Skip Headers
Oracle® Argus Insight Installation Guide
Release 8.0
E49997-03
  Go To Table Of Contents
Contents

Previous
Previous
 
Next
Next
 

6 Configuring the BIP Environment

Once you have installed the BI Publisher (BIP), you need to configure certain settings to be able to view the available reports in BIP. This chapter introduces you with the steps to make those configuration changes using BIP.

This chapter includes the following topics:

6.1 Uploading the Argus Insight.xdrz file to BIP


Note:

You must be logged in to BIP with the BI Admin User credentials to be able to upload the Argus Insight.xdrz file. You can refer to Table 6-4 for more information on the BI Admin User.

To upload the Argus Insight.xdrz file to BIP, execute the following steps:

  1. Copy the Argus Insight.xdrz file from the following location on the Argus Insight Web Server to the local file system:

    Drive:\<Argus Insight Installation Folder>\ArgusInsight\BIP\Repository

  2. Log on to BIP using the BI Admin User credentials.

    The BIP home page appears.

  3. From the menu bar, click Catalog.

    Surrounding text describes catalog.gif.

    The Catalog screen with the Folders and Tasks sections appears.

  4. From Folders section in the left pane, click Shared Folders.

    Surrounding text describes sharedfolders.gif.
  5. From Tasks section in the left pane, click Upload.

    Surrounding text describes uploadfile.gif.

    The Upload dialog box appears.

  6. Click Browse and navigate to the location where you have saved the Argus Insight.xdrz file on the local file system.

  7. Click Upload.

    After successful upload, an Argus Insight folder is created in Shared Folders.

  8. Expand the Argus Insight folder to verify that the Generic Line Listing Data Model exists in the Data Models sub-folder and the Generic Line Listing Report in LE and RTF formats exists in the Reports sub-folder.

    Surrounding text describes linelistingreports.gif.

6.2 Creating PRMART JDBC Connection

If you are installing BIP on a Windows machine, the TNS entry of Argus Insight must be added in TNSNAMES.ora file of the BIP Web Server.

If BIP is installed on a Linux machine, no modifications to the TNSNAMES.ora file are required.

When you have uploaded the Argus Insight.xdrz file to BIP, you also need to create a connection between the BIP and the database.

To connect the BIP and the database, execute the following steps:

  1. Log on to BIP using the administrator credentials.

    The BIP home page appears.

  2. From top-menu, click Administration.

    Surrounding text describes administration.gif.
  3. In the Data Sources section, click JDBC Connection.

    Surrounding text describes jdbcconnection.gif.

    The Data Sources screen appears.

  4. Click Add Data Source.

    Surrounding text describes adddatasource.gif.
  5. In the Add Data Source section:

    1. In the Data Source Name field, enter PRMART.

    2. From the Driver Type drop-down list, select the database.

      The Database Driver Class field is auto-populated based on the selected Driver Type.

    3. In the Connection String field, enter the connection string.

      You must enter all the details in lower case in this field.

    4. In the Username field, enter the username (Argus Insight application DB user, for example, apr_app) to connect to the database.

    5. In the Password field, enter the password for the user.

    6. Click Test Connection.

      Surrounding text describes testconnection.gif.

      If successful, a confirmation message appears.

  6. Click Apply.

    The PRMART Data Source in the list of already existing data source names appears.

    Surrounding text describes datasourcenames.gif.

    A connection between BIP and the database is successfully created.

6.3 Managing Users and Roles: BI Publisher Security Model

When you have uploaded the Argus Insight.xdrz file to BIP and created the JDBC connection, you can start creating the users for the BI Publisher Security Model.

This section introduces you to the steps that you need to execute to create users, assign the roles and permissions to those users, and configure server settings for the BI Publisher Security Model.

This section comprises the following sub-sections:

6.3.1 Configuring Server Settings


Note:

When using file systems such as NFS, Windows, or NAS for the repository, ensure that the file system is secured.

To configure the server settings for the BI Publisher Security Model, execute the following steps:

  1. Log on to BIP using the administrator credentials.

    The BIP home page appears.

  2. From top-menu, click Administration.

    Refer to Section 6.2 > Step 2.

  3. In the System Maintenance section, click Server Configuration.

    Surrounding text describes userroles29.jpg.

    The Server Configuration screen appears.

  4. In the Catalog section, from the Catalog Type drop-down list, select Oracle BI Publisher - File System.

    If the Catalog Type is not Oracle BI Publisher - File System, the folder level permission settings cannot be done in BIP. Refer to the BIP Technical Reference document for more information.


