Setting Up Object-Level Security
This section discusses how to complete the following tasks to set up object-level security for the Fusion Campus Solutions Intelligence application. You can achieve object-level security by mapping users and groups to Application Roles with access to specific Oracle BI Administration Tool objects and Oracle BI Presentation Catalog objects.
Creating and Managing Users and Groups
Oracle Internet Directory (OID) is the authentication provider instead of the default the embedded WebLogic LDAP Server provided with OBIEE 11g. Creating and managing users and groups must be completed in OID.
See Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1), Getting Started With Oracle Internet Directory.
Mapping Users and Groups to Application Roles
After users and groups are created and mapped together, they will need to be mapped to Application Roles. BIConsumers, BIAuthors, or BIAdministrators are provided by default and have preconfigured privileges to access BI components (metadata repository and presentation catalog).
Note: New groups and Application Roles can be created if the defaults (BIConsumers, BIAuthors, or BIAdministrators) do not meet your business requirements.
To map users and groups to Application Roles:
Start the Oracle Enterprise Manager (for example, http://localhost:7001/em).
The Fusion Middleware Control login page displays.
On the Fusion Middleware Control login page, enter the Administrator for the Administrator field and welcome1 for the Password field, then click Login.
Image: Oracle Enterprise Manager
This example illustrates the fields and controls on the Oracle Enterprise Manager. You can find definitions for the fields and controls later on this page.
From the target navigation pane, expand the WebLogic Domain and right-click bifoundation_domain.
Select Security then Application Roles.
Image: Oracle Enterprise Manager - Application Roles
This example illustrates the fields and controls on the Oracle Enterprise Manager - Application Roles. You can find definitions for the fields and controls later on this page.
On the Application Roles page, select Select Application Stripe to Search, and select obi from the list.
Image: Application Roles page - Application Stripe search
This example illustrates the fields and controls on the Application Roles page - Application Stripe search. You can find definitions for the fields and controls later on this page.
Click the Search icon (next to the Role Name field).
Select an application role in the list and click Edit.
Image: Application Roles page - Application role
This example illustrates the fields and controls on the Application Roles page - Application role . You can find definitions for the fields and controls later on this page.
The Edit Application Role page displays.
In the Edit Application Role page, click the Add Group icon.
Image: Edit Application Role page
This example illustrates the fields and controls on the Edit Application Role page. You can find definitions for the fields and controls later on this page.
The Add Group page displays.
In the Add Group page, add the group that you want to assign to the Roles list
Image: Add Group page
This example illustrates the fields and controls on the Add Group page. You can find definitions for the fields and controls later on this page.
Click OK to continue, then click OK again on the Edit Application Role page.
See Oracle Fusion Middleware Security Guide for Oracle Business Intelligence Enterprise Edition 11g Release 1 (11.1.1), Managing Security Using the Default Security Configuration, Creating and Managing Application Roles and Application Policies Using Fusion Middleware Control.
Managing Metadata Repository Privileges
To modify metadata repository privileges:
Open the repository in the Oracle BI Administration Tool.
In the Presentation panel, navigate to the subject area or sub-folder for which you want to set permissions.
Right-click the subject area and select Properties to display the properties dialog.
Image: Properties Dialog
This example illustrates the fields and controls on the Properties Dialog. You can find definitions for the fields and controls later on this page.
Click Permissions to display the Permissions dialog.
Image: Permissions dialog
This example illustrates the fields and controls on the Permissions dialog. You can find definitions for the fields and controls later on this page.
Select Read, Read/Write, No Access, or Default for each Application Role or user you wish to modify.
It is best practice to only modify the Application Roles.
Click OK to continue, then click OK again on the properties dialog.
Save your changes.
See Oracle Fusion Middleware Security Guide for Oracle Business Intelligence Enterprise Edition 11g Release 1 (11.1.1), Managing Security Using the Default Security Configuration, Managing Metadata Repository Privileges Using the Oracle BI Administration Tool.
Managing Presentation Services Catalog Privileges
To modify presentation services catalog privileges:
Log in to Oracle Business Intelligence as a user with Administrator privileges.
From the Home page in Presentation Services, select Administration to display the Administration page.
In the Security area, select Manage Privileges to display the Manage Privileges page.
Click an Application Role next to the privilege that you want to edit.
Image: Manage Privileges page
This example illustrates the fields and controls on the Manage Privileges page. You can find definitions for the fields and controls later on this page.
The Privilege page displays.
In the Privilege page, add or change permissions for an Application Role.
Image: Privilege page
This example illustrates the fields and controls on the Privilege page. You can find definitions for the fields and controls later on this page.
Click OK to save your changes.
See Oracle Fusion Middleware Security Guide for Oracle Business Intelligence Enterprise Edition 11g Release 1 (11.1.1), Managing Security Using the Default Security Configuration, Managing Metadata Repository Privileges Using the Oracle BI Administration Tool.