About Applying Data Access Security in Offline Mode

You should perform data access security tasks in the Oracle BI Administration Tool in online mode.

The Administration Tool does not store users in the repository, and you cannot create a query that returns repository users.

In online mode, you can retrieve the latest list of application roles from the policy store at any time by selecting Action, then selecting Synchronize Application Roles in the Identity Manager.

Setting Up Placeholder Application Roles for Offline Repository Development

Application roles are created and managed in the policy store using the Oracle WebLogic Administration Console and Fusion Middleware Control.

These application roles are displayed in the Administration Tool in online mode so that you can use them to set data filters, object permissions, and query limits for particular roles. The application roles in the policy store are retrieved by the Oracle BI Server when it starts.

In some cases, you may want to proceed with setting up data access security in your repository for application roles that have not yet been defined in the policy store. You can do this by creating placeholder application roles in the Administration Tool, then proceeding with setting up data access security in the repository.

If you create placeholder application roles in the Administration Tool, you must eventually add them to the policy store. Run a consistency check in online mode to identify application roles that have been defined in the Administration Tool, but that have not yet been added to the policy store. Be sure to use the same name in the policy store that you used for the placeholder role in the Administration Tool.

Note:

Use caution when defining and using placeholder roles. If you make changes to a role in offline mode that also exists in the policy store, the changes will be overwritten the next time you connect to the Oracle BI Server.

  1. Open your repository in the Administration Tool.

  2. Select Manage, then select Identity.

  3. In the Identity Manager dialog, select Action > New > Application Role.

  4. In the Application Role dialog, provide the following information:

    • Name: Provide a name for the role.

    • Display Name: Enter the display name for the role.

    • Description: Optionally, provide a description of this application role.

    • Members: Use the Add and Remove buttons to add or remove users and other application roles as appropriate.

    • Permissions: Set object permissions, data filters, and query limits for this application role as appropriate. Refer to the other sections in this chapter for detailed information.

  5. Click OK to return to the Identity Manager.

  1. Open your repository in online mode in the Administration Tool.
  2. Select File, then select Check Global Consistency.

    Record any entries related to application roles, then add the appropriate roles to the policy store as appropriate. See Using Tools to Configure Security in Oracle Business Intelligence in the Security Guide for Oracle Business Intelligence Enterprise Edition for information about adding application roles to the policy store.

  3. (Optional) Select individual rows, and click Copy to copy the entries to a text file.

You can check an individual application role by right-clicking the application role in the Identity Manager dialog and then selecting Check Consistency.