    Note:

    Only Oracle BI Publisher - File System is supported in this release.

  5. Enter the path where all BIP folders, data models, and BIP reports will be stored in the BIP server.

    Surrounding text describes userroles30.jpg.
  6. Click Apply to save the changes.

  7. Restart the BI server.


    Note:

    Because the repository is in the file system, the case sensitivity of folder and Report Names is determined by the platform on which you run BIP. For Windows-based environments, the repository object names are not case-sensitive. For UNIX-based environments, the Repository Object Names are case-sensitive.

For more information, refer to the Oracle BIP Administrator's Guide > Configuring Server Properties section.

6.3.2 Creating Users and Assigning Roles to Users

To create users and assign the required roles to the users in the BIP Security Model, execute the following steps:

  1. Log on to BIP using the administrator credentials.

    The BIP home page appears.

  2. From top-menu, click Administration.

    Refer to Section 6.2 > Step 2.

  3. In the Security Center section, click Users.

    Surrounding text describes userroles24.jpg.

    The Users screen appears.

  4. Click Create User.

    Surrounding text describes userroles25.jpg.

    The Create User screen appears.

  5. In the Username field, enter the name of the user.

  6. In the Password field, enter the password.

  7. Click Apply.

    The name of the user appears in the list of existing users.

    When you have created the user, you need to assign the required roles to the user.

  8. Click the Assign Roles icon corresponding to the user that you have created.

    Surrounding text describes userroles27.jpg.

    The Assign Roles screen appears.

    The BIP system roles such as BI Publisher Administrator, BI Publisher Excel Analyzer, BI Publisher Online Analyzer, BI Publisher Developer, BI Publisher Scheduler, and BI Publisher Template Designer are available by default along with the custom roles (if any) that have been created by you.

    See Section 6.3.3, "Creating Roles, Adding Data Sources, and Assigning Roles" for the steps to create custom roles.

    For more information on system roles, refer to Understanding BI Publisher's Users, Roles, and Permissions in Administrator's Guide for Oracle Business Intelligence Publisher.

  9. From the Available Roles section, select the role that you want to assign to the user, and click Move(>) to move the selected role to the Assigned Roles section.

    Surrounding text describes userroles28.jpg.
  10. Click Apply.

    The selected roles are assigned to the user.

    For the list of users that you need to configure using BIP, refer to Section 6.5, "Configuring BIP Users and Roles: Oracle Fusion Middleware Security Model".

6.3.3 Creating Roles, Adding Data Sources, and Assigning Roles

In addition to creating users and assigning them the required roles, you also need to create certain roles, add data sources, and assign them the required roles.

To create roles, add data sources, and assign them the required roles, execute the following steps:

  1. Log on to BIP using the administrator credentials.

    The BIP home page appears.

  2. From the top-menu, click Administration.

    Refer to Section 6.2 > Step 2.

  3. In the Security Center section, click Roles and Permissions.

    Surrounding text describes userroles46.jpg.

    The Roles and Permissions screen appears.

  4. Click Create Role.

    Surrounding text describes userroles32.jpg.

    The Create Role screen appears.

  5. Enter the Name and Description of the role, and click Apply.

    The new role is created and appears in the list of existing roles in the Roles and Permissions screen.

  6. Click Add Data Sources icon, corresponding to the role which you have just created.

    Surrounding text describes userroles34.jpg.

    The Add Data Sources screen appears.

  7. Form Available Data Sources section, select PRMART, and click Move(>) to move it to the Allowed Data Sources section.

    Surrounding text describes userroles35.jpg.
  8. Click Apply to save the changes.

    The Roles and Permissions screen appears.

    See Section 6.2, "Creating PRMART JDBC Connection" for the steps to create the JDBC connection.

  9. Click the Add Roles icon, corresponding to the role which you have just created to add the required roles.

    The Add Roles screen appears.

  10. From the Available Roles section, select the roles that you want to include, and click Move(>) to move the selected roles to the Included Roles section.

  11. Click Apply to save the changes.

    For more information, refer to the Configuring Users, Roles, and Data Access section in the Oracle BIP Administrator's Guide.

    For the list of roles that you need to configure using BIP, refer to Section 6.5, "Configuring BIP Users and Roles: Oracle Fusion Middleware Security Model".

6.4 Managing Users and Roles: Oracle Fusion Middleware Security Model

This section introduces you with the steps that you need to execute to create users, assign the roles and permissions to those users, and configure server settings for the Oracle Fusion Middleware Security Model.

