1/13
Contents
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
System Requirements and Certification
Conventions
New Features in Oracle Business Intelligence Security
New Features
1
Introduction to Security in Oracle Business Intelligence
1.1
High-level Roadmap for Setting Up Security In Oracle Business Intelligence
1.2
Overview of Security in Oracle Business Intelligence
1.3
About Authentication
1.4
About Authorization
1.4.1
About Application Roles
1.4.2
About the Security Policy
1.5
About the Users, Groups, and Application Roles Installed Out-Of-The-Box
1.6
What tools do I use to configure security in Oracle Business Intelligence?
1.6.1
Oracle WebLogic Server Administration Console
1.6.2
Oracle Fusion Middleware Control
1.6.3
Oracle BI Administration Tool
1.6.4
Administration Page in Oracle BI Presentation Catalog
1.7
Example: Looking at the Installed Users, Groups, and Application Roles
1.7.1
About Using Oracle WebLogic Server Administration Console
1.7.2
About using Oracle Enterprise Manager Fusion Middleware Control
1.7.3
About Using Oracle BI Administration Tool
1.7.4
About Using Administration Page in Oracle BI Presentation Catalog
1.8
Detailed List of Steps for Setting Up Security In Oracle Business Intelligence
1.9
Comparing the Oracle Business Intelligence 10
g
and 11
g
Security Models
1.10
Terminology
2
Managing Security Using the Default Security Configuration
2.1
Common Tasks for Managing Security Using the Default Security Configuration
2.2
Working with the default Users, Groups, and Application Roles Installed Out-Of-The-Box
2.3
An Example Security Setup Using the Installed Groups and Application Roles
2.4
Creating Users and Groups in the Embedded WebLogic LDAP Server
2.4.1
Overview to Setting Up Users, Groups, and Application Roles
2.4.1.1
How to map a User to a Default Group
2.4.1.2
How to create Your Own Groups and Application Roles
2.4.2
How to Launch Oracle WebLogic Server Administration Console
2.4.3
How to create a User in the Embedded WebLogic LDAP Server
2.4.4
How to create a Group in the Embedded WebLogic LDAP Server
2.4.5
How to add a User to a Group in the Embedded WebLogic LDAP Server
2.4.6
(Optional) How to change a User password in the Embedded WebLogic LDAP Server
2.5
Managing Application Roles and Application Policies Using Fusion Middleware Control
2.5.1
Starting Oracle Fusion Middleware Control and Locate the Pages for Managing Security
2.5.1.1
Overview
2.5.1.2
How to display the Security Menu from coreapplication
2.5.1.3
How to display the Security Menu from bifoundation_domain
2.5.2
Creating Application Roles Using Fusion Middleware Control
2.5.2.1
Overview to creating and managing Application Roles
2.5.2.2
How to Create an Application Role
2.5.2.3
How to map a Group to an Application Role
2.5.3
Creating Application Policies Using Fusion Middleware Control
2.5.4
Modifying Application Roles Using Oracle Fusion Middleware Control
2.5.4.1
Modifying the Permission Grants for an Application Role
2.5.4.2
Modifying Membership of an Application Role
2.6
Managing Metadata Repository Privileges
2.6.1
Overview
2.6.2
How to Set Repository Privileges for an Application Role
2.6.3
Advanced Security Configuration Topics
2.6.3.1
About Managing Application Roles in the Metadata Repository
2.7
Managing Presentation Catalog Privileges Using Application Roles
2.7.1
Overview
2.7.2
About Presentation Catalog Privileges
2.7.3
How to Set Catalog Privileges for an Application Role
2.7.4
Advanced Security Configuration Topics
2.7.4.1
About Encryption in BI Presentation Services
3
Configuring Oracle BI to use Oracle Internet Directory
3.1
Common Tasks for Deploying Security With Oracle Internet Directory
3.2
Configuring an Alternative Authentication Provider
3.2.1
How to Configure Oracle Internet Directory as an Authentication Store Provider
3.2.1.1
How to Configure Oracle Business Intelligence to use Oracle Internet Directory as an Authentication Provider
3.2.1.2
How to Configure the User Name Attribute in the Identity Store
3.2.1.3
Configure a New Trusted User (BISystemUser)
3.2.1.4
Refresh the User GUIDs
3.3
Configuring an Alternative Policy Store and Credentials Store
4
Enabling SSO Authentication
4.1
Common SSO Configuration Tasks for Oracle Business Intelligence
4.2
Understanding SSO Authentication and Oracle Business Intelligence
