12 Setting Up Security for Oracle Business Intelligence Publisher

Creating User-Specific Responsibilities in E-Business Suite

You must create an E-Business Suite responsibility for each Oracle LSH user who wants to use Oracle BI Publisher from Oracle LSH. This is required for database access to Oracle LSH users from BI Publisher.

To create the E-Business Suite responsibility, do the following:

1. Go to your Oracle LSH URL.

2. Log in as sysadmin.

3. Select System Administrator (not System Administration) from the list of responsibilities in the left-hand column under Navigator. The system refreshes the page and adds a column of links on the right.

4. Under Security: Responsibility, select Define.

5. The Oracle Applications Forms interface starts. If prompted to accept an applet, click Grant or Grant Always.

6. In the Responsibilities Form as shown in Figure 12-1, enter the following mandatory values:

   • Responsibility Name. Enter a name in this format: BIP_DATASRC_ROLE_LSH_application_username.

   • Application. Enter or select Oracle Life Sciences Data Hub.

   • Responsibility Key. Same as Responsibility Name but note that there is a 30 character limit for the Responsibility Key.

   • Data Group.

     • Name. Enter or select Standard.

     • Application. Enter or select Oracle Life Sciences Data Hub.

   • Menu. Enter CDR BIP Menu.

Figure 12-1 The Oracle Applications Responsibilities Form Showing a Sample Oracle BI Publisher Role Created for an Oracle LSH Definer

Description of ''Figure 12-1 The Oracle Applications Responsibilities Form Showing a Sample Oracle BI Publisher Role Created for an Oracle LSH Definer''

Assigning Application Roles in Oracle LSH

The following application roles are available in Oracle LSH that are specific to Oracle BI Publisher:

• XMLP Administrator. This is the administrator role for the Oracle BI Publisher server. A user with this role can create and delete reports, folders, data sources, and roles in Oracle BI Publisher.

• XMLP Developer. This role allows users to build reports in the system.

• XMLP Scheduler. This role allows users to schedule reports.

• XMLP Analyzer Excel. This role allows users to use the Excel Analyzer feature.

• XMLP Analyzer Online. This role allows users to use the online analysis feature.

• XMLP Template Designer. This role allows users to connect to the Oracle BI Publisher server from the Template Builder and to upload and download templates.

Besides the regular Oracle LSH application roles, you must also assign one or more of the XMLP roles and the role created specifically for Oracle BI Publisher to Oracle LSH users. See "Assigning Application Roles" for instructions on assigning application roles to Oracle LSH users.

Setting Up the Security Model and Creating the Local Superuser Account in Oracle BI Publisher

Do the following in Oracle BI Publisher:

1. Log in to Oracle BI Publisher Enterprise as an administrator.

2. From the Admin tab, select Security Configuration.

3. In the Security Model section of the page, select Oracle E-Business Suite from the list.

4. Load the dbc file from the Oracle LSH instance. This is typically located under the $FND_SECURE directory. If you do not have access to this file, contact your Oracle LSH system administrator.

5. Select the Enable Local Superuser check box and enter a username and password under the Local Superuser section of the Security Configuration tab. You need to store the Local Superuser credentials in a Remote Connection created specifically for BI Publisher, in Oracle LSH. See "Storing the BI Publisher Local Superuser Credentials in Oracle Life Sciences Data Hub".

6. Restart the Oracle BI Publisher server for the security changes to take effect.

Creating Data Sources and Assigning them User-specific Roles

Do the following in Oracle BI Publisher:

1. Log in as the Local Superuser.

2. From the Admin page select JDBC Connection. This will display the list of existing JDBC connections.

3. Select the Add Data Source button.

4. Enter the following fields for the new connection:

   • Data Source Name. Enter LSH_DataSrc_LSH_application_username.

   • Driver Type. Select Oracle 9i/10g/11g.

   • Connection String. Enter the database connect string.

     For example:

     jdbc:oracle:thin@myserver.mycompany.com:port:prod

   • User Name. Enter the Oracle LSH database user credentials that correspond to the Oracle LSH application user account. See "Creating Database Accounts".

   • Password. Enter the Oracle LSH database user password that corresponds to the Oracle LSH application user account.

   • Use Proxy Authentication. Do not select this check box.

5. Click Test Connection. If the test is successful, the confirmation message, "Connection established successfully" appears. If connection error occurs, the message "Could not establish connection," appears.

6. Define security for this data source. Use the shuttle buttons to move the corresponding BIP_DataSrc_Role_LSH_application_username role from the Available Roles list to the Allowed Roles list.

   Note:

   See "Creating User-Specific Responsibilities in E-Business Suite" for instructions on creating the BIP_DataSrc_Role_ LSH_application_username role for each Oracle LSH user who needs access to Oracle BI Publisher. You must replace LSH_application_username with the actual Oracle LSH application user's username.

Repeat the above steps for each Oracle LSH user who will create or use Oracle LSH BI Publisher Programs.

Creating the SYSTEM Folder

Create a Shared Folder named SYSTEM in Oracle BI Publisher. Oracle LSH uses this folder to execute Oracle LSH BI Publisher Programs. Only a user with XMLP_ADMIN privileges can see this folder.

Creating the Oracle BI Publisher Remote Location in Oracle LSH

To create the Remote Location in Oracle LSH, do the following:

1. Click the Remote Location subtab under the Administration tab. The Maintain Remote Locations screen opens.

2. Click Add Remote Location. The Create Remote Location screen appears.

3. Enter values in the following fields:

   Note:

   Enter the values exactly as specified below, else the Oracle LSH BI Publisher Program will not run.

   • Name. Enter BIPLOCATION.

   • DBLINK Prefix. Enter Dummy.

   • Connect String. Enter Dummy.

   • Adapter. Select BI Publisher.

4. Click Apply to save your work. The system opens the main screen for the new Remote Location.

Creating the Oracle BI Publisher Remote Connection in Oracle LSH

To create the Remote Connection in Oracle LSH, do the following:

1. In the main screen for the Remote Location BIPLocation. The Connection Maintenance screen opens.

2. Click Create Connection. The Create Connection screen appears.

3. Enter values in the following fields:

   Note:

   Enter the values exactly as specified below, else the Oracle LSH BI Publisher Program will not run.

   • Name. Enter BIPConnection.

   • Description. Enter the details of the Oracle LSH database server in this field in the following format:

     jdbc:oracle:thin:@server:port:SID

     For example: jdbc:oracle:thin:@srv123.example.com:1234:srv456

     Oracle BI Publisher needs these details to connect back to Oracle LSH.

   • User Name. Enter the Oracle BI Publisher Local Superuser account's username.

   • Password. Enter the Oracle BI Publisher Local Superuser account's password.

   • Connection Type. Select Shared.

   • Remote Location. The system populates the field with the name of the Remote Location.

4. Click Apply to save your work. The system displays the main screen for the new Connection.

The LSH: BIP Endpoint Profile

Oracle LSH automatically creates a profile in Oracle Applications, and stores an Oracle BI Publisher webservices namespace value in it. See "Oracle LSH: BIP Endpoint" for details. Do not edit this profile because the system uses it to interact with Oracle BI Publisher.