This preface describes changes in securing Oracle Business Intelligence Enterprise Edition 11g Release 1 (11.1.1).
If you are upgrading to Oracle BI EE from a previous release, read the following information carefully, because there might be significant differences in features, tools, and procedures. For more information about upgrading to Oracle BI EE 11g, see Oracle Fusion Middleware Upgrade Guide for Oracle Business Intelligence Enterprise Edition.
This preface contains the following topics:
This section describes new features for Oracle BI EE 11g Release 1 (18.104.22.168). It contains the following topics:
New security features in Oracle BI EE 11g Release 1 (22.214.171.124.2) include:
A new Oracle BI Security Diagnostics Helper application has been added to help you diagnose possible configuration issues which may prevent your users from being able to log in to your Oracle BI system.
For more information, see "Using the Oracle BI Security Diagnostics Helper to Automatically Identify Security Issues".
New security features in Oracle BI EE 11g Release 1 (126.96.36.199.0) include:
Several new privileges were added to the Oracle BI EE Administration page:
New Catalog and Home and Header Privileges — These privileges determine which users can search the catalog, what functionality displays in the Oracle BI EE global header, who can access the Home Page and Catalog page, and who can see custom links in the global header and Getting Started area of the Home Page.
Access to BI Composer — This privilege allows users to access the basic features of BI Composer.
For more information about these privileges, see "Managing Presentation Services Privileges".
There are no new security features in Oracle BI EE 11g Release 1 (188.8.131.52).
New security features in Oracle BI EE 11g Release 1 (184.108.40.206) include:
All components of Oracle Business Intelligence are fully integrated with Oracle Fusion Middleware security architecture. Oracle Business Intelligence authenticates users using an Oracle WebLogic Server authentication provider against user information held in an identity store. User and group information is no longer held within the Oracle BI repository and the upgrade process migrates repository users and groups to become users and groups in Oracle WebLogic Server embedded directory server, which is the default identity store. Oracle Business Intelligence defines its security policy in terms of application roles held in a policy store and stores credentials in a credential store. For more information, see Chapter 1, "Introduction to Security in Oracle Business Intelligence".
Oracle BI Delivers now accesses information about users, their groups, and email addresses directly from the configured identity store. In many cases this completely removes the need to extract this information from your corporate directory into a database and configure SA Subject System Area to enable all Delivers functionality. SA System Subject Area is still supported for backward compatibility. For more information, see Chapter 2, "Managing Security Using the Default Security Configuration".
Configuring Oracle Business Intelligence to use SSL for communication between processes in the middle-tier has been greatly simplified. In addition, a trusted system identity, rather than the Administrator's identity, is used to establish trust between Oracle Business Intelligence processes. This allows an administrative user to change his or her password without any impact on middle-tier communications. For more information, see Chapter 5, "SSL Configuration in Oracle Business Intelligence" and Chapter 2, "Managing Security Using the Default Security Configuration".
In 11g any named user can be granted administrative permissions if desired. This compares to 10g where there was a single user with administrative permissions who was named Administrator. For more information, see Appendix B, "Understanding the Default Security Configuration".
The Oracle BI repository is protected by a password and the same password is used to encrypt its contents. For more information, see Section B.6.2, "Planning to Upgrade a 10g Repository".