Skip Headers
Oracle® Fusion Middleware Security Guide for Oracle Business Intelligence Enterprise Edition
11g Release 1 (11.1.1)

Part Number E10543-06
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
PDF · Mobi · ePub

Index

A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  R  S  T  U  V  W 

A

privileges
access rights, 2.4.3
controlling, 2.4.2.2
accessing
Fusion Middleware Control, 1.6.2
obi stripe, 1.6.2
Oracle WebLogic Server Administration Console, 1.6.1
Active Directory
configuring as authentication provider, 3.4.2
Add Permission dialog, 2.4.3
add-in for Microsoft Office, D.2.3.3.2
Administration Console
accessing, 1.6.1
Provider Specific tab, 4.4.1
Provider Specific tab settings, 3.4.1, 3.4.2
to launch, 1.6.1
Administration Page in Oracle BI Presentation Presentation Services
tools, 1.6.4
Administration pages, D.2.1
Administration Server, B.2
Administrator user, creation during upgrade, B.6.1.1
Administrators group,upgrade, B.6.1.1
application policies
creating, 2.4.3
Application Policies page, 2.4.3, 2.4.3
application policies page, 2.4.1, 2.4.1
Application Policy
how to create, 2.4.3
how to modify, 2.4.4.1
application policy, 2.4.3
about, B.3
changing permission grants, 2.4.4.1
copying, 2.4.3
creating by copying, 2.4.3
application policy,definition, B.3
application role, 2.4.4
about, B.3
add or remove members, 2.4.4.2
changing membership, 2.4.4.2
copying, 2.4.2.2
creating, 2.4.2.2, 2.4.2.2, 2.4.2.3
creating by copying, 2.4.2.2
how to create, 2.4.2.2
how to map to a group, 2.4.2.3
how to modify, 2.4.4.2
in repository, 2.4.2.1
mapping privileges, 2.6.3
mapping privileges programmatically, 2.6.3
placeholder, 2.4.2.1
valid members, 2.4.2.2
application role mapping,definition, B.3
application role, localising display name, B.3
application role,definition, B.3
application roles
benefits, 2.4.2.1
creating, 2.4.2.1
default, 2.4.1, 2.4.2.2, 2.4.2.3
example, 1.4.1, 2.2
how to map privileges to, 2.6.3
inheritance, D.3
minimum required to run Oracle Business Intelligence, B.4.1.2, B.4.1.2
permissions and privileges, D.1.3
user membership, 2.6.1
working with default, 2.1
application roles page, 2.4.1, 2.4.1
authenticated role, A.2.1, B.4.1.2
authentication
LDAP, 1.3
authentication error, 3.5.1, 3.6, 3.8
authentication options
authentication, about, A.1
authentication, order of, A.1.4
external table authentication, about, A.1.2
external table authentication, setting up, A.1.2
LDAP authentication, about, A.1.1, A.1.1
LDAP authentication, setting up, A.1.1.2
ROLES session system variable, defining for database authorization, A.2.3
See also security
USER session system variable, defining for LDAP authentication, A.1.1.2
authentication provider
about, B.3
configuring Active Directory, 3.4.2
configuring Oracle Internet Directory, 3.4.1, 3.4.1
authentication providers
configuring one or more alternatives, 3
authenticator
about, A.1.5
custom authentication, about, A.1.5
definition, A.1.5
authorization, using initialization blocks, A.2.3

B

best practice
creating application roles, 2.4.2.1
HTTP and HTTPS listeners, 5.3.3
managing Presentation Services privileges, 2.6.1
mapping groups, 2.4.4.2
policy store, 2.4
SSL certificates, 5.3.4.2, 5.3.4.2
SSO authentication, 4
update GUID attribute value, 3.6
update user GUIDs, 3.5.1, 3.8
BI Presentation Server
privileges, 2.6.1
BI Publisher
data source access permissions, managing, 2.7
BI Server
role in SSO, 4.2.2
BIAdministrator role, B.4.1.2
BIAdministrators
example, 1.4.1
BIAuthor role, B.4.1.2
BIAuthors
example, 1.4.1
BIConsumer role, B.4.1.2
BIConsumers
example Group, 1.4.1
BIDomain MBeans, 5.3.4.1
bifoundation_domain, 2.4.1, 2.8, 3.4.5, 3.5.1, 3.6, B.2
BISystem role, B.4.1.2
BISystemUser
configuring, 3.7
must configure if changing system user, trusted user, 3.7

