Create Roles and Policies with Oracle Fusion Middleware Control
Note:
This section is applicable only when you manually upload the RPD file and Catalog. For more details, refer to Configure Oracle Analytics Server Repository and Web Catalog Manually..
- To create new application roles:
-
- Login to Oracle Fusion Middleware Control Enterprise Manager.
-
Go to WebLogic Domain > Security > Application Roles.
The Application Roles dialog box appears.
-
From the Application Stripe drop-down list, select OBI, and click Search .
The default role available in clean slate installation appears.
-
Click Create.
The Create Application Role dialog box appears.
- In the Role Name field, enter AIAdminRole.
-
From the Members section, click +Add.
The Add Principal dialog box appears.
-
From the Type drop-down list, select Group, and click Search.
A list of principals appears.
- From the list of Searched Principals, select AIAdminGroup, and click OK.
-
From the Members section, click +Add.
The Add Principal dialog box appears.
-
From the Type drop-down list, select Application Role, and click Search.
A list of principals appears.
-
From the list of Searched Principals, select BIServiceAdministrator , and click OK.
The Membership for AIAdminRole appears.
- Repeat from Step 4 to Step 11 to create other Roles and
add Member to these roles as listed in the table below.
Role Application Roles AI Admin Role
AI Admin Group
--
Weblogic
AI Author Role
AI Author Group
--
AI Admin Group
AI Consumer Role
AI Consumer Group
--
AI Author Group
--
AI Admin Group
Note:
For more details, refer Oracle Analytics Managing Security for Oracle Analytics Server guide, section Manage Application Roles.
- To create new application policy:
-
- Login to Oracle Fusion Middleware Control Enterprise Manager.
-
Go to WebLogic Domain > Security > Application Policies.
The Application Policies screen appears.
-
To create a new application policy, click Create.
The Create Application Grant dialog box appears.
-
From the Grantee section, click +Add
The Add Principal dialog box appears.
- From the Type drop-down list, select Application Role, and click Search.
- From the Type drop-down list, select Application Role, and click Search.
- From the list of Searched Principals, select AIAdminRole, and click OK.
-
From the Permissions section, click +Add
The Add Permission dialog box appears.
- Select the Resource Types radio button.
- From the Resource Type drop-down list, select oracle.bi.publisher.permission, and click Search.
-
From the Search Results, select oracle.bi.publisher.permission (Oracle Analytics Publisher Administer Server), and click Continue.
The Add Permission dialog box appears.
- For Permission Actions, select All (_all_), and click Select.
- Repeat from Step 4 to Step 11, to add the following:
Policy Name/Principal Resource Type Resource Name Permission Actions AI Admin Role
oracle.bi.catalog
*
manage
--
oracle.bi.server.permission
oracle.bi.server.manageRepositories
_all_
--
oracle.bi.presentation.catalogmanager.permission
oracle.bi.presentation.catalogmanger.manageCatalog
_all_
--
oracle.bi.delivers.job
oracle.bi.delivers.job
manage
--
oracle.bi.publisher.permission
oracle.bi.publisher.administerServer
_all_
--
oracle.bi.repository
oracle.bi.repository
manage
--
oracle.bi.scheduler.permission
oracle.bi.scheduler.manageJobs
_all_
--
oracle.bi.publisher.permission
oracle.bi.publisher.developReport
_all_
--
oracle.bi.publisher.permission
oracle.bi.publisher.developDataModel
_all_
AI Author Role
oracle.bi.publisher.permission
oracle.bi.publisher.developReport
_all_
--
oracle.bi.publisher.permission
oracle.bi.publisher.developDataModel
_all_
--
oracle.bi.tech.visualanalyzer.permission
oracle.bi.tech.visualanalyzer.generalAccess
*
--
oracle.bi.delivers.job
*
schedule
AI Consumer Role
oracle.bi.publisher.permission
oracle.bi.publisher.scheduleReport
_all_
--
oracle.bi.publisher.permission
oracle.bi.publisher.runReportOnline
_all_
--
oracle.bi.publisher.permission
oracle.bi.publisher.accessReportOutput
_all_
--
oracle.bi.publisher.permission
oracle.bi.publisher.accessOnlineReportAnalyzer
_all_
--
ESSMetadataPermission
oracle.bip.ess.JobDefinition.EssBipJob
READ,EXECUTE
--
oracle.bi.publisher.permission
oracle.bi.publisher.accessExcelReportAnalyzer
_all_
Parent topic: Create Users and Groups in Oracle Analytics Server