After developing your metadata repository, you need to set up your data security architecture to control access to source data.
Data access security accomplishes the following goals:
To protect business data queried from databases
To protect your repository metadata such as measure definitions
To prevent individual users from hurting overall system performance
Oracle Business Intelligence supports three types of data security: row-level security, object permissions, and query limits (governors). Object permissions and query limits are set up in the repository and are enforced only by the Oracle BI Server. Row-level data security, however, can be implemented and enforced in both the repository, and in the database.
If you choose to implement row-level security in the database, you should still set up object permissions and query limits in the repository. Although it is possible to provide database-level object restrictions on individual tables or columns, objects to which users do not have access are still visible in all clients, even though queries against them will fail. It is better to set up object permissions in the repository, so that objects to which users do not have access are hidden in all clients.
Because a variety of clients can connect to the Oracle BI Server, you cannot implement or enforce data security in Oracle BI Presentation Services. Oracle BI Presentation Services provides an extensive set of security controls that let you set up privileges to access functionality in the Oracle Business Intelligence user interface, as well as dashboards and analyses objects. However, Oracle BI Server does not provide data access security. If you only implement security controls in Oracle BI Server, you will be exposed to SQL injection hacker attacks and other security vulnerabilities. You must provide object-level security in the repository to create rules that apply to all incoming clients.
See Security Guide for Oracle Business Intelligence Enterprise Edition for more information about the security controls available in Oracle BI Server.
The table lists the location of security task information for Oracle Business Intelligence.
Task | Location |
---|---|
Setting up user authentication with the default authentication provider or an alternative authentication provider |
Managing Security Using the Default Security Configuration in Security Guide for Oracle Business Intelligence Enterprise Edition |
Creating and managing users and groups in the default authentication provider |
Managing Users and Groups in the Embedded WebLogic LDAP Server in Security Guide for Oracle Business Intelligence Enterprise Edition |
Creating application roles and managing policies in the default policy store |
Managing the Policy Store in Securing Applications with Oracle Platform Security Services |
Viewing and understanding the default Oracle Business Intelligence permissions used with application roles in the policy store |
Default Permissions in Security Guide for Oracle Business Intelligence Enterprise Edition |
Applying data access security in offline mode and setting up placeholder application roles |
|
Setting up row-level data security |
|
Setting repository object permissions |
|
Setting query limits (governors) |
|
Setting up single sign-on (SSO) |
Enabling SSO Authentication in Security Guide for Oracle Business Intelligence Enterprise Edition |
Enabling SSL communication |
SSO Configuration in Oracle Business Intelligence in Security Guide for Oracle Business Intelligence Enterprise Edition |
Managing custom authenticators |
Authenticating by Using a Custom Authenticator Plug-In in Security Guide for Oracle Business Intelligence Enterprise Edition |