C

cache
clearing, D.2.4
case sensitive,key, B.4.3.1
Catalog groups, D.2.2, D.2.2
adding to an existing group, D.2.2.3
creating, D.2.2.1
inheritance, D.3
precedence, B.4.4.2
replacing with corresponding application roles, before deleting, 2.6.3
upgraded systems, 2.6.1
caution
BISystem application role, 2.4.4.2
SSL prerequisites, 5.3.4
caution, system-jazn-data.xml file, 2.4
certificate keys
creating, 5.2.2
certification information, Preface
changing, 2.4.4
application role, 2.4.4
configuring
Web server for SSL, 5.3.3
Control Flag settings, 3.4.6
controlling permission grants, 2.4.2.2
copy
application policy, 2.4.3
copying
application policy, 2.4.3
application role, 2.4.2.2, 2.4.2.2
coreapplication, 2.4.1, 2.4.1, 3.4.7.1, 3.4.7.1
create
application policy, 2.4.3
application policy by copying, 2.4.3
Create Application Grant Like dialog, 2.4.3
create application role by copying, 2.4.2.2
Create Application Role Like page, 2.4.2.2
Create Application Role page, 2.4.2.2
Create Like button, 2.4.3
creating
application policies, 2.4.3
application role, 2.4.2.2, 2.4.2.2, 2.4.2.3
application roles, 2.4.2.1
certificate keys for SSL, 5.2.2
credential map
oracle.bi.enterprise, 5.2.3
trusted user, 3.7
credential store
migrating, 3.9
credential store provider
about, 1.9
configuring LDAP-based, 3.9
custom sso environments
configuring, 4.5
cwallet.sso file, B.4

D

dashboards
saved customizations, D.5
data source access permissions
managing using BI Publisher, 2.7
databases,supported, Preface
default
application roles, 2.4.1, 2.4.2.2, 2.4.2.3
location of policy store, 2.4
policy store, 3.9
Presentation Services privileges, 2.6.2
default directory server
change password, 2.3.5
creating a user, 2.3.2
default security configuration
default security provider configuration, B.4
implementing, B.4
default security providers, B.4
default users, groups, application roles, 2.1
default Users,Groups,Application Roles
diagram of, 2.1
default,credentials, B.4.3.1
DefaultAuthenticator, B.4
defaut directory server
creating Groups, 2.3.3
deleting
Catalog groups, D.2.2.2
Catalog groups, after replacing with corresponding application roles, 2.6.3
domain
about, B.2.2
relationship with Oracle WebLogic Server, B.2
downloading
Oracle BI Add-in for Microsoft Office, D.2.3.3.2
dynamically loadable authenticator framework
definition, A.1.5

E

enabling users to act for others, D.6
Everyone Presentation Services Catalog group, A.2.1
example
Add Group dialog, 2.4.4.2
Application Roles page, 2.4.4.2
BIAdministrators, 1.4.1
BIAuthors Group, 1.4.1
BIConsumers Group, 1.4.1
configuring demonstration SSL certificate, 5.3.3
Edit Application Role page, 2.4.4.2
incorrect trust store error message, 5.3.3
new application role, 2.4.3
new application role by copying, 2.4.2.2
SSL report output, 5.3.4.6
example users, groups, application roles, 1.4.1, 2.2
external table authentication
about, A.1.2
setting up, A.1.2

F

Fusion Middleware Control
accessing, 1.6.2
System MBean Browser, 5.3.4

G

grantee, 2.4.3
Groups
creating, 2.3.3
definition, 1.9
inheritance, 2.6.1
groups
adding to existing, D.2.2.3
Catalog groups, D.2.2
example, 1.4.1, 2.2
how to map to an application role, 2.4.2.3
working with default, 2.1
Groups, working with
See also authentication options
GUID attribute value
authentication errors, 3.6
updating, 3.6
GUIDs
authentication errors, 3.5.1, 3.8
updating user, 3.5.1, 3.8

H

high availability of embedded WLS LDAP identity store
by configuring the virtualize attribute value, 2.8
how to setup security
detailed steps, 1.7

I

identity asserter, 4.2.1, 4.4.2
Identity Manager, 2.5.1
overview to using, 2.5.1
identity store
about, 1.9
new authenticator, 4.4.1
initialization blocks, using to set up authorization, A.2.3
installed Users,Groups,Application Roles
diagram of, 2.1

J

Java security model, B.2
javax.net.sll.trustStorePassword, 5.3.3
javax.net.ssl.trustStore, 5.3.3
Job Manager
configuring, 5.4.2

K

key,case sensitive, B.4.3.1

L

launching
Administration Console, 1.6.1
LDAP
See Lightweight Directory Access Protocol (LDAP)
LDAP credential store, 3.9
Lightweight Directory Access Protocol (LDAP)
authentication, about, A.1.1, A.1.1
authentication, setting up, A.1.1.2
USER session system variable, defining for LDAP authentication, A.1.1.2, A.2.3
list of security terms, 1.9

