Setting Up Object-Level Security

Oracle Internet Directory (OID) is the authentication provider instead of the default the embedded WebLogic LDAP Server provided with OBIEE 11g. Creating and managing users and groups must be completed in OID.

See Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1), Getting Started With Oracle Internet Directory.

After users and groups are created and mapped together, they will need to be mapped to Application Roles. BIConsumers, BIAuthors, or BIAdministrators are provided by default and have preconfigured privileges to access BI components (metadata repository and presentation catalog).

To map users and groups to Application Roles:

1. Start the Oracle Enterprise Manager (for example, http://localhost:7001/em).

   The Fusion Middleware Control login page displays.

2. On the Fusion Middleware Control login page, enter the Administrator for the Administrator field and welcome1 for the Password field, then click Login.

   Image: Oracle Enterprise Manager

   This example illustrates the fields and controls on the Oracle Enterprise Manager. You can find definitions for the fields and controls later on this page.

   

3. From the target navigation pane, expand the WebLogic Domain and right-click bifoundation_domain.

4. Select Security then Application Roles.

   Image: Oracle Enterprise Manager - Application Roles

   This example illustrates the fields and controls on the Oracle Enterprise Manager - Application Roles. You can find definitions for the fields and controls later on this page.

   

5. On the Application Roles page, select Select Application Stripe to Search, and select obi from the list.

   Image: Application Roles page - Application Stripe search

   This example illustrates the fields and controls on the Application Roles page - Application Stripe search. You can find definitions for the fields and controls later on this page.

   

6. Click the Search icon (next to the Role Name field).

7. Select an application role in the list and click Edit.

   Image: Application Roles page - Application role

   This example illustrates the fields and controls on the Application Roles page - Application role . You can find definitions for the fields and controls later on this page.

   

   The Edit Application Role page displays.

8. In the Edit Application Role page, click the Add Group icon.

   Image: Edit Application Role page

   This example illustrates the fields and controls on the Edit Application Role page. You can find definitions for the fields and controls later on this page.

   

   The Add Group page displays.

9. In the Add Group page, add the group that you want to assign to the Roles list

   Image: Add Group page

   This example illustrates the fields and controls on the Add Group page. You can find definitions for the fields and controls later on this page.

   

10. Click OK to continue, then click OK again on the Edit Application Role page.

See Oracle Fusion Middleware Security Guide for Oracle Business Intelligence Enterprise Edition 11g Release 1 (11.1.1), Managing Security Using the Default Security Configuration, Creating and Managing Application Roles and Application Policies Using Fusion Middleware Control.

To modify metadata repository privileges:

1. Open the repository in the Oracle BI Administration Tool.

2. In the Presentation panel, navigate to the subject area or sub-folder for which you want to set permissions.

3. Right-click the subject area and select Properties to display the properties dialog.

   Image: Properties Dialog

   This example illustrates the fields and controls on the Properties Dialog. You can find definitions for the fields and controls later on this page.

   

4. Click Permissions to display the Permissions dialog.

   Image: Permissions dialog

   This example illustrates the fields and controls on the Permissions dialog. You can find definitions for the fields and controls later on this page.

   

5. Select Read, Read/Write, No Access, or Default for each Application Role or user you wish to modify.

   It is best practice to only modify the Application Roles.

6. Click OK to continue, then click OK again on the properties dialog.

7. Save your changes.

See Oracle Fusion Middleware Security Guide for Oracle Business Intelligence Enterprise Edition 11g Release 1 (11.1.1), Managing Security Using the Default Security Configuration, Managing Metadata Repository Privileges Using the Oracle BI Administration Tool.

To modify presentation services catalog privileges:

1. Log in to Oracle Business Intelligence as a user with Administrator privileges.

2. From the Home page in Presentation Services, select Administration to display the Administration page.

3. In the Security area, select Manage Privileges to display the Manage Privileges page.

4. Click an Application Role next to the privilege that you want to edit.

   Image: Manage Privileges page

   This example illustrates the fields and controls on the Manage Privileges page. You can find definitions for the fields and controls later on this page.

   

   The Privilege page displays.

5. In the Privilege page, add or change permissions for an Application Role.

   Image: Privilege page

   This example illustrates the fields and controls on the Privilege page. You can find definitions for the fields and controls later on this page.

   

6. Click OK to save your changes.

See Oracle Fusion Middleware Security Guide for Oracle Business Intelligence Enterprise Edition 11g Release 1 (11.1.1), Managing Security Using the Default Security Configuration, Managing Metadata Repository Privileges Using the Oracle BI Administration Tool.