Oracle® Business Intelligence Presentation Services Administration Guide > Managing Oracle BI Presentation Services Security >
About Presentation Services Groups and Session Variables
If the Oracle BI Server is using an external table or LDAP server for authentication, you must configure system session variables in the repository.
A session variable block contains the SQL statement that is issued when each session begins. This block can contain system session variables with fixed meanings (such as USER, GROUP, DISPLAYNAME, and WEBGROUP) and other non-system session variables unique to your particular environment. For more information about using session variables, read Oracle Business Intelligence Server Administration Guide.
You should also create a Presentation Services group to match each possible value returned in the GROUP or WEBGROUPS variable for which you want to control privileges and permissions to Oracle BI Presentation Services components and requests.
This section contains the following topics:
About the Oracle Business Intelligence GROUP Session Variable
The GROUP variable contains one or more group names, separated by semicolons, that are also used by the Oracle BI Server for security and content filtering. In many cases, these same groups are sufficient to control access to Oracle BI Presentation Services content. Prebuilt applications have been preconfigured to use this GROUP variable technique to inherit group memberships from the Oracle BI Server.
About the Oracle Business Intelligence WEBGROUPS Session Variable
The WEBGROUPS session variable has greater flexibility, because you can define Presentation Services groups that categorize the roles, or classes, of Oracle BI Presentation Services users. For example, you might create the following groups:
- A Basic group that can only access the dashboard.
- A Standard group that has minimal access to Answers.
- A Power Users group that has full access to Answers and minimal access to iBots (Delivers).
- An Administrative group with full access to all features.
Then use the privileges settings to set up the appropriate policies for each group. Keep in mind that each user can be associated with multiple "roles" by being a member of multiple Presentation Services groups.
Setting Permissions and Privileges in Oracle BI Presentation Services
When you have set up the Presentation Services groups, create a Presentation Catalog folder structure and assign appropriate privileges and permissions to each group. Keep in mind that each user can be associated with multiple roles by being a member of multiple Presentation Services groups. Although WEBGROUPS can be used to control access to Presentation Catalog content (permissions), usually GROUP controls content and WEBGROUPS controls the ability to perform actions (privileges).
NOTE: Some GROUPs may not have corresponding Oracle BI Presentation Services content. In this case, when you create the group, you can delete the group folder created for the group in the /Shared folder, and give the group permission to the other group folders and subject area folders as appropriate.
For more information about the sequence in which to set up security, read Guidelines for Configuring Oracle BI Presentation Services Security for the Presentation Catalog and Dashboards.
For more information about permissions, read About Setting Oracle BI Presentation Services Permissions.
For more information about privileges, read About Setting Oracle BI Presentation Services Privileges.