1. Configuring Oracle Analytics Cloud
  2. Configure Your Service
  3. Manage Publishing Options
  4. Secure Reports

Secure Reports

This topic describes how to secure pixel-perfect reporting.

Topics:

Use Digital Signature in a PDF Report

You can apply a digital signature to a PDF report.

Digital signatures enable you to verify the authenticity of the documents you send and receive. You can upload your digital signature file to a secure location, and at runtime sign the PDF report with the digital signature. The digital signature verifies the signer's identity and ensures that the document hasn't been altered after it was signed.

For additional information, refer to the Verisign and Adobe websites.

Prerequisites and Limitations

When you use digital signatures with PDF reports in Publisher, you must be aware of a few limitations.

A digital signature is obtained from a public certificate authority or from a private/internal certificate authority (if for internal use only).

Keep the following limitations in mind:

  • Only the reports scheduled in Publisher can include the digital signature.

  • You can register multiple digital signatures and enable a digital signature at the instance level. At the report level, you can choose the digital signature you want to apply for the report. Multiple templates assigned to the same report share the digital signature properties.

Obtain Digital Certificates

You can obtain a digital certificate either by purchasing one or by using the self-sign method.

  • To obtain a digital certificate, perform one of the following:
    • Purchase a certificate from an authority, verify and trust the authenticity of the certificate, and then use Microsoft Internet Explorer 7 or later to create a PFX file based on the certificate you purchased.
    • Create a self-signed certificate using a software program such as Adobe Acrobat, Adobe Reader, OpenSSL, or OSDT as part of a PFX file, and then use the PFX file to sign PDF documents by registering it with Publisher. Bear in mind that anyone can create a self-signed certificate, so use care when verifying and trusting such a certificate.

Create PFX Files

If you obtained a digital certificate from a certificate authority, you can create a PFX file using that certificate.

You don't need to create a PFX file if a self-signed certificate PFX file already exists.

To create a PFX file with Microsoft Windows Explorer:

  1. Ensure that your digital certificate is saved on your computer.
  2. Open Microsoft Internet Explorer.
  3. From the Tools menu, click Internet Options and then click the Content tab.
  4. Click Certificates.
  5. In the Certificates dialog, click the tab that contains your digital certificate and then click the certificate.
  6. Click Export.
  7. Follow the steps in the Certificate Export Wizard. For assistance, refer to the documentation provided with Microsoft Internet Explorer.
  8. When prompted, select Use DER encoded binary X.509 as your export file format.
  9. When prompted, save your certificate as part of a PFX file to an accessible location on your computer.

After you create your PFX file, you can use it to sign PDF documents.

Apply a Digital Signature

You can set up and sign your PDF reports with a digital signature.

At the instance level, you can upload and register multiple digital signatures, set one digital signature as the default, and enable digital signature for PDF reports. At the report level, you can choose a digital signature you want to apply for the report or you can disable digital signature for the report.
  1. Upload the digital signature files in Upload Center.
  2. Register the digital signature in the Publisher Administration page and specify the roles that are authorized to sign reports.
  3. If you have registered multiple digital signatures, set one as the default signature for the instance.
    1. In the Administration page, navigate to Security Center, and click Digital Signature.
    2. In the Digital Signature tab, select the digital signature file you want to set as default, and click Set as Default.
    3. In the Runtime Configuration page, set the Enable Digital Signature property to true.
  4. To configure digital signature for a report, select the report and set the digital signature properties.
    1. In the Report Properties dialog, select the Formatting tab.
    2. Set the Enable Digital Signature property to true for the report.
    3. Select the digital signature for the report.
    4. Specify the display field name and location.
  5. Log in as a user with an authorized role and submit the report through the Publisher scheduler, choosing the PDF report. When the report completes, it's signed with your digital signature in the specified location of the report.
Register Your Digital Signature and Assign Authorized Roles

The administrator can register a digital signature and assign roles that can have the authority to sign documents with this digital signature.

You must upload the digital signature file in Upload Center.

Publisher supports the identification of a single digital signature.

  1. On the Administration tab, under Security Center, click Digital Signature.
  2. Select the digital signature file you uploaded in Upload Center and enter the password for the digital signature.
  3. Enable the Roles that must have the authority to sign documents with this digital signature. Use the shuttle buttons to move Available Roles to the Allowed Roles list.
  4. Click Apply.
Specify the Signature Display Field or Location

You must specify the location for the digital signature to appear in the completed document. The methods available depend on whether the template type is PDF or RTF.

If the template is PDF, use one of the following options:

  • Specify a template field in a PDF template for the digital signature.

  • Specify the location for the digital signature in the report properties.

If the template is RTF, specify the location for the digital signature in the report properties.

Specify a Template Field in a PDF Template for the Digital Signature

Include a field in the PDF template for digital signatures.

Report authors can add a new field or configure an existing field in the PDF template for the digital signature. See Add or Designate a Field for a Digital Signature.

