The Oracle Fusion Middleware security platform depends upon the following key elements to provide uniform security and identity management across the enterprise.
For more information about the Oracle Fusion Middleware security platform, see Introduction to Oracle Platform Security Services in Securing Applications with Oracle Platform Security Services.
Oracle Business Intelligence uses these security platform elements as follows:
For more information about application policies, see Terminology.
An application stripe defines a subset of policies in the policy store. TheOracle Business Intelligence application stripe is named obi.
For more information about application roles, see About Application Roles. For example, having the Sales Analyst application role can grant a user access to view, edit and create reports relating to a company's sales pipeline. The application role is also the container used to grant permissions and access to its members. When members are assigned to an application role, that application role becomes the container used to convey access rights to its members. For example:
Oracle Business Intelligence Permissions
These permission grants are defined in an application policy. After an application role is assigned to a policy, the permissions become associated with the application role through the relationship between policy and role. If groups of users have been assigned to that application role, the corresponding permissions are in turn granted to all members equally. More than one user or group can be members of the same application role.
Data Access Rights
Application roles can be used to control access rights to view and modify data in the repository file. Data filters can be applied to application roles to control object level permissions in the Business Model and Mapping layer and the Presentation layer. For more information about using application roles to apply data access security and control repository objects, see Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition.
Presentation Services Object-Level Access
Application roles can be used to grant access rights to reports and other objects in Oracle BI Presentation Services. For more information about using application roles to control access in Presentation Services, see Managing Presentation Services Privileges Using Application Roles.
For more information about authentication providers, see About Authentication.