1. Securing Business Intelligence Applications
  2. Extending Security in Oracle BI Applications

4 Extending Security in Oracle BI Applications

You can extend the preconfigured Oracle Business Intelligence Applications (Oracle BI Applications) security model to match your operational source system. When you extend Oracle BI Applications, you need to ensure that your customizations and any new objects are valid and functional.

You can also leverage the existing Oracle BI Applications security objects when extending data-level security. To do this, copy existing security objects for secured dimensions, such as initialization blocks and Duty Roles, and then modify them to apply to the additional dimensions.

To work with security objects like Duty Roles and initialization blocks, see:

  • Securing Resources Using Roles and Policies for Oracle WebLogic Server

  • Managing Metadata Repositories for Oracle Analytics Server

The general process for extending data-level security for repository objects is as follows:

  1. Extend the physical table by adding the attribute by which the dimension or fact needs to be secured. (This step results in a change to the data model.)
  2. Populate the relevant attribute value for each row in the fact or dimension table. (This step results in a change to the ETL mapping.)
  3. Use the Oracle BI Administration Tool to create an initialization block to fetch the attribute values and populate them into a session variable when each user logs into Oracle BI Applications. You can create a target session variable for the initialization block if the initialization block is not a row-wise initialization block. (This step results in a change to the Oracle BI Repository.) See Managing Metadata Repositories for Oracle Analytics Server.
  4. Use Oracle Enterprise Manager Fusion Middleware Control to create a Duty Role in the policy store. Then, restart the Oracle BI Server. See Administering Oracle Fusion Middleware with Fusion Middleware Control.
  5. Use the Oracle BI Administration Tool in online mode to set up data filters based on the new role for each of the fact and dimension tables that need to be secured by the attribute you added in Step 1. (This step results in a change to the Oracle BI Repository.) See Managing Metadata Repositories for Oracle Analytics Server.
  6. Use the Oracle BI Administration Tool in online mode to restrict object access based on the Duty Role you created in Step 4. (This step results in a change to the Oracle BI Repository.) See Managing Metadata Repositories for Oracle Analytics Server.
  7. Use Presentation Services administration to set up Presentation Services catalog privileges based on the Duty Role you created in step 4. See Managing Security for Oracle Analytics Server.