1. System Administrator's Guide
  2. Setting Up Security for Oracle Business Intelligence Publisher

12 Setting Up Security for Oracle Business Intelligence Publisher

This chapter contains the following topics:

Overview

Oracle Life Sciences Data Hub Definers can create Oracle LSH Programs of the BI Publisher adapter type to create reports for Oracle LSH Consumers.

See Defining Programs in the Oracle Life Sciences Data Hub Application Developer's Guide for more details.

To integrate Oracle LSH with Oracle BI Publisher, you must do the following:

Parent topic: Setting Up Security for Oracle Business Intelligence Publisher

Creating and Assigning Oracle Applications Responsibilities

This section describes how create user responsibilities in E-Business Suite and how to assign application roles in Oracle LSH.

For more details, see the following topics:

Parent topic: Setting Up Security for Oracle Business Intelligence Publisher

Creating User-Specific Responsibilities in E-Business Suite

You must create an E-Business Suite responsibility for each Oracle Life Sciences Data Hub user who wants to use Oracle BI Publisher from Oracle LSH.

This is required for database access to Oracle LSH users from BI Publisher.

Note:

Such Oracle LSH users (Definers as well as Consumers) must also have a corresponding database account. See Creating Database Accounts for instructions on creating one.

To create the E-Business Suite responsibility, do the following:

Note:

For complete information, see the Oracle® E-Business Suite System Administrator's Guide - Security at http://download.oracle.com/docs/cd/B53825_08/current/acrobat/121sasg.pdf.
  1. Go to your Oracle LSH URL.
  2. Log in as sysadmin.
  3. Select System Administrator (not System Administration) from the list of responsibilities in the left-hand column under Navigator. The system refreshes the page and adds a column of links on the right.
  4. Under Security: Responsibility, select Define.
  5. The Oracle Applications Forms interface starts. If prompted to accept an applet, click Grant or Grant Always.
  6. In the Responsibilities Form as shown in Figure 12-1, enter the following mandatory values:
    • Responsibility Name. Enter a name in this format: BIP_DATASRC_ROLE_LSH_application_username.
    • Application. Enter or select Oracle Life Sciences Data Hub.
    • Responsibility Key. Same as Responsibility Name but note that there is a 30 character limit for the Responsibility Key.
    • Data Group.
      • Name. Enter or select Standard.
      • Application. Enter or select Oracle Life Sciences Data Hub.
    • Menu. Enter CDR BIP Menu.

Note:

You must create the E-Business Suite Responsibilities for each Oracle LSH user who wants to create or use Oracle LSH BI Publisher Programs. Repeat the above steps for each such Oracle LSH user.

Figure 12-1 The Oracle Applications Responsibilities Form Showing a Sample Oracle BI Publisher Role Created for an Oracle LSH Definer

Description of Figure 12-1 follows
Description of "Figure 12-1 The Oracle Applications Responsibilities Form Showing a Sample Oracle BI Publisher Role Created for an Oracle LSH Definer"

Parent topic: Creating and Assigning Oracle Applications Responsibilities

Assigning Application Roles in Oracle Life Sciences Data Hub

The following application roles are available in Oracle LSH that are specific to Oracle BI Publisher:

Note:

Read the Oracle® Business Intelligence Publisher Administrator's and Developer's Guide at http://download.oracle.com/docs/cd/E12844_01/doc/bip.1013/e12188.pdf for more information on these roles.
  • XMLP Administrator. This is the administrator role for the Oracle BI Publisher server. A user with this role can create and delete reports, folders, data sources, and roles in Oracle BI Publisher.
  • XMLP Developer. This role allows users to build reports in the system.
  • XMLP Scheduler. This role allows users to schedule reports.
  • XMLP Analyzer Excel. This role allows users to use the Excel Analyzer feature.
  • XMLP Analyzer Online. This role allows users to use the online analysis feature.
  • XMLP Template Designer. This role allows users to connect to the Oracle BI Publisher server from the Template Builder and to upload and download templates.

Besides the regular Oracle LSH application roles, you must also assign one or more of the XMLP roles and the role created specifically for Oracle BI Publisher to Oracle LSH users. See Assigning Application Roles for instructions on assigning application roles to Oracle LSH users.

Parent topic: Creating and Assigning Oracle Applications Responsibilities

Configuring Security in Oracle BI Publisher

You must perform the following tasks in Oracle BI Publisher to integrate it with Oracle LSH.

For detailed instructions, refer to the Oracle® Business Intelligence Publisher Administrator's and Developer's Guide at http://download.oracle.com/docs/cd/E12844_01/doc/bip.1013/e12188.pdf.

For your convenience, the following sections contain excerpts from Oracle BI Publisher documentation, slightly modified to include specific information related to Oracle LSH:

Parent topic: Setting Up Security for Oracle Business Intelligence Publisher

Setting Up the Security Model and Creating the Local Superuser Account in Oracle BI Publisher

Set up security in Oracle BI Publisher by setting up the security model and creating a local super user. You also need to store the super user credentials in Oracle LSH.

  1. Log in to Oracle BI Publisher Enterprise as an administrator.
  2. From the Admin tab, select Security Configuration.
  3. In the Security Model section of the page, select Oracle E-Business Suite from the list.
  4. Load the dbc file from the Oracle Life Sciences Data Hub instance. This is typically located under the $FND_SECURE directory. If you do not have access to this file, contact your Oracle LSH system administrator.
  5. Select the Enable Local Superuser check box and enter a username and password under the Local Superuser section of the Security Configuration tab. You need to store the Local Superuser credentials in a Remote Connection created specifically for BI Publisher, in Oracle LSH. See Storing the BI Publisher Local Superuser Credentials in Oracle Life Sciences Data Hub.
  6. Restart the Oracle BI Publisher server for the security changes to take effect.

