1. BI Publisher for JD Edwards EnterpriseOne Guide
  2. Oracle BI Publisher and JD Edwards EnterpriseOne Security

Oracle BI Publisher and JD Edwards EnterpriseOne Security

To create an interactive BI Publisher report, a user must be able to sign on to both Oracle BI Publisher and to the JD Edwards EnterpriseOne database. The connection string for the data source, along with the JD Edwards EnterpriseOne JDBC Driver configuration, specifies the database that BI Publisher will access when creating and running interactive reports.

At the time that the JDBC driver is configured, it is highly recommended that you select the Use Proxy Authentication option for the data source. Using proxy authentication assumes that the user IDs in Oracle BI Publisher and JD Edwards EnterpriseOne are the same, either by duplication or by using Lightweight Directory Access Protocol (LDAP).

With proxy authentication, JD Edwards EnterpriseOne authentication security is enforced against the user name and password in the data source, not the BI Publisher user name that is using the data source. The BI Publisher user name is automatically appended to the database connection string and passed in when the data source is selected. Because the JD Edwards user ID and the BI Publisher user name must be the same, all row and column security assigned to the JD Edwards EnterpriseOne user or its roles is applied to this appended user when connecting to the database using the database connection string. It should also be noted that in this configuration, the user name and password of the JDBC data source in BI Publisher must match the Bootstrap user and password of the JD Edwards EnterpriseOne JDBC driver.

Without proxy authentication, the BI Publisher and JD Edwards user IDs can be different. In this configuration, EnterpriseOne authentication, row, and column security is enforced against the data source user ID and password, not the BI Publisher user that is using the data source. Consequently, any BI Publisher user could have access to the JD Edwards EnterpriseOne database, limited only by the security applied to the data source user ID. Restricting data access would require that BI Publisher users have separate data sources with unique user names and passwords. The data sources would need to be configured with different levels of access to the database, and each BI Publisher user would be required to use the appropriate data source when connecting to the database. In this configuration, the user name and password of the JDBC data source in BI Publisher does not need to match the Bootstrap user and password of the JD Edwards EnterpriseOne JDBC driver.

In summary, the Use Proxy Authentication option is recommended when configuring the BI Publisher JDBC Connection because it enforces database security without having to create multiple data sources.