This section comprises the following sub-sections:

6.4.1 Configuring Server Settings

The steps to configure the server settings in the Oracle Fusion Middleware Security Model are exactly the same as that of the BI Publisher Security Model.

Refer to Section 6.3.1, "Configuring Server Settings" for the steps to configure the server settings.

6.4.2 Creating Users and Assigning Roles to Users

Creating users for LDAP or SSO users is done using the LDAP servers which is beyond the scope of this manual.

For the list of users that need to be configured, refer to the Section 6.5, "Configuring BIP Users and Roles: Oracle Fusion Middleware Security Model".

6.4.3 Creating Roles, Adding Data Sources, and Assigning Roles in WebLogic Enterprise Manager

To create roles, add data sources, and assign roles in WebLogic Enterprise Manager, execute the following procedure:

  1. Log on to the Enterprise Manager.

    The Enterprise Manager home page appears with a list of folders in the left pane.

  2. In the left pane, expand the Business Intelligence folder, and click coreapplication.

    Surrounding text describes userroles38.jpg.

    The Coreapplication screen appears in the right pane.

  3. In the Application Policies and Roles section, click Configure and Manage Application Roles.

    Surrounding text describes userroles39.jpg.

    The Application Roles screen appears.

  4. From the Application Stripe drop-down list, select the required application stripe.

  5. Select any existing role (for example, BIConsumer), and click Create Like.

    Surrounding text describes userroles40.jpg.

    The Create Application Role screen appears.

  6. In Role Name field, enter the name of the role.

  7. Optionally, enter the Display Name and Description for the role.

  8. To add any existing application role/group/user to the new role, click Add.

    Surrounding text describes userroles41.jpg.

    The Add Principal screen appears.

  9. To display the list of all the roles, groups, and users that are created in LDAP server, click the > icon next to the Display Name field.

    Surrounding text describes userroles42.jpg.
  10. Select the name of the role, group, or user that you want to add to the new role, and click OK.

    For example, for the BIReportWriter role, BIConsumer and authenticated-role are mandatory members. Besides that, the AIRole must also be a part of the BIReportWriter Role. These roles are displayed in the Members section of the Create Application screen.

    Surrounding text describes bireport.jpg.

    Note:

    The BIReportWriter role must be added to the BIReportWriter application policy. Refer to Section 6.4.4, "Creating Application Policy" for the steps to create the application policy for the BIReportWriter role.

  11. Repeat steps 8 to 10 to add more roles, users, and groups to the new role.

  12. On Create Application Role screen, click OK to save the changes.

    When you have created the role and added the required list of users, roles, and groups to the new role, you must add the PRMART data source to the new role.

  13. Log on to BIP using the administrator credentials.

    The BIP home page appears.

  14. From top-menu, click Administration.

    Refer to Section 6.2 > Step 2.

  15. In Security Center section, click Roles and Permissions.

    The Roles and Permission screen appears.

    You can view the name of the new role which you have just created in the list of role names.

  16. Click the Add Data Sources icon corresponding to the name of the new role.

    The Add Data Sources screen appears.

  17. From the Available Data Sources section, select PRMART, and click the Move (>) icon to move the PRMART data source to the Allowed Data Sources section.

  18. Click Apply to save the changes.

    For more information, refer to the Oracle BIP Administrator's Guide > Creating Application Roles Using Fusion Middleware Control section.

    For the list of roles that need to be configured, refer to the Section 6.5, "Configuring BIP Users and Roles: Oracle Fusion Middleware Security Model".

6.4.4 Creating Application Policy

Once you have created the new role and assigned the required roles, users, and data sources to the role, you also need to create the application policy for the new role.

Before creating a BI Publisher policy, you must have created an empty role in the Enterprise Manager.


Note:

The steps mentioned in this section are valid for creating BIReportWriter application policy.

To create the application policy for the new role, execute the following steps:

  1. Log on to the Enterprise Manager.

    The Enterprise Manager home page appears with a list of folders in the left pane.

  2. In the left pane, expand the Business Intelligence folder, and click coreapplication.

    The Coreapplication screen appears in the right pane.

  3. In the Application Policies and Roles section, click Configure and Manage Application Policies.

    The Application Policies screen appears.

  4. From the Application Stripe drop-down list, select obi.

  5. Select the BIAuthor policy, and click Create Like.

    The Create Application Grant Like screen appears with the Grantee and Permissions sections.

  6. In the Grantee section, click Add.

    This displays the Add Principal Screen.

  7. To retrieve the list of all the available application roles, click the > icon next to the Principal Name field.

  8. From the Searched Principals section, select the name of the role (for example, BIReportWriter), and click OK.

    The Create Application Grant Like screen appears.

