1. Managing Security for Oracle Analytics Server
  2. Set Up Security With Users, Groups, and Application Roles
  3. Manage Users and Groups in the Embedded WebLogic LDAP Server

Manage Users and Groups in the Embedded WebLogic LDAP Server

This section explains how to manage users and groups in the Embedded WebLogic LDAP Server.

Topics:

Use the Oracle WebLogic Server Administration Console

You use Oracle WebLogic Server Administration Console to manage the WebLogic LDAP Server that enables you to authenticate users and groups.

Oracle WebLogic Server is automatically installed and serves as the default administration server. The Oracle WebLogic Server Administration Console is browser-based and is used, among other things, to manage the embedded directory server.

When you configure Oracle Analytics Server, the initial security configuration uses the embedded WebLogic LDAP directory, the default authenticator, as the Identity Store. The Oracle Analytics Server installation adds specific BI users and groups into the LDAP directory. The installation does not add default BI groups into the LDAP directory. If your application expects LDAP groups such as the BIConsumers, BIContentAuthors, and BIServiceAdministrators to exist in the Identity Store, you need to add these groups manually or configure the domain to use a different Identity Store, where these groups are already provisioned after the initial configuration has finished.

You can launch the Oracle WebLogic Server Administration Console by entering its URL into a web browser. The default URL takes the following form: http://hostname:port_number/console. The port number is the same port number as used for the Administration server. The default port number is 9500. See Oracle WebLogic Server Administration Console Online Help.

The user name and password were supplied during the installation of Oracle Analytics Server. If these values have since been changed, then use the current administrative user name and password combination.

If you use an alternative authentication provider such as Oracle Internet Directory instead of the default the WebLogic LDAP Server, then you must use the alternative authentication provider administration application, for example, an administration console to manage users and groups.

  1. Display the Oracle WebLogic Server login page by entering its URL into a web browser.

    For example, http://hostname:9500/console.

  2. Log in using the Oracle Analytics Server administrative user and password credentials.

Create a New User in the Embedded WebLogic LDAP Server

You typically create a separate user for each business user in your Oracle Analytics Server environment.

For example, you might plan to deploy 30 report consumers, 3 report authors, and 1 administrator. In this case, you would use Oracle WebLogic Server Administration Console to create 34 users, which you would then assign to appropriate groups.

All users who are able to log in are given a basic level of operational permissions conferred by the built-in Authenticated User application role. The author of the application that is imported into your instance might have designed the security policy so that all authenticated users are members of an application role that grants privileges in the application.

DefaultAuthenticator is the name for the default authentication provider.

  1. Log in to the Oracle WebLogic Server Administration Console.
  2. In Oracle WebLogic Server Administration Console, select Security Realms from the left pane, and then click the realm you are configuring, for example, myrealm.
  3. Select Users and Groups tab, then Users. Click New.
  4. In Create a New User, in Name, type the name of the user.
  5. Optional: In Description, provide additional information about the user.
  6. From the Provider list, select the authentication provider that corresponds to the identity store where the user information is contained.
  7. In Password, type a password for the user that is at least 8 characters long.
  8. In Confirm Password, retype the user password.
  9. Click OK.

Create a New Group in the Embedded WebLogic LDAP Server

You can create a separate group for each functional type of business user in your Oracle Analytics Server environment.

A typical deployment might require three groups: BIConsumers, BIContentAuthors, and BIServiceAdministrators. You could create groups with those names and configure the group to use with Oracle Analytics Server, or you might create your own custom groups.

DefaultAuthenticator is the default authentication provider.

  1. Launch Oracle WebLogic Server Administration Console.
  2. In Oracle WebLogic Server Administration Console, select Security Realms from the left pane and click the realm you are configuring. For example, myrealm.
  3. Click the Users and Groups tab, and then click Groups.
  4. Click New.
  5. In Create a New Group, in the Name field, type a group names that is unique.
  6. Optional: In the Description field, type a brief note about the composition of the group.
  7. From the Provider list, select the authentication provider that corresponds to the identity store where the group information is contained.
  8. Click OK

Assign a User to a Group in the Embedded WebLogic LDAP Server

You typically assign each user to an appropriate group.

For example, a typical deployment might require user IDs created for report consumers to be assigned to a group named BIConsumers. In this case, you could either assign the users to the default group named BIConsumers, or you could assign the users to your own custom group that you have created.

  1. Launch Oracle WebLogic Server Administration Console.
  2. In Oracle WebLogic Server Administration Console, select Security Realms from the left pane and click the realm you are configuring, for example, myrealm.
  3. Select Users and Groups tab, then Users.
  4. In the Users table select the user you want to add to a group.
  5. Select the Groups tab.
  6. Select a group or groups from the Available list.
  7. Click Save.

Delete a User

When a user is no longer required you must completely remove their user ID from the system to prevent an identical, newly-created user from inheriting the old user's access permissions. This situation can occur because authentication and access permissions are associated with user ID.

You delete a user by removing the user from the policy store, the Oracle Analytics Server Presentation Catalog, the semantic model, and the identity store. If you've assigned the user to any application roles, you must update the application roles to remove all references to that user.

If you're using an identity store other than Oracle WebLogic Server LDAP, follow the appropriate instructions for your identity store.

  1. Delete the user from the policy store.
  2. Delete the user from the Presentation Catalog and the semantic model using the deleteusers command.
  3. Log in to the Oracle WebLogic Server Administration Console.
  4. Select Security Realms, and select the realm containing the user, for example, myrealm.
  5. Click Users and Groups tab, then click Users.
  6. Select a user, click Delete.
  7. In Delete Users, click Yes.
  8. Click OK.

Change a User Password in the Embedded WebLogic LDAP Server

You can change a user's password.

If you change the password of the system user, you also need to change it in the credential store.

  1. In Oracle WebLogic Server Administration Console, select Security Realms, and click the realm you're configuring, for example, myrealm.
  2. Select the Users and Groups tab, and then click Users.
  3. In the Users table, select the user receiving the changed password.
  4. In the user's Settings page, select the Passwords tab.
  5. Type the password in the New Password and Confirm Password fields.
  6. Click Save.