| Oracle® Argus Safety BI Publisher Periodic Reporting Extensibility Guide Release 8.0 E56916-02 |
|
 Previous |
 Next |
| Oracle® Argus Safety BI Publisher Periodic Reporting Extensibility Guide Release 8.0 E56916-02 |
|
Previous |
Next |
This chapter contains the following sections:
To create users and assign them roles:
Log in to BI Publisher using your administrator credentials. Navigate to the Administration page. Click and navigate to the Users page.
Click Create Users.
Enter a user name and password and click Apply. The system creates a new user.
To assign roles to the user, click the Assign Roles icon corresponding to the new user.
The Assign Roles screen appears and displays the BIP system roles. These are:
BI Publisher Administrator
BI Publisher Excel Analyzer
BI Publisher Online Analyzer
BI Publisher Developer
BI Publisher Scheduler
BI Publisher Template Designer
These roles are available by default along with the custom roles you create.
In Figure 7-5, ASAdmin and BIAdmin are custom roles.
Select a role from the Available Roles section and click Move (>) to move the selected role to the Assigned Roles section. Click Apply. This assigns the selected roles to the user.
This section describes the steps to create custom roles and assign data sources to them.
Log in to BI Publisher using your administrator credentials. Navigate to the Administration page. Click and navigate to the Roles and Permissions page.
On the Roles and Permissions page, click Create Role.
On the Create Role page, provide a role name and description and click Apply. This creates the new custom role.
You can now view the new role.
To assign data sources to the created role, click the Add Data Sources icon.
Select a data source from the Available Data Sources section, and click Move (>) to add it to the Allowed Data Sources section.
Click Apply.
To assign the required roles to the custom role, click Add Roles.
On the Add Roles page, select the roles to be included from Available Roles, and click Move (>) to add the selected roles to Included Roles.
When you are done, click Apply.
This section explains a sample set of user types and corresponding roles that can be created. You can utilize this sample to enhance security as needed.
Argus Safety BI Publisher Periodic Reports contain the following folders in an out-of-the-box installation.
Main Argus Safety folder under the Shared folders
Cover Trailer
PBRER
PMAR
DSUR
Each report (except the cover trailer) contains two sub-sections—one for the data model and the other for reports.
Table 7-1 describes the three types of Argus Safety specific users and roles.
Table 7-1 User and Role Names
| User Name | Role Name |
|---|---|
|
ASAdmin |
ASAdminRole |
|
ASDataModeler |
ASDataModelerRole |
|
ASUsers |
ASUserRole |
Additionally, there is a default BI Admin User for the application. This user is a super user having BIP administration access and can upload to the Argus Safety repository.
Access to the Data Models and Reports folder depends on the user type and the role assigned. The BI publisher also lets you add roles.
For example, a user has been assigned the X role and you add the Y role to the X role. The user now has the privileges of the Y role despite the Y role not being directly assigned to the user.
Table 7-2 describes the relationships of users, roles, and privileges.
Table 7-2 Users, Roles and Privileges
| Name of the user/role | Users/Roles to be added | Description |
|---|---|---|
|
BI Admin User |
BI Administration (Functional Role) |
Can upload to the Argus Safety repository and works as a super user who has BIP Administration access. |
|
ASAdminRole |
ASDataModelerRole |
Has complete access to the Argus Safety Folder. |
|
ASAdminRole Users |
ASAdminRole |
Has complete access to the Argus Safety folder |
|
ASDataModelerRole |
BIAuthor (Functional Role) or BI Publisher Developer (in BIP Standalone system) or ASUserRole |
Has access to the Argus Safety Data Models and Reports folders. |
|
ASDataModeler Users |
ASDataModelerRole |
Has access to Argus Safety Data Models and Reports folders. |
|
ASUserRole |
BIReportWriter (Functional Role) or BITemplate Designer role (in BIP Standalone system) |
Has read-only access to the Argus Safety Data Models folder and complete access to the Reports folder. |
|
ASUsers |
ASUserRole |
Has read-only access to the Argus Safety Data Models folder and complete access to the Reports folder. |
This section describes the steps to be executed to create users, assign them roles and permissions, and configure server settings for the Oracle Fusion Middleware Security Model.
Configure the BI Publisher server settings for the BI Publisher Security model. However, in this case the security model is the Fusion Middleware Security model.
To create roles, add data sources, and assign roles in the WebLogic Enterprise Manager:
Log in to Enterprise Manager. This displays the Enterprise Manager home page with a list of folders in the left pane.
Expand the Business Intelligence folder and click coreapplication.
The coreapplication screen appears in the right pane.
Click Configure and Manage Application Roles in the Application Policies and Roles section.
The Application Policies and Roles screen appears.
Select an application stripe from the Application Stripe drop-down list.
Select an existing role (such as BIConsumer) and click Create Like.
The Create Application Role screen appears.
Enter the name of the role in the Role Name field.
Enter the display name and description in the Display Name and Description fields. These are optional fields.
Click Add to add any existing application role, group or user to the new role.
The Create Application Role screen appears.
Click the > icon near the Display Name field. The list of all the roles, groups, and users created in LDAP server appears.
Select the name of a role, group, or user and click OK. For example, for the BIReportWriter role, BIConsumer and authenticated-role are mandatory members.
|
Note: The ASRole must also be a part of the BIReportWriter Role. These roles appear in the Members section of the Create Application Screen.The BIReportWriter role must be added to the BIReportWriter application policy. |
Repeat steps 8 to 10 to add additional roles, users, and groups to the new role.
