligence Enterprise Edition.
  5. Use the Oracle BI Administration Tool in online mode to set up data filters based on the new role for each of the fact and dimension tables that need to be secured by the attribute you added in Step 1. (This step results in a change to the Oracle BI Repository.) See Setting Up Row-Level Security (Data Filters) in the Repository in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition.
  6. Use the Oracle BI Administration Tool in online mode to restrict object access based on the Duty Role you created in Step 4. (This step results in a change to the Oracle BI Repository.) See Setting up Object Permissions in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition.
  7. Use Presentation Services administration to set up Presentation Services catalog privileges based on the Duty Role you created in step 4. See Setting Presentation Services Privileges for Application Roles in Security Guide for Oracle Business Intelligence Enterprise Edition.