New Features in Oracle Business Intelligence Security

This preface describes changes in securing Oracle Business Intelligence Enterprise Edition 11g Release 1 (11.1.1). If you are upgrading to Oracle Business Intelligence from a previous release, read the following information carefully, because there are significant differences in features, tools, and procedures.

New Features

New features for securing Oracle Business Intelligence include:

Integrated with Fusion Middleware Security Model

All components of Oracle Business Intelligence are fully integrated with Oracle Fusion Middleware security architecture. Oracle Business Intelligence authenticates users using an Oracle WebLogic Server authentication provider against user information held in an identity store. User and group information is no longer held within the repository (RPD) and the upgrade process migrates repository users and groups to become users and groups in Oracle WebLogic Server embedded directory server, which is the default identity store. Oracle Business Intelligence defines it's security policy in terms of Application Roles held in a policy store and stores credentials in a credential store. For more information, see Chapter 1, "Introduction to Security in Oracle Business Intelligence".

Direct Access to LDAP Servers

Oracle BI Delivers now accesses information about users, their groups, and email addresses directly from the configured identity store. In many cases this completely removes the need to extract this information from your corporate directory into a database and configure SA Subject System Area to enable all Delivers functionality. SA System Subject Area is still supported for backward compatibility. For more information, see Chapter 2, "Managing Security Using the Default Security Configuration".

Simplified SSL Configuration

Configuring Oracle Business Intelligence to use SSL for communication between processes in the middle-tier has been greatly simplified. In addition, a trusted system identity, rather than the Administrator's identity, is used to establish trust between Oracle Business Intelligence processes. This allows an administrative user to change their password without any impact on middle-tier communications. For more information, see Chapter 5, "SSL Configuration in Oracle Business Intelligence" and Chapter 2, "Managing Security Using the Default Security Configuration".

Improved Model for Managing Administrative Privileges

In 11g any named user can be granted administrative permissions if desired. This compares to 10g where there was a single user with administrative permissions who was named Administrator. For more information, see Appendix B, "Understanding the Default Security Configuration".

Repository Protection and Encryption

The repository is protected by a password and the same password is used to encrypt its contents. For more information, see Section B.6.2, "Planning to Upgrade a 10g Repository".