Introducing Security with the BI Beans

As part of deploying a BI Beans application, you must bear in mind the security considerations for your application and for the databases that it will access. Internally, BI Beans does not provide mechanisms for authentication, but BI Beans does provide authorization. BI Beans allows you to use external and custom security mechanisms through the use of drivers that you plug into your application.

Three Types of Pluggable Drivers

You can use the following three types of pluggable drivers to manage security:

Before you can use any of this drivers, you must register them.

Process: Managing security

The process of managing security for a BI Beans application can be divided into two major tasks:

  1. Establish connections.

  2. Authorize access to the BI Beans catalog.

Procedure: Establishing connections

To establish connections for a BI Beans application:

  1. Understand the difference between authentication and authorization. You should comprehend these concepts so that you can handle the security of your application appropriately.

  2. Register pluggable drivers. You have the option of registering custom pluggable drivers. To register such drivers, use settings in the BI Beans configuration file or methods in the BI Beans API.

  3. Authenticate the user. You can choose to authenticate the user in various situations.

  4. Implement Oracle Application Server Single Sign-On. You can choose to implement a single sign-on solution to work with the BI Beans application.

  5. Specify database connectivity information. You can use Database Access Descriptor (DAD) files to connect to an OLAP data source and to the BI Beans Catalog, as provided in the default implementation of the connection drivers. You can also specify connectivity information by implementing your own connection driver or by using methods from the BI Beans API.

  6. Connect to data stores.

Procedure: Authorizing access to the BI Beans Catalog

To authorize access to the BI Beans Catalog:

  1. Create a community of authorized users. The community is a list of users who can access folders in the catalog.

  2. Grant privileges to users. You control access to the objects in the catalog by setting user privileges on folders.

  3. Specify users for a folder and grant access. For each folder in the catalog, you specify which users can access the folder and which privileges they have.

  4. Change access rights of a user for a folder. After granting privileges to a user for a folder, you can change that user's access rights as necessary.

Packages for security code

As you implement the security features for an application, you work primarily with the interfaces and methods from these two packages: oracle.dss.security and oracle.dss.persistence.security.