The BI Beans persistence service allows the application developer to control the access of users to folders in the BI Beans Catalog. To support this access control, the persistence service requires a list of authorized users.
The Catalog user community is composed of all the users whose names have been added to the list of users that is stored in the BI Beans Catalog. The default implementation involves the following pieces:
The Catalog user community, which by default contains one user who is the Catalog connection user (that is, the user who installed the schema for the Catalog).
A pluggable user community driver. A default implementation is provided in the oracle.dss.persistence.storagemanager.bi.mapping.ReposUserCommunity
class.
This class implements methods that throw a BISecurityException
to indicate an error. The methods are as follows:
init
: Given a set of incoming properties, this method initializes the driver with the target user community.
getAllUsers
: This method returns a vector that contains the user and group names from a user community. Each user must be represented by the User
object, and each group must be represented by the Group
object. The getAllUsers
method of the default implementation returns the names in the Catalog user community. To use the getAllUsers
method with an external community, you must implement and plug in your own user community driver.
uninitialize
: This method uninitializes the driver.
To add a new user to the list and specify privileges, you use the addEntries
method. You can also merge in users to the Catalog user community from an external community. The BI Beans samples include scripts that you can execute to merge in users from an Oracle Internet Directory (or OID -- Oracle's implementation of an LDAP service). These example scripts perform the following functions:
Incorporating users from an OID into the Catalog user community.
Synchronizing new users from an OID with existing users in the Catalog user community.
Provisioning, which involves registering a PL-SQL interface with an agent that checks the OID for deleted or modified users. If the agent detects a deletion, then the agent propagates an event to the provisioning implementation so that you can manually change the Catalog user community.
Provisioning is an implementation that is specific to OID and BI Beans. Other external communities might not support provisioning. Refer to the OID documentation for more information.
You can create your own mechanism for maintaining a user community. This mechanism might access external systems such as an OID, the Oracle RDBMS, or Oracle application users. You can plug in your own user community driver and access an external user community by implementing the UserCommunityProvider
interface and registering it.