This chapter provides details on the SecurityService methods to manage BI Publisher server security operations, such as authentication, impersonation, login, logout, and account management.
This chapter includes the following sections:
Note:
For information on debugging applications built with BI Publisher Web services, see Section 1.4, "Debugging Web Service Applications."
Note:
SecurityService is available to the BI Publisher Security Model only. If your BI Publisher deployment uses another security model (for example, LDAP, Oracle E-Business Suite, or Oracle Fusion Apps), you cannot use the SecurityService API.
Use assignRolesToUser() method to assign new roles to a user in BI Publisher.
String[] assignRolesToUser(String userName, String[] roleNames, String adminUser, String adminPassword);
Table 5-1 Parameters for assignRolesToUser() Method
| Parameter | Description |
|---|---|
|
String userName |
The user to which to add the role or roles. |
|
String[] roleNames |
The name of the role to add to the user. For example, "Financial Users". |
|
String adminUser |
Specifies a BI Publisher user name for a user with administration privileges. |
|
String adminPassword |
Specifies the password for the administration user name. |
Use createRole() method to create a role in BI Publisher.
boolean createRole(String roleName, String description, String adminUser, String adminPassword);
Table 5-2 Parameters for createRole() Method
| Parameter | Description |
|---|---|
|
String roleName |
The name of the role to create. For example, "Financial Users". |
|
String description |
The description of the role. |
|
String adminUser |
Specifies a BI Publisher user name for a user with administration privileges. |
|
String adminPassword |
Specifies the password for the administration user name. |
Use createUser() method to create a user in BI Publisher. This method returns a boolean value of the success of the method.
boolean createUser(String userName, String password, String adminUser, String adminPassword);
Table 5-3 Parameters for createUser() Method
| Parameter | Description |
|---|---|
|
String userName |
The user name to create. |
|
String password |
The password for the newly created user. |
|
String adminUser |
Specifies a BI Publisher user name for a user with administration privileges. |
|
String adminPassword |
Specifies the password for the administration user name. |
Use deleteRole() method to delete a role from BI Publisher. This method returns a boolean value of the success of the method.
boolean deleteRole(String roleName, String adminUser, String adminPassword);
Use deleteUser() method to delete a user from BI Publisher. This method returns a boolean value of the success of the method.
boolean deleteUser(String userName, String adminUser, String adminPassword);
This method returns the number of seconds an HTTP session interval is.
int getBIPHTTPSessionInterval(void);
This method extracts the report-level permissions (from security.xml) for a BIEE integrated catalog.
byte[] getObjectSecurityXML(String adminUsername, String adminPassword, String objectAbsolutePath, boolean isRecursive);
Table 5-6 Parameters for getObjectSecurityXML() Method
| Parameter | Description |
|---|---|
|
String adminUsername |
The user name for a BI Publisher user with administrator privileges. |
|
String adminPassword |
The password associated with the adminUserName. |
|
String objectAbsolutePath |
The absolute path to the catalog object for which to retrieve the permissions description. |
|
boolean isRecursive |
Whether or not objectAbsolutePath is recursive. |
This method returns BI Publisher's security model in place.
String getSecurityModel(void);
This method verifies if the specified user has access to the report object referenced by reportAbsolutePath. This method first authenticates user with the specified credentials. Upon successful authentication, it verifies the user's privileges to access the report object.
boolean hasObjectAccess(String reportAbsolutePath, String roleName, String userID, String password);
Table 5-7 Parameters for hasObjectAccess() Method
| Parameter | Description |
|---|---|
|
String reportAbsolutePath |
The path to the report object for which you want to verify the user's access privileges. For example: /HR Manager/Employee Reports/Employee Listing.xdo |
|
String roleName |
For future use. Ignore this parameter as it is not yet functional. |
|
String userID |
Specifies the BI Publisher user name. |
|
String password |
Specifies the password for the user name. |
This method verifies if a pre-authenticated bipSession has the privilege to access the report object relative to reportAbsolutePath.