M

managing
application roles, 2.4.4
Presentation Services privileges, 2.6.1
mapping,definition, B.3
members
changing in application role, 2.4.4.2
memory requirements, Preface
metadata repository
overview to managing security in, 2.5.1
migrate
users and groups from default embedded WLS LDAP to alternative authentication provider, 2
migrating
credential store, 3.9
policy store, 3.9
minimum disk space, Preface
modifying
application role, 2.4.4
multiple authentication providers
configuring the virtualize custom property, 3.4.5
multiple authenticators
configuring for SSL, 5.4.6
mutual SSL authentication, 5.2.1

N

new
application policy, 2.4.3

O

obi stripe, 2.4.3
pre-selected, 1.6.2, 2.4.1
obi stripe pre-selected, 2.4.1
ODBC DSN, 5.4.5
OES Basic
replacing OPSS, 3.9, B.2.1
offline repository development, 2.4.2.1
operating systems, supported, Preface
OPSS
replaced by OES Basic, 3.9, B.2.1
OPTIONAL flag, 3.4.6
Oracle BI
configuring Job Manager, 5.4.2
Oracle BI Administration Tool
overview to using, 2.5.1
tools, 1.6.3
Oracle BI Presentation Server
role in SSO, 4.2.2
Oracle Business Intelligence
new features, Preface
Oracle Entitlements Server Basic (OES Basic), 3.9
Oracle Fusion Middleware Control
tools, 1.6.2
Oracle Fusion Middleware security model
about, B.2
Oracle Identity Store (OID)
what it is, 1.3
Oracle Internet Directory
configuring as authentication provider, 3.4.1, 3.4.1
Oracle Platform Security Services (OPSS), B.2.1
Oracle WebLogic Server
configuring a new asserter, 4.4.2
configuring a new authenticator, 4.4.1
configuring for SSL, 5.3.3
configuring new authenticator, 4.4.1
deploying security with, 2
domain, B.2
Oracle WebLogic Server Administration Console
summary, 1.6.1
oracle.bi.enterprise credential map, 5.2.3
overview
setup steps, 1.7

P

password
change user, 2.3.5
permission grants
changing in application policy, 2.4.4.1
permissions, 2.4.3
adding, 2.4.3
inheritance, D.3
inheritance rules, D.3.1
non-Oracle Business Intelligence, 2.4.3
saved customizations, D.5.2.2
users, D.1.3
placeholder for application role, 2.4.2.1
platforms, supported, Preface
policy store
about, 3.9
default, 3.9
managing, 2.4
migrating, 3.9
policy store provider
about, 1.9
precedence
Catalog groups, B.4.4.2
Presentation Services privileges, 2.6.2
Presentation Services
Administration pages, D.2.1
Catalog groups, D.2.2
managing sessions, D.2.4
security, D.1
Presentation Services privileges
about, 2.6.2
Presentation Services privileges and Oracle BI Presentation Catalog permissions, B
privileges
default assignments, D.2.3.3
defined, D.2.3.1
inheritance, D.3
inheritance rules, D.3.1
managing, D.2.3
managing Presentation Services, 2.6.1
saved customizations, D.5.2.1
setting, D.2.3.2
users, D.1.3
Provider Specific tab, 3.4.1, 3.4.2, 4.4.1
proxy
impersonated user can display delegate users in Analytics, D.6.2
proxy levels for users, D.6.2
public and private keys, 5.2.1

R

repositories
new user, adding to, 2.5.2
REQUIRED flag, 3.4.6
requirements, system, Preface
REQUISITE flag, 3.4.6
reset password for default RPD file, 1.7
roadmap for security setup, 1.1
role
authenticated, B.4.1.2
BIAdministrator, B.4.1.2
BIAuthor, B.4.1.2
BIConsumer, B.4.1.2
BISystem, B.4.1.2
RPD
reset password, 1.7
RSS feed with SSO, authenticating
troubleshooting, C.7