Click OK on the Create Application Role screen.
After you have created the role and added the required list of users, roles, and groups to the new role, you must add the ASBIP data source to the new role.
Log in to BIP using your administrator credentials. This displays the BIP Home page.
Click Administration.
Click Roles and Permissions in the Security Center section.
The Roles and Permissions screen appears. You can view the name of the new role that you have just created in the list of role names.
Click the Add Data Sources icon corresponding to the name of the new role.
The Add Data Sources screen appears.
Select ASBIP from the Available Data Sources section, and click the Move (>) icon to move the ASBIP data source to the Allowed Data Sources section.
The Add Data Sources screen appears. Click Apply.
For more information, refer to the Creating Application Roles Using Fusion Middleware Control section of the Oracle BIP Administrator's guide.
After creating and assigning roles, users, and data sources to the role, you must create the application policy for the new role.
Before creating a BI Publisher Report Writer policy, you must have created an empty role in Enterprise Manager.
|
Note: The steps mentioned in this section are valid for creating a BIReportWriter application policy. |
To create the application policy for the new role:
Log in to the Enterprise Manager. This displays the Enterprise Manager home page with a list of folders in the left pane.
Expand the Business Intelligence folder in the left pane, and click coreapplication.
The coreapplication screen appears in the right pane.
Click Configure and Manage Application Policies in the Application Policies and Roles section.
Figure 7-15 Configure and Manage Application Policies Screen
The Application Policies screen appears.
Select obi from the Application Stripe drop-down list.
Select BIAuthor policy and click Create Like.
The Create Application Grant Like screen appears with the Grantee and Permissions sections.
Click Add in the Grantee section.
Figure 7-17 Create Application Grant Like Screen
The Add Principal screen appears.
Click the > icon near the Principal Name field to retrieve the list of all available application roles.
Select the name of the role from the Searched Principals section (for example, BIReportWriter), and click OK. The Create Application Grant Like screen appears.
Select the developDataModel Resource Name from the list of Permission Classes and click Delete.
Click OK.
This section lists the names of the <Admin Users> and roles you need to configure.
An Admin user has BI Publisher administrative rights. This user belongs to the BIAdministration functional role.
An Argus Safety data model user has access to both Data Models and Reports in the Argus Safety folder. This user belongs to the ASDataModeler custom role.
The Enterprise specific modeler users have access to Data Models and Reports in Enterprise specific folders and the Argus Safety folder.
An Argus Safety Role (ASRole) user has access to Reports and Read-only access to the data model required to create the reports. This user belongs to the ASRole.
Users can have access to reports of specific Enterprises. ASRole users can read or write reports in the Enterprise specific Report and Argus Safety Report folders. However, they have Read-only access to the Data Models in the Enterprise specific Data Model and the Argus Safety Data Model folder. These users belong to Enterprise specific Report roles.
An AS Admin Role user has complete access to the Argus Safety folder.
An Enterprise specific Admin user has complete access to the Enterprise specific folders and Argus Safety folder.
Table 7-3 list the roles that you need to configure using BIP:
Table 7-3 Configuring BIP Roles
| Role | Users/Roles to be added |
|---|---|
|
BIAdministration (Functional Role) |
Super user having complete access to all folders and BIP Administration access. |
|
ASRole |
All Argus Safety role users, ASDataModelerRole, and all Enterprise Report Roles (for specific enterprises). |
|
ASDataModelerRole |
All AS Data Modeler Users, all Enterprise Modeler Roles, and ASAdminRole. |
|
Enterprise Report Role |
Users belonging to a specific Enterprise with Reports access and Enterprise Modeler Role. |
|
Enterprise Modeler Role |
Users belonging to a particular Enterprise with both Data Models and Reports access. |
|
Enterprise Admin Role |
Enterprise specific Admin users. User with complete access to Enterprise specific folders. |
|
ASAdminRole |
User with complete access to the Argus Safety folder. The Enterprise Admin Role is added to this role. |
|
BIAdministrator (Functional Role) |
BI Admin User. |
|
BIAuthor (Functional Role) |
ASDataModelerRole. |
|
BIReportWriter |
ASRole. |
This section explains the folder level permissions that you can grant using BIP.
For more information, refer to the About Catalog Permissions section in Oracle Administrator's Guide for Oracle BIP.
Table 7-4 Roles and Permissions
| Folder | Roles to be added | Permissions |
|---|---|---|
|
Argus Safety |
ASAdminRole |
Full access |
|
Argus Safety > General > Data Model |
ASDataModelerRole, ASRole |
ASDataModelerRole - Full accessASRole - Read, Run, Schedule, and View report |
|
Argus Safety > General > Reports |
ASRole |
Full access |
|
Argus Safety > CoverPage |
ASRole |
Full access |
|
Enterprise specific folders |
Enterprise Specific Admin Role |
Full access |
|
Enterprise Specific Folder -- Data Model |
Enterprise Modeler Role, Enterprise Report Role |
Enterprise Modeler Role - Full accessEnterprise Report Role - Read, Run, Schedule, and View report |
|
Enterprise Specific Folder - Reports |
Enterprise Report Role |
Full access |
|
 Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