For more information about in-session methods, see Section 1.3, "About In-Session Methods."
boolean hasObjectAccessInSession(string reportAbsolutePath, string roleName, string bipSessionToken);
Table 5-8 Parameters for hasObjectAccessInSession() Method
| Parameter | Description |
|---|---|
|
String reportAbsolutePath |
The absolute path to the report object. |
|
String roleName |
The role associated with the given user. |
|
String bipSessionToken |
The proprietary token string generated for the user by the BI Publisher server. With the bipSessionToken string, the user no longer needs to provide user credentials. The BI Publisher server can validate this token string and restore the BI Publisher server session to perform needed operation. |
This method enables an admin account to act on the behalf of a user account. This is very useful if the user doesn't have a known password to be authenticated by BI Publisher server. This method logs in using admin account privilege, then switches the owner of the BI Publisher server session to the passed-in username. Therefore, bipSession token later will be verified by passed-in username. All further BI Publisher operations are performed through give n username.
String impersonate(String adminUsername, String adminPassword,String username);
Table 5-9 Parameters for impersonate() Method
| Parameter | Description |
|---|---|
|
String adminUserName |
Specifies a BI Publisher user name for a user with administration privileges |
|
String adminPassword |
Specifies the password for the administration user name. |
|
String username |
The username of the user account that will be granted administrator privileges. |
Use isUserExists() method to test if a user name exists in the BI Publisher security model. This method returns the result as a boolean value.
boolean isUserExists(String userName, String adminUser, String adminPassword);
Use the login() method to log in to BI Publisher and perform other BI Publisher actions using Web Services. The login() method returns a String, which will become the BI Publisher session ID
String login(String userID, String password);
This method, in effect, logs the specified user out of the system by invalidating the user's bipSessionToken. After successful logout, the bipSessionToken string is no longer valid.
boolean logout(String bipSessionToken);
This method is provided for BIEE user preference integration purpose only.
boolean notifyBIEEPreferencesupdated(bieeSessionID);
This method is provided for BIEE user preference integration purpose only.
boolean notifyBIEEPreferencesUpdatedWithString(String bieeSessionID, String userPrefesXML);
Use removeRolesFromUser() method to remove roles from a user in BI Publisher.
String[] removeRolesFromUser(String userName, String[] roleNames, String adminUser, String adminPassword);
Table 5-15 Parameters for removeRolesFromUser() Method
| Parameter | Description |
|---|---|
|
String userName |
The user from which to delete the role or roles. |
|
String[] roleNames |
The name of the role to delete from the user. For example, "Financial Users". |
|
String adminUser |
Specifies a BI Publisher user name for a user with administration privileges. |
|
String adminPassword |
Specifies the password for the administration user name. |
Use updateRole() method to update the description of a role that currently exists in BI Publisher.
boolean updateRole(String currentRoleName, String newDescription, String adminUser, String adminPassword);
Table 5-16 Parameters for updateRole() Method
| Parameter | Description |
|---|---|
|
String currentRoleName |
The name of the role to update. |
|
String newDescription |
The updated description of the role to apply. |
|
String adminUser |
Specifies a BI Publisher user name for a user with administration privileges. |
|
String adminPassword |
Specifies the password for the administration user name. |
Use updateUser() method to update a user's password in BI Publisher. This method returns a boolean value of the success of the method.
boolean updateUser(String currentUsername, String newPassword, String adminUser, String adminPassword);
Table 5-17 Parameters for updateUser() Method
| Parameter | Description |
|---|---|
|
String currentUserName |
The user name to update. |
|
String newPassword |
The new password to assign to the user name. |
|
String adminUser |
Specifies a BI Publisher user name for a user with administration privileges. |
|
String adminPassword |
Specifies the password for the administration user name. |
Use the validateLogin() method to validate that a UserID and Password have the privilege to access the Oracle BI Publisher report server.
boolean validateLogin(String userID, String password);