Specify the Location For the Digital Signature in the Report

You can specify the location for the digital signature in the report.

When you specify a location in the document to place the digital signature, you can either specify a general location (Top Left, Top Center, or Top Right) or you can specify x and y coordinates in the document.

You can also specify the height and width of the field for the digital signature by using runtime properties. You don't need to alter the template to include a digital signature.

  1. In the catalog, navigate to the report.
  2. Click the Edit link for the report to open the report for editing.
  3. Click Properties and then click the Formatting tab.
  4. Scroll to the PDF Digital Signature group of properties.
  5. Set Enable Digital Signature to True.
  6. Specify the location in the document where you want the digital signature to appear by setting the appropriate properties as follows (note that the signature is inserted on the first page of the document only):

    • Existing signature field name — Doesn't apply to this method.

    • Signature field location — Provides a list containing the following values:

      Top Left, Top Center, Top Right

      Select one of these general locations and Publisher places the digital signature in the output document sized and positioned appropriately.

      If you set this property, then don't enter X and Y coordinates or width and height properties.

    • Signature field X coordinate — Using the left edge of the document as the zero point of the X axis, enter the position in points to place the digital signature from the left.

      For example, to place the digital signature horizontally in the middle of an 8.5 inch by 11 inch document (that is, 612 points in width and 792 points in height), enter 306.

    • Signature field Y coordinate — Using the bottom edge of the document as the zero point of the Y axis, enter the position in points to place digital signature from the bottom.

      For example, to place the digital signature vertically in the middle of an 8.5 inch by 11 inch document (that is, 612 points in width and 792 points in height), enter 396.

    • Signature field width — Enter in points the desired width of the inserted digital signature field. This applies only if you're setting the X and Y coordinates.

    • Signature field height — Enter in points the desired height of the inserted digital signature field. This applies only if you're setting the X and Y coordinates.

Run and Sign Reports with a Digital Signature

If you've been assigned a role that's been granted the digital signature privilege, you can sign a generated report with a signature, if the report has been configured to include signatures. You can sign only scheduled reports with signatures.

To sign reports with a digital signature:

  1. Log in as a user with a role granted digital signature privileges.
  2. In the catalog, navigate to the report that has been enabled for digital signature, and click Schedule.
  3. Complete the fields on the Schedule Report Job page, select PDF output, and then submit the job.

    The completed PDF displays the digital signature.

Use PGP Keys for Encrypted Report Delivery

You can deliver PGP encrypted reports through FTP server or Content server.

You can configure the FTP server and Content server delivery channels to use the PGP public keys to deliver PGP encrypted files in binary or ASCII format.

Use Security Center to upload and download the PGP keys. The "BI Publisher Public Key" file is verifying the signature on signed files. If you configure a delivery channel to send signed documents, download the "BI Publisher Public Key" file (either in binary or ASCII format), and import the keys in the destination PGP system used to verify signature and decrypt the files delivered by Publisher.

Manage PGP Keys

You can upload and delete your PGP keys.

  1. From the Administration page, under Security Center, select PGP Keys.
  2. To upload PGP keys to keystore, click Choose File, select the PGP key file, and then click Upload.
  3. To delete the PGP keys you uploaded, in the PGP Keys table, click the delete icon corresponding to the PGP keys.
  4. To download the PGP public keys for signature verification, click the download icon corresponding to the public key file.

Encrypt PDF Documents

You can encrypt PDF documents to prevent unauthorized access to the file content.

The security level you set in the Encryption level PDF output property specifies the encryption algorithm used for the PDF document encryption. Define encryption for PDF documents at the server level or at the report level. See PDF Output Properties.

Publisher supports AES-256 encryption for:

  • PDF documents generated from RTF and XPT templates using the FOProcessor or PDFGenerator utilities.
  • PDF documents generated from PDF templates (PDF forms) using the FormProcessor utility. Publisher doesn’t support encrypted form input.
  • PDF documents without password protection that are printed using either PDF to PostScript or PDF to PCL print filter. You can’t send an encrypted PDF document to a CUPS printer or an IPP printer without a filter.

Publisher uses the AES implementation of JCE (Java Cryptography Extension) for encrypting and decrypting documents. If you want to use the AES 256-bit encryption for PDF documents, you need the JCE Unlimited Strength Jurisdiction Policy installed on the JVM that runs the container that has the Publisher installation, but this policy isn't required for the AES 128-bit encryption.

Publisher doesn't support encrypted input.

PDF Document Encryption Algorithms

Publisher uses an encryption algorithm based on the PDF document security setting.

Security Level Encryption Scheme PDF Version Acrobat Version
Low RC4 (40bit) 1.1 3.0
Medium RC4 (128bit) 1.4 5.0
High AES (128bit) 1.5 7.0
Highest AES (256bit) 1.7 (extension level 5) X