1. Deploy and configure Oracle Essbase to use a DB system in the cloud
  2. Prepare for Your Deployment as an Oracle Cloud Infrastructure Administrator

Prepare for Your Deployment as an Oracle Cloud Infrastructure Administrator

Here are a few pre-deployment tasks that you must complete as an Oracle Cloud Infrastructure administrator. Once you complete the tasks, pass on the required details to the Essbase Administrator.

Create User and Group in Identity Cloud Service

For the members of a group in Oracle Identity Cloud Service to have permissions in Oracle Cloud Infrastructure, you must map the Oracle Identity Cloud Service group to a group in Identity Access Management.
  1. Sign in as Oracle Cloud Infrastructure administrator. In the Oracle Identity Cloud Service console, create an Essbase group by expanding the Navigation Drawer, going to Groups, and then clicking Add. This is the Identity Cloud Service group that you'll associate with an Oracle Cloud Infrastructure group.
  2. Create an Essbase user by expanding the Navigation Drawer, going to Users, and then clicking Add. This user will deploy Essbase on the Oracle Cloud Infrastructure.
  3. Now click Groups and associate this Essbase user to the Essbase group that you created.

Set Up Compartment

You use compartments to organize and isolate your resources to make it easier to manage and secure access to them. Compartments are logical, not physical, so related resource components can be placed in different compartments.

Sign in as an Oracle Cloud Infrastructure administrator and set up a compartment:

  1. Create a sandbox compartment and make a note of the compartment OCID. Oracle recommends setting up a sandbox compartment so you can give users a dedicated space to try out features. In the sandbox compartment you can grant users permissions to create and manage resources, while maintaining stricter permissions on the resources in your tenancy (root) compartment.
    Your compartment structure should look like this: 
    root
 - <Essbase> compartment that you create. Roles and policies are defined at this level.
   - <child component> this is where all the stack components are deployed.
  2. Create an Oracle Cloud Infrastructure group for your compartment, for example, Essbase_Admin. Later this group will be mapped with the Identity Cloud Service group.
  3. Create a policy for each administrators group. For example, 
    Allow group Essbase_Admin to manage all-resources in compartment
  4. Map your Oracle Cloud Infrastructure group with your Identity Cloud Service group.
    1. Open the navigation menu. Under Governance and Administration, go to Identity and click Federation.
    2. Go to your Oracle Identity Cloud Service instance, and under Resources, click Group Mappings.
    3. Under Group Mappings, click Add Mappings.
    4. Select your Oracle Cloud Infrastructure group to map with Identity Cloud Service group and click Add Mappings.
  5. Create a dynamic group and associate it with policies.
    1. Open the navigation menu. Under Governance and Administration, go to Identity and click Dynamic Groups.
    2. Click Create Dynamic Group and enter a unique name for the dynamic group. You must provide a unique, unchangeable name for the dynamic group as Oracle assigns a unique Oracle Cloud ID (OCID).
    3. Use the Rule Builder and make a rule with attribute: Match instances in CompartmentID and Value is the OCID noted for the compartment. 
      All {instance.compartment.id=Compartment OCID value}
  6. Create a policy to specify who can access which Oracle Cloud Infrastructure resources that your company has, and how.
    1. Open the navigation menu. Under Governance and Administration, go to Identity and select Policies.
    2. Select your compartment and then click Create Policy.
    3. Add policy statements for your instance in the compartment as shown.
      Allow dynamic-group dynamic_group_name to manage all-resources in compartment compartment_name
Remember that this solution is about deploying all of your stack components in a single compartment.

Modify the Confidential Identity Application

After deploying the Oracle Essbase stack from Oracle Cloud Marketplace, update your confidential application in OCI Identity and Access Management (IAM) with the correct Oracle Essbase URLs.

  1. Log in to the Oracle Cloud Infrastructure Console. Select Identity & Security.
  2. Click Domains, and click the name of the identity domain that is reserved for the Essbase stack.
  3. Click Integrated applications within that domain.
  4. Locate and select your confidential application.
  5. In the Client Configuration, update the Essbase Redirect URL to reflect the actual Essbase URL.
    https://192.0.2.1/essbase/redirect_uri
    Note that if you deployed a load balancer, then the IP in the Oracle Essbase URL will be for the load balancer.
  6. Update the Essbase Post Logout Redirect URL to reflect the Oracle Essbase URL. For example:
    https://192.0.2.1/essbase/jet/logout.html

    If you deployed a load balancer, then include port 443 in the post logout redirect:

    https://192.0.2.1:443/essbase/jet/logout.html
  7. Save the updated confidential application.