Oracle^® Business Intelligence Presentation Services Administration Guide > Managing Oracle BI Presentation Services Security >

Overview of Oracle BI Presentation Services Security

This section provides an overview of Oracle BI Presentation Services security. It contains the following topics:

• Where Oracle BI Presentation Services Security Settings Are Made
• Differences Between Groups and Presentation Services Groups
• Your Security Goals in Oracle BI Presentation Services
• About Access Control and Permissions in Oracle BI Presentation Services
• About User Rights and Privileges in Oracle BI Presentation Services
• About User Authentication in Oracle BI Presentation Services

Where Oracle BI Presentation Services Security Settings Are Made

Security settings that affect Oracle BI Presentation Services are made in the following Oracle Business Intelligence components:

• Oracle BI Administration Tool. This is where you perform the following tasks:
  • Set permissions for business models, tables, columns, and subject areas.
  • Specify database access for each user.
  • Specify filters to limit the data accessible by users.
  • Set authentication options.

    For more information, read Oracle Business Intelligence Server Administration Guide.

• Oracle BI Presentation Services Administration. This is where you set permissions to Presentation Catalog items, including dashboards, and the privilege to perform actions such as edit views, create iBots, and create prompts.
• Catalog Manager. This is where you set permissions to Presentation Catalog items, including dashboards. For more information about Catalog Manager, see Managing Presentation Catalogs Using Oracle BI Catalog Manager.

Differences Between Groups and Presentation Services Groups

Oracle Business Intelligence has both Groups and Presentation Services groups. Although similar, they do have some differences. Both types of groups are sets of security attributes that grant or deny privileges to sets of users. By grouping users together, you simplify the administration of these privileges:

• Groups apply privileges to Oracle BI Server objects.
• Presentation Services groups apply privileges to Oracle BI Presentation Services objects.

Your Security Goals in Oracle BI Presentation Services

Your main security goals are to make sure that:

• Only appropriate people can log on and access Oracle BI Presentation Services. This is achieved by assigning logon rights and authenticating users through the Oracle BI Server. For more information about authentication, read About Oracle BI Presentation Services User Authentication.
• Employees can access only the data that is appropriate to them. This is achieved by applying access control in the form of permissions.
• Employees have the ability to perform only actions that are appropriate to them. This is achieved by applying user rights in the form of privileges.

You can set up Oracle Business Intelligence to use the single sign-on feature from the Web server. Oracle BI Presentation Services can use this feature when obtaining information for end users. For complete information on single sign-on, refer to the section on user authentication support in the Oracle Business Intelligence Infrastructure Installation and Configuration Guide.

About Access Control and Permissions in Oracle BI Presentation Services

Access control defines the ability of an account to access a shared Presentation Catalog item. Catalog items are folders and requests, where folders are application folders, dashboard folders, and dashboard page folders.

An account is one of the following:

• An individual user.
• A Presentation Services group that has one or more users as members.

Permissions describe the type of access to an object that an account is permitted. Examples are Read and Full Control.

Each Presentation Catalog item has an access control list that defines which accounts have which permissions to access the item. The access control list is stored in the item's corresponding attribute (.atr) file. An access control list has the general form shown in Table 14.

For more information about permissions, read About Setting Oracle BI Presentation Services Permissions.

About User Rights and Privileges in Oracle BI Presentation Services

Privileges are the actions that users have the right to perform in Oracle BI Presentation Services. Example privileges are "Edit system-wide column formats" and "Create iBots."

Privileges are managed by associating them with accounts, that is, individual users or Presentation Services groups. A specific account is either granted or denied a specific privilege. These associations are created in privilege assignment tables.

The general form of a privilege assignment table is shown in Table 15. The Presentation Services groups in the right column are granted the privileges in the left column.

For more information about privileges, read About Setting Oracle BI Presentation Services Privileges.

About User Authentication in Oracle BI Presentation Services

Authentication is the process of using a username and password to identify a someone who is logging on. Authenticated users are then given appropriate authorization to access a system, in this case Oracle BI Presentation Services. Oracle BI Presentation Services does not have its own authentication system; it relies on the authentication system built into the Oracle BI Server.

For more information about authentication, read About Oracle BI Presentation Services User Authentication.