S

SampleApp code, A.1.5
SASchInvoke, 5.4.1
saved customizations, D.5
administration, D.5.2
folder structure, D.5.2.2.3
permissions, D.5.2.2
privileges, D.5.2.1
security
Catalog groups, D.2.2
configuration tools summary, 1.6, 1.6
detailed setup steps, 1.7
goals, D.1.2
overview, 1.7
Presentation Services, D.1
repository, adding new user to, 2.5.2
See also authentication options
settings location, D.1.1
terminology, 1.9
security framework
about, B.2
Oracle Platform Security Services (OPSS), B.2.1
Security menu
accessing, 2.4.1, 2.4.1, 2.8, 3.4.5, 3.4.7.1, 3.4.7.1, 3.5.1, 3.6
security menu, 2.4.1
security provider
about, 1.9
security realm
about, 1.9
security setup Roadmap, 1.1
Session Manager
See also query environment, administering
active query, killing, A.1.7.1
disconnecting a user from a session, A.1.7.1
Session Window fields (table), A.1.7.1
session, viewing, A.1.7.1
update speed, controlling, A.1.7.1
using, about, A.1.7.1
session variables
for proxy functionality, D.6.3.2
sessions
managing, D.2.4
SiteMinder
SSO configuration, 4.5
SMTP server, configuring for SSL, 5.3.2
SSL
about, 5.2
Administration Tool, 5.4.4
Catalog Manager, 5.4.3
certificate files, 5.3.4.4
certificate keys, 5.2.2
cipher suite options, 5.5
commit configuration, 5.3.4.3
configuring multiple authenticators for, 5.4.6
configuring SMTP server, 5.3.2
configuring the Web server, 5.3.3
confirming status using MBean Browser, 5.3.4.6
confirming status using report in Fusion Middleware Control, 5.3.1
credentials in oracle.bi.enterprise map, 5.3.4.4
default security level, 5.2.1
enabling the configuration for Oracle Business Intelligence, 5.3.4.5
expired certificates, 5.3.4.7
generating certificates, 5.3.4.2
in Oracle Business Intelligence, 5.2.1
locking the configuration, 5.3.4.1
manual configuration, 5.2.1
mutual authentication, 5.2.1
Oracle BI components involved, 5.2.1
prerequisites, 5.3.3
running status report using MBean Browser, 5.3.4.6
sample report output, 5.3.4.6
troubleshooting tip, 5.3.4.3.1
using System MBean Browser, 5.3.4
verifying certificates, 5.3.4.4
SSL configuration between Oracle BI components using Fusion Middleware Control, 5.3.1
SSL credential storage, 5.2.3
SSL Everywhere central configuration, 5.2.1
SSL, upgrading, B.6.1
SSL,troubleshooting, 5.3.4.6
SSO
about, 4.2
configuring a new authenticator, 4.4.1
configuring for custom environments, 4.5
configuring with Active Directory and Windows Native Authentication, 4.5
configuring with Oracle Access Manager, 4.4
configuring with SiteMinder, 4.5
considerations, 4.3
enabling for Oracle Business Intelligence, 4.6
identity asserter, 4.2.1
Oracle BI Presentation Services, 4.2.2
permission required for Administration Tool, 4.2
Provider Specific tab, 4.4.1
requirements, 4.2
Webgates, 4.2.1
startManagedWebLogic.sh, 5.3.3
SUFFICIENT flag, 3.4.6
supported installation types, Preface
system
session variables, about and LDAP authentication, A.1.1
variables, about and external table authentication, A.1.2
system requirements, Preface
system-jazn-data.xml file, 2.4, B.4

T

task map
configuring SSL, 5.1
configuring SSL between Oracle BI components, 5.3.4
configuring SSO authentication, 4.1
terminology, 1.9
tools
Administration Page in Oracle BI Presentation Services, 1.6.4
Oracle BI Administration Tool, 1.6.3
Oracle Fusion Middleware Control, 1.6.2
Oracle WebLogic Server, 2
Oracle WebLogic Server Administration Console, 1.6.1
summary of configuration tools for security, 1.6, 1.6
troubleshooting authenticating an RSS feed using SSO, C.7
troubleshooting SSO
configuring for custom environments for example Windows Native Authentication and Active Directory, SiteMinder, C.6
troubleshooting,SSL, 5.3.4.6
trusted user
changing for BIP JMS modules, 3.7
configuring, 3.7
create new user, 3.7

U

upgrade,Administrators group, B.6.1.1
upgraded systems
Catalog groups, 2.6.1
URL
Administration Console, 1.6.1
Fusion Middleware Control, 1.6.2
usage tracking, administering
See also Session Manager
user
add to group
default directory server, add user to group, 2.3.4
change password, 2.3.5
create, 2.3.2
user, definition, 1.9
users
enabling to act for others, D.6
example, 1.4.1, 2.2
new user, adding to repository, 2.5.2
proxy levels, D.6.2
working with default, 2.1
users and groups
migrate from default embedded WLS LDAP to alternative authentication provider, 2

V

variables, using
system session variables, about and LDAP authentication, A.1.1
system variables, about and external table authentication, A.1.2
virtualization functionality
configuring with SSL, 5.4.6
virtualize attribute value
configuring for HA of the embedded LDAP WLS identity store, 2.8
virtualize custom property
for configuring multpile authentication providers, 3.4.5

W

Web server, configuring for SSL, 5.3.3
Windows Native Authentication
configuring sso with Active Directory, 4.5