Comparing the Oracle Business Intelligence 11g and 12c Security Models

The Oracle Business Intelligence Release 11g and Release 12c security models differ in the following ways:

  • BI System User - in Oracle Business Intelligence 11g a BI System User was used for inter-process communication and when impersonating BI users. In Oracle Business Intelligence 12c internal trust mechanisms replace this functionality and the BI System User is no longer required or provisioned.
  • Application security policies - In Oracle Business Intelligence 11g a default BI installation provisioned a default security policy in a file. Oracle Business Intelligence 12c uses a database policy store and the active security policy is imported from a BI Application Archive file or amended directly in the service instance.

  • Permissions and permission sets - in 11g the policy store specifies permissions which are (typically) assigned to application roles. In 12c a collection of Permission Sets have been added to collect together permissions that are typically assigned together as an entitlement. Permissions are still available, but in 12c Permission Sets are the preferred unit for assigning permissions to application roles.

  • User GUIDs - in Oracle Business Intelligence 11g user GUIDs were referenced at login and for security lookups in order to prevent inadvertent re-use of UserIds. In Oracle Business Intelligence 12c the user GUIDs are no longer referenced. Instead a cleaner approach to deleting a user from BI has been introduced. See Deleting a User.

The following aspects of the Oracle Business Intelligence Release 11g security model remain in Release 12c:

  • Oracle BI Server Initialization Blocks – The BI Server in Release 12c continues to support the use of initialization blocks for authentication and authorization. In Release 12c Oracle Business Intelligence falls back to use initialization blocks if the user cannot be authenticated by the installation's configured authentication provider.

    See Working With Initialization Blocks in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition

  • SA System Subject Area – Oracle Business Intelligence Release 12c supports the use of SA System Subject Area, in combination with the BI Server initialization blocks, to access user, group and profile information stored in database tables.

    See Setting Up the SA System Subject Area in Scheduling Jobs Guide for Oracle Business Intelligence Enterprise Edition.