Follow these steps to set up security in a new installation of Oracle Business Intelligence. Some tasks are mandatory, some are optional, and some are conditionally required depending on the configuration choices that you make. You might also refer to this section if you are maintaining an existing installation of Oracle Business Intelligence.
After you have installed Oracle Business Intelligence, you typically evaluate the product using the sample application. Later, you typically create and develop your own users, groups, and application roles iteratively to meet your business requirements.
Oracle recommends that you complete these post installation tasks in the following order:
Tip:
Oracle does not recommend using WebLogic Embedded LDAP Server in an environment with more than 1000 users. If you require a production environment with high-availability and scalability, then you should use a directory server such as Oracle Internet Directory (OID) or a third-party directory server.
For information about where to find the full list of supported authentication providers, see System Requirements and Certification.
For example, if you want to deploy Oracle Business Intelligence to 20 people who need to view analyses, you might create 20 users.
For detailed steps, see Assigning a User to a New Group, and a New Application Role.
Set up the application roles that you want to deploy as described in Creating and Deleting Application Roles Using Fusion Middleware Control.
For example, you might use BIConsumer, BIContentAuthor, and BIServiceAdministrator, or you might create your own application roles.
For example, you might use the application policies that are used by the sample application roles BIConsumer, BIContentAuthor, and BIServiceAdministrator, or you might create your own application policies.
If you have created new groups, you must assign the new groups to appropriate application roles as described in Assigning a Group to an Application Role.
If you are using a commercial authentication provider such as Oracle Internet Directory, then you must assign the groups to appropriate application roles as described in Assigning a Group to an Application Role.
For example, you might want to enable an application role called BISuperConsumer to create analyses, so you use the Administration Tool to change the Read access to a subject area to Read/Write access.
Note:
If you are using the default SampleAppLite.rpd file in a production system, you should change the password from its installed value, using the Administration Tool. For more information about the SampleAppLite repository file, see About the SampleApp.rpd Demonstration Repository in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition.
For example, you might want to prevent an application role called BISuperConsumer from viewing scorecards, so you use Presentation Services Administration Page to change the Scorecard\View Scorecard privileges for BISuperConsumer from Granted to Denied.
Oracle Business Intelligence is installed with SSL turned off. If you want to deployOracle Business Intelligence in an SSL environment, follow the steps in Configuring SSL in Oracle Business Intelligence.