Parent topic: Configuring Security in Oracle BI Publisher

Creating Data Sources and Assigning them User-specific Roles

Set up security in Oracle BI Publisher by creating data sources and assigning them user-specific roles. Then, test the connection.

  1. Log in as the Local Superuser.
  2. From the Admin page select JDBC Connection. This will display the list of existing JDBC connections.
  3. Select the Add Data Source button.
  4. Enter the following fields for the new connection:
    • Data Source Name. Enter LSH_DataSrc_LSH_application_username.
    • Driver Type. Select Oracle 9i/10g/11g.
    • Connection String. Enter the database connect string.

      For example:

      jdbc:oracle:thin@myserver.mycompany.com:port:prod

    • User Name. Enter the Oracle Life Sciences Data Hub database user credentials that correspond to the Oracle LSH application user account. See Creating Database Accounts.
    • Password. Enter the Oracle LSH database user password that corresponds to the Oracle LSH application user account.
    • Use Proxy Authentication. Do not select this check box.
  5. Click Test Connection. If the test is successful, the confirmation message, "Connection established successfully" appears. If connection error occurs, the message "Could not establish connection," appears.
  6. Define security for this data source. Use the shuttle buttons to move the corresponding BIP_DataSrc_Role_LSH_application_username role from the Available Roles list to the Allowed Roles list.

    Note:

    See Creating User-Specific Responsibilities in E-Business Suite for instructions on creating the BIP_DataSrc_Role_ LSH_application_username role for each Oracle LSH user who needs access to Oracle BI Publisher. You must replace LSH_application_username with the actual Oracle LSH application user's username.

Repeat the above steps for each Oracle LSH user who needs to create or use Oracle LSH BI Publisher Programs.

Parent topic: Configuring Security in Oracle BI Publisher

Creating the SYSTEM Folder

Create a Shared Folder named SYSTEM in Oracle BI Publisher. Oracle Life Sciences Data Hub uses this folder to execute Oracle LSH BI Publisher Programs.

Only a user with XMLP_ADMIN privileges can see this folder.

Note:

Folder names are case sensitive in Oracle BI Publisher. Make sure the name of the folder is SYSTEM, in all capital letters.

Parent topic: Configuring Security in Oracle BI Publisher

Storing the BI Publisher Local Superuser Credentials in Oracle Life Sciences Data Hub

You must store the Oracle BI Publisher Local Superuser account details in an Oracle LSH Remote Connection.

See Registering Locations and Connections for details on Oracle LSH Remote Connections.

This section contains the following topics:

Parent topic: Setting Up Security for Oracle Business Intelligence Publisher

Creating the Oracle BI Publisher Remote Location in Oracle Life Sciences Data Hub

To store super user credentials you created in Oracle BI, you must create the Remote Location in Oracle LSH.

  1. Click the Remote Location subtab under the Administration tab. The Maintain Remote Locations screen opens.
  2. Click Add Remote Location. The Create Remote Location screen appears.
  3. Enter values in the following fields:

    Note:

    Enter the values exactly as specified below, else the Oracle LSH BI Publisher Program will not run.
    • Name. Enter BIPLOCATION.
    • DBLINK Prefix. Enter Dummy.
    • Connect String. Enter Dummy.
    • Adapter. Select BI Publisher.
  4. Click Apply to save your work. The system opens the main screen for the new Remote Location.

Parent topic: Storing the BI Publisher Local Superuser Credentials in Oracle Life Sciences Data Hub

Creating the Oracle BI Publisher Remote Connection in Oracle Life Sciences Data Hub

To store super user credentials you created in Oracle BI, you must create the Remote Connection in Oracle LSH (to store the super user credentials in the Remote Location in Oracle LSH).

  1. In the main screen for the Remote Location BIPLocation. The Connection Maintenance screen opens.
  2. Click Create Connection. The Create Connection screen appears.
  3. Enter values in the following fields:

    Note:

    Enter the values exactly as specified below, else the Oracle LSH BI Publisher Program will not run.
    • Name. Enter BIPConnection.
    • Description. Enter the details of the Oracle LSH database server in this field in the following format:

      jdbc:oracle:thin:@server:port:SID

      For example: jdbc:oracle:thin:@srv123.example.com:1234:srv456

      Oracle BI Publisher needs these details to connect back to Oracle LSH.

    • User Name. Enter the Oracle BI Publisher Local Superuser account's username.
    • Password. Enter the Oracle BI Publisher Local Superuser account's password.
    • Connection Type. Select Shared.
    • Remote Location. The system populates the field with the name of the Remote Location.
  4. Click Apply to save your work. The system displays the main screen for the new Connection.

Parent topic: Storing the BI Publisher Local Superuser Credentials in Oracle Life Sciences Data Hub

The LSH: BIP Endpoint Profile

Oracle Life Sciences Data Hub automatically creates a profile in Oracle Applications, and stores an Oracle BI Publisher webservices namespace value in it.

See Oracle LSH: BIP Endpoint for details. Do not edit this profile because the system uses it to interact with Oracle BI Publisher.

Parent topic: Storing the BI Publisher Local Superuser Credentials in Oracle Life Sciences Data Hub