1. Managing Metadata Repositories for Oracle Analytics Server
  2. Build Your Metadata Repository
  3. Apply Data Access Security to Repository Objects
  4. About Data Access Security

About Data Access Security

After developing your metadata repository, you need to set up your data access security architecture.

Data access security accomplishes the following goals:

  • Protects business data from unauthorized access.

  • Protects your repository metadata such as measure definitions.

  • Prevents individual users from damaging overall system performance.

You can implement and enforce row-level data security in both the repository and in the database. Object permissions and query limits are set up in the repository and are enforced only by the Oracle BI Server.

If you choose to implement row-level security in the database, you should also implement object permissions and query limits in the repository. Database-level object restrictions on individual tables or columns, and other objects don't prevent users without access from seeing these repository objects. However, queries against those tables, columns, and other objects fail. You should set up object permissions in the repository to hide these objects from all clients.

Because a variety of clients can connect to the Oracle BI Server, you can't implement or enforce data security in Oracle BI Presentation Services. You can use the Oracle BI Presentation Services set of security controls that enable setting up privileges to access functionality in the Oracle Analytics Server user interface, as well as dashboards and analyses objects. If you only implement security controls in Oracle BI Server, the repository and database are exposed to SQL injection hacker attacks and other security vulnerabilities. You must provide object-level security in the repository to create rules that apply to all incoming clients.

Where to Find Information About Security Tasks

The table lists the location of security task information for Oracle Analytics Server.

Task Location

Setting up user authentication with the default authentication provider or an alternative authentication provider

Manage Security Using the Default Security Configuration in Security Guide for Oracle Business Intelligence Enterprise Edition

Creating and managing users and groups in the default authentication provider

Manage Users and Groups in the Embedded WebLogic LDAP Server in Managing Security for Oracle Analytics Server

Creating application roles and managing policies in the default policy store

Managing the Policy Store in Securing Applications with Oracle Platform Security Services

Viewing and understanding the default permissions used with application roles in the policy store

Default Permissions in Security Guide for Oracle Business Intelligence Enterprise Edition

Applying data access security in offline mode and setting up placeholder application roles

About Applying Data Access Security in Offline Mode

Setting up row-level data security

Set Up Row-Level Security

Setting repository object permissions

Set Up Object Permissions

Setting query limits (governors)

Set Query Limits

Setting up single sign-on (SSO)

Enable SSO Authentication in Managing Security for Oracle Analytics ServerSecurity Guide for Oracle Business Intelligence Enterprise Edition

Enabling SSL communication

SSO Configuration in Oracle Business Intelligence in Managing Security for Oracle Analytics Server

Managing custom authenticators

Authenticate by Using a Custom Authenticator Plug-In in Security Guide for Oracle Business Intelligence Enterprise Edition