4.2.1
How an Identity Asserter Works
4.2.2
How Oracle Business Intelligence Operates With SSO Authentication
4.3
SSO Implementation Considerations
4.4
Configuring SSO in an Oracle Access Manager Environment
4.4.1
Configuring a New Authenticator for Oracle WebLogic Server
4.4.2
Configuring a New Identity Asserter for Oracle WebLogic Server
4.4.3
Using Fusion Middleware Control to Enable SSO Authentication
5
SSL Configuration in Oracle Business Intelligence
5.1
Common SSL Configuration Tasks for Oracle Business Intelligence
5.2
About SSL
5.2.1
SSL in Oracle Business Intelligence
5.2.2
Creating Certificates and Keys in Oracle Business Intelligence
5.2.3
Credential Storage
5.3
Configuring the Web Server to Use HTTPS Protocol
5.4
Configuring SSL Communication Between Components
5.4.1
Locking the Configuration
5.4.2
Generating the SSL Certificates
5.4.3
Commit the SSL Configuration Changes
5.4.3.1
Troubleshooting Tip
5.4.4
Verifying the SSL Credentials in the Credential Store
5.4.5
Enabling the SSL Configuration
5.4.6
Confirming SSL Status
5.4.7
Configuring the SMTP Server
5.4.8
Updating Expired SSL Certificates
5.5
Additional SSL Configuration Options
5.5.1
Using SASchInvoke and SchShutdown When BI Scheduler is SSL-Enabled
5.5.2
Configuring Oracle BI Job Manager
5.5.3
Online Catalog Manager
5.5.4
Configuring Oracle BI Administration Tool
5.5.5
Configuring an ODBC DSN for Remote Client Access
5.6
Advanced SSL Configuration Options
A
Alternative Security Administration Options
A.1
Alternative Authentication Options
A.1.1
Setting Up LDAP Authentication
A.1.1.1
Setting Up an LDAP Server
A.1.1.2
Defining a USER Session Variable for LDAP Authentication
A.1.1.3
Setting the Logging Level
A.1.2
Setting Up External Table Authentication
A.1.3
About Oracle BI Delivers and External Initialization Block Authentication
A.1.4
Order of Authentication
A.1.5
Authenticating by Using a Custom Authenticator Plug-In
A.1.6
Managing Session Variables
A.1.7
Managing Server Sessions
A.1.7.1
Using the Session Manager
A.2
Alternative Authorization Options
A.2.1
Changes Affecting Security in Presentation Services
A.2.2
Managing Presentation Catalog Privileges Using Catalog Groups
B
Understanding the Default Security Configuration
B.1
About Securing Oracle Business Intelligence
B.2
About the Security Framework
B.2.1
Oracle Platform Security Services
B.2.2
Oracle WebLogic Server Domain
B.3
Key Security Elements
B.4
Default Security Configuration
B.4.1
Default Policy Store Provider
B.4.1.1
Default Permissions
B.4.1.2
Default Application Roles
B.4.1.3
Default Application Roles, Permission Grants, and Group Mappings
B.4.2
Default Authentication Provider
B.4.2.1
Default Groups and Members
B.4.2.2
Default Users and Passwords
B.4.3
Default Credential Store Provider
B.4.3.1
Default Credentials
B.4.4
How Permissions Are Granted Using Application Roles
B.4.4.1
Permission Inheritance and Role Hierarchy
B.4.4.2
Presentation Catalog Groups and Precedence
B.5
Common Security Tasks After Installation
B.5.1
Common Security Tasks to Evaluate Oracle Business Intelligence
B.5.2
Common Security Tasks to Implement Oracle Business Intelligence
B.6
About the Default Security Configuration After Upgrade
B.6.1
Security-Related Changes After Upgrading
B.6.1.1
Changes Affecting the Identity Store
B.6.1.2
Changes Affecting the Policy Store
B.6.1.3
Changes Affecting the Default Repository File
B.6.1.4
Changes Affecting the Oracle BI Presentation Catalog
B.6.2
Planning to Upgrade a 10
g
Repository
B.6.3
Upgrading an Existing SSL Environment
B.6.4
Upgrading an Existing SSO Environment
C
Troubleshooting Security in Oracle Business Intelligence
C.1
Resolving Inconsistencies With the Identity Store
C.1.1
User is Deleted From the Identity Store
C.1.2
User is Renamed in the Identity Store
C.1.3
User Name is Reused in the Identity Store
C.2
Resolving Inconsistencies With the Policy Store
C.2.1
Application Role Was Deleted From the Policy Store
C.2.2
Application Role is Renamed in the Policy Store
C.2.3
Application Role Name is Reused in the Policy Store
C.2.4
Application Role Reference is Added to a Repository in Offline Mode
C.3
Resolving SSL Communication Problems
C.4
Resolving Issues with BISystemUser Credentials
Index
Scripting on this page enhances content navigation, but does not change the content in any way.