  9. From the list of Permission Classes, select the developDataModel resource name, and click Delete.

  10. Click OK to apply the changes.

6.5 Configuring BIP Users and Roles: Oracle Fusion Middleware Security Model

This section lists the names of the <Admin Users> and roles that you need to configure using the steps given in Section 6.3, "Managing Users and Roles: BI Publisher Security Model" and Section 6.4, "Managing Users and Roles: Oracle Fusion Middleware Security Model".

Table 6-1 Configuring BIP Users: Oracle Fusion Middleware Security Model

User Description

BI Admin User

An Admin user refers to the user who has BI Publisher administrative rights. This user should belong to the BIAdministration functional role.

Data Modeler Users

An Argus Insight Data Model user refers to the user who should have access to both Data Models and Reports in the Argus Insight folder. This user should belong to AIDataModeler custom role.

There are Enterprise specific Modeler users, who have access to Data Models and Reports in Enterprise specific folders and Argus Insight folder. These users should have Enterprise specific Modeler roles assigned to them. This user should belong to Enterprise specific Modeler roles.

Users

An Argus Insight Role (AIRole) user refers to the user who should have access to Reports only, and should have Read-only access to the Data Model which is required to create the reports. This user should belong to AIRole.

There can be users who have access to reports of specific Enterprises. These users can Read/Write reports in Enterprise specific Report folder and Argus Insight Report folder. However, these users have Read-only access to the Data Models in the Enterprise specific Data Model and Argus Insight Data Model folder. This user should belong to Enterprise specific Report roles.

Global Admin Users

An AI Admin Role user should have full access to the Argus Insight folder (Read/Write/Delete).

An Enterprise specific Admin user should have full access to the Enterprise specific folders (Read/Write/Delete) and Argus Insight folder (Read/Write/Delete).


6.5.1 Configuring BIP Roles

The following table illustrates the roles that you need to configure using BIP:

Table 6-2 Configuring BIP Roles

Role Users/Roles to be added

BIAdministration (Functional Role)

Super user who has full access to any folder and BIP Administration access

AIRole

All Argus Insight role users, AIDataModelerRole, and All Enterprise Report Roles (for specific enterprises)

AIDataModelerRole

All AI Data Modeler Users, All Enterprise Modeler Roles, and AIAdminRole

Enterprise Report Role

Users that belong to a specific Enterprise with Reports access and Enterprise Modeler Role

Enterprise Modeler Role

Users that belong to a particular Enterprise with both Data Models and Reports access

Enterprise Admin Role

Enterprise specific Admin users. These users should have full access to the Enterprise specific folders.

AIAdminRole

Any User with this role should have full access to the Argus Insight Folder. The Enterprise Admin Role should be added to this role.

BIAdministrator (Functional Role)

BI Admin User

BIAuthor (Functional Role)

AIDataModelerRole

BIReportWriter (create this role using the steps given in section 8.4.3 and create an Application Policy for this role using the steps given in section 8.4.4)

AIRole


6.5.2 Folder Level Permissions

This section explains the Folder Level permissions that you need to grant using BIP.

For more information, refer to the Oracle BIP Administrator's Guide > About Catalog Permissions section.

Table 6-3 Folder Level Permissions

Folder Roles to be added Permissions

Argus Insight

AIAdminRole

Full access

Argus Insight > General > Data Model

AIDataModelerRole, AIRole

AIDataModelerRole - Full accessAIRole - Read, Run, Schedule, and View report

Argus Insight > General > Reports

AIRole

Full access

Argus Insight > CoverPage

AIRole

Full access

Enterprise specific folders

Enterprise Specific Admin Role

Full access

Enterprise Specific Folder -- Data Model

Enterprise Modeler Role, Enterprise Report Role

Enterprise Modeler Role - Full accessEnterprise Report Role -Read, Run, Schedule, and View report

Enterprise Specific Folder - Reports

Enterprise Report Role

Full access


6.6 Configuring BIP Roles and Permissions: BI Publisher Security Model

This section explains the users, which you need to create, and the roles that you need to assign to those users using the BI Publisher.

This section comprises the following sub-sections:

6.6.1 Argus Insight Specific Users and Roles

The Argus Insight folder comprises two sub-folders:

  • Data Models

  • Reports

There are three types of Argus Insight specific users and their corresponding roles. The following is the list of users that you need to create along with the name of the role for each user:

  • User Name: AIAdminRole Users, Role Name: AIAdminRole

  • User Name: AIDataModeler Users, Role Name: AIDataModelerRole

  • User Name: AIRole Users, Role Name: AIRole

In addition to these users that you need to create, there is a default BI Admin User for the application. This user is a super user with a BIP administration access and has also got access to upload the Argus Insight repository.

