4 Extending Security in Oracle BI Applications

You can extend the preconfigured Oracle BI Applications security model to match your operational source system. When you extend Oracle BI Applications, you need to ensure that your customizations and any new objects are valid and functional.

You can also leverage the existing Oracle BI Applications security objects when extending data-level security. To do this, copy existing security objects for secured dimensions, such as initialization blocks and Duty Roles, and then modify them to apply to the additional dimensions.

For more information on working with security objects like Duty Roles and initialization blocks, see:

  • Creating and Managing Duty Roles and Application Policies Using Fusion Middleware Control in Oracle Fusion Middleware Security Guide for Oracle Business Intelligence Enterprise Edition

  • Working with Initialization Blocks in Oracle Fusion Middleware Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition

The general process for extending data-level security for repository objects is as follows:

  1. Extend the physical table by adding the attribute by which the dimension or fact needs to be secured. (This step results in a change to the data model.)
  2. Populate the relevant attribute value for each row in the fact or dimension table. (This step results in a change to the ETL mapping.)
  3. Use the Oracle BI Administration Tool to create an initialization block to fetch the attribute values and populate them into a session variable when each user logs into Oracle BI Applications. You can create a target session variable for the initialization block if the initialization block is not a row-wise initialization block. (This step results in a change to the Oracle BI repository.) For instructions, see Oracle Fusion Middleware Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition.
  4. Use Fusion Middleware Control to create a Duty Role in the policy store. Then, restart the Oracle BI Server. For instructions, see Oracle Fusion Middleware Security Guide for Oracle Business Intelligence Enterprise Edition.
  5. Use the Oracle BI Administration Tool in online mode to set up data filters based on the new role for each of the fact and dimension tables that need to be secured by the attribute you added in Step 1. (This step results in a change to the Oracle BI Repository.) For instructions, see Oracle Fusion Middleware Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition.
  6. Use the Oracle BI Administration Tool in online mode to restrict object access based on the Duty Role you created in Step 4. (This step results in a change to the Oracle BI Repository.) For instructions, see Oracle Fusion Middleware Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition.
  7. Use Presentation Services administration to set up Presentation Services catalog privileges based on the Duty Role you created in step 4. For instructions, see Oracle Fusion Middleware Security Guide for Oracle Business Intelligence Enterprise Edition.