This preface describes changes in securing Oracle Business Intelligence Enterprise Edition 12c (12.2.1).
If you are upgrading to Oracle BI EE from a previous release, read the following information carefully, because there are significant differences in features, tools, and procedures. For more information about upgrading to Oracle BI EE 12c, see Oracle Fusion Middleware Upgrade Guide for Oracle Business Intelligence Enterprise Edition.
This preface contains the following topics:
New security features in Oracle BI EE 12c (12.2.1) include:
To simplify administration and configuration in this release Oracle Business Intelligence no longer requires a real user called BISystemUser (or equivalent) for internal communication. The system user concept is now deemed "virtual" and is represented by the credential oracle.bi.system/system.user, for which the values are securely randomly generated by the Configuration Assistant. Oracle BI components continue to use this credential for internal communication, backed by Oracle BI Security. The application role BISystem is also no longer present in the Policy Store, and will be removed from any upgraded 11g environment.
In this release user GUIDs have been removed to make administration easier. There is no longer any need to refresh GUIDs as part of lifecycle operations. GUIDs are replaced with user names. Users now authenticate by user ID, which means that a user authenticating with a particular user ID is granted access permissions associated with their user ID. Therefore, a user leaving the system must have their user ID completely removed. Your administrator is now responsible for ensuring that users leaving the system are totally removed from Oracle Business Intelligence.
For more information, see Section 2.9, "Deleting a User".
In this release the Security Store (Policy and Credential Stores) is configured in a relational database rather than in a file. The database is the same as used by RCU. This change makes scaling easier, and makes clusters more reliable.
For more information, see Oracle Fusion Middleware Installation Guide for Oracle Business Intelligence.
In this release configuring SSL end to end is now less complex and uses offline commands.
The key differences in SSL support in this release (from 11g) are as follows:
SSL uses the WebLogic trust store
No additional BI-specific trust configuration is required.
There is no need to use Fusion Middleware Control UI to configure processes.
Diagnostics for WebLogic certificate issues
Higher security - TLSv1.2 only
Configuration is central and not intermingled with user configuration.
Supports advanced options with no risk of settings being overwritten.
For more information about SSL, see Chapter 5, "Configuring SSL in Oracle Business Intelligence".
In this release a new process enables you to migrate Catalog groups to application roles.
For more information, see Section D.2.2.1, "Migrating Catalog Groups to Application Roles".