The access to the Data Models and Reports folder depends on the type of the user and the role assigned to that user. In addition, the BI publisher also allows you to add roles (Nested Role) to a role (Super Role). In that case, the user with the Super Role privileges also has the privileges of the nested role.

For example, a user has been assigned an X role and you add Y role to the X role, that user also has the privileges of the Y role, even though Y role is not directly assigned to the user.

You may refer to Section 6.3, "Managing Users and Roles: BI Publisher Security Model" or Section 6.4, "Managing Users and Roles: Oracle Fusion Middleware Security Model", depending on the Security Model that you are using for the steps to create users, create roles, and assign roles to users and roles.

The following table lists the Argus Insight specific users that you need to create, the roles that you need to assign to the users, and the description about the privileges for each user and role:

Table 6-4 Argus Insight Specific Users and Roles

Name of the User/Role Users/Roles to be added Description

BI Admin User

BI Administration (Functional Role)

The BI Admin User has access to upload the Argus Insight repository and works as a Super user who has BIP Administration access.

AIAdminRole

AIDataModelerRole

The user with this role has full access to the Argus Insight Folder.

AIAdminRole Users

AIAdminRole

This user has full access to the Argus Insight Folder.

AIDataModelerRole

BI Publisher DeveloperAIRole

The user with this role has access to the Argus Insight Data Models and Reports folders.

AIDataModeler Users

AIDataModelerRole

The user has access to Argus Insight Data Models and Reports folders.

AIRole

BITemplate Designer and BI Publisher Scheduler roles

The users belonging to this role have read-only access to the Argus Insight Data Models folder and full access of the Argus Insight Reports folder.

AIRole Users

AIRole

This user has read-only access to the Argus Insight Data Models folder and full access to the Argus Insight Reports folder.


6.6.2 Enterprise Specific Users and Roles

In addition to the Argus Insight specific users and roles, you can also create Enterprise specific users and roles, and add extra privileges to those users and roles by adding Argus Insight specific roles to them.

Similar to the Argus Insight folder, each enterprise comprises the Data Models and Reports folder.

There are three types of Enterprise specific users and their corresponding roles. The following is the list of enterprise specific users that you need to create along with the name of the role for each user:

  • User Name: Enterprise Specific Admin Users, Role Name: Enterprise Admin Role

  • User Name: Enterprise Modeler Role Users, Role Name: Enterprise Modeler Role

  • User Name: Enterprise Report Role Users, Role Name: Enterprise Report Role

Table 6-5 Enterprise Specific Users and Roles

Name of the User/Role Users/Roles to be added Description

Enterprise Admin Role

AIAdminRole (Created in 8.6.1 section)

The user belonging to this role has full access to the Enterprise specific folder.In addition, the user belonging to this role also has full access to the Argus Insight folder.

Enterprise Specific Admin Users

Enterprise Admin Role

This user has full access to the Enterprise specific Folder.In addition, this user has full access to the Argus Insight folder.

Enterprise Modeler Role

AIDataModelerRole (Created in 8.6.1 section)Enterprise Report Role

The user belonging to this role has access to:Argus Insight Data Models folder (Full access)Argus Insight Reports folder (Read, Run, Schedule, View report)Enterprise specific Data Models folder (Full access)Enterprise specific Reports folder (Read, Run, Schedule, View report)

Enterprise Modeler Role Users

Enterprise Modeler Role

This user has access to:

Argus Insight Data Models folder (Full access)

Argus Insight Reports folder (Read, Run, Schedule, View report)

Enterprise specific Data Models folder (Full access)

Enterprise specific Reports folder (Read, Run, Schedule, View report)

Enterprise Report Role

AIRole (Created in 8.6.1 section)

The user belonging to this role has access to:Argus Insight Data Models folder (Read only)Argus Insight Reports folder (Full access) Enterprise specific Data Models folder (Read only)Enterprise specific Reports folder (Full access)

Enterprise Report Role Users

Enterprise Report Role

This user has access to:

Argus Insight Data Models folder (Read only)

Argus Insight Reports folder (Full access)

Enterprise specific Data Models folder (Read only)

Enterprise specific Reports folder (Full access)


For information on the Folder Level permissions that you need to grant using BIP, refer to Section 6.5.2, "Folder Level Permissions".