Working with Users, Groups, and Application Roles
When you configure Oracle Business Intelligence with the Sample Application that is made available with the BI installation, a number of application roles are provided for you to use in order to provision users and groups that enable you to use BI functionality and access BI folders, reports, data columns and other objects.
For example, following a new installation of Oracle Business Intelligence, if you have selected to populate your initial service instance using the Sample Application, the user specified for creating the BI domain during the configuration step is assigned to the BIServiceAdministrator application role. In addition, the Sample Application provides the BIContentAuthor and BIConsumer application roles, these application roles are preconfigured to work together. For example, a user who is a member of the BIServiceAdministrator application role automatically inherits the BIContentAuthor and BIConsumer application roles and is therefore provisioned with all the privileges and permissions associated with all of these application roles. For a detailed description of this security configuration, refer to Understanding the Default Security Configuration.
The Sample Application roles have appropriate permissions and privileges to enable them to work with the sample Oracle BI Presentation Catalog, BI Repository, and Policy Store. For example, the application role BIContentAuthor is preconfigured with permissions and privileges that are required to create dashboards, reports, actions, and so on.
The screen below shows application roles, groups and users that are preconfigured in the sample and starter applications installation.
When you initially configure your BI domain, a service instance is created based on one of the BI application archive (BAR) files that are included with the BI installation. Each BI application contains an application role that is tagged as the administration application role. The name of this administration application role is determined by the developer or author of the BI application archive. In the case of the sample, starter and empty applications available with the BI installation this administration application role is called BIServiceAdministrator. The authors of these applications have assigned specific permission sets and privileges to this application role to enable members of this application role to administer the system. When the BI service instance is created the BI system administrator specifies an owner (a user) for the service instance. The system will assign the administration application role to the service instance owner whenever a BI archive file is imported into the service instance.
Note:
When importing an 11g upgrade bundle into a 12c service instance, the system automatically tags the BIAdministrator application role as the administration application role.
For more information, see Installing and Configuring Oracle Business Intelligence and importServiceInstance in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition.
You can use the sample application roles to deploy security. You can then create your own groups and application roles to meet your business needs. For example:
- If you want to enable an employee called Fred to create dashboards and reports, you might create a new user called Fred and assign Fred to the default BIContentAuthors group.
- If you want user Fred to be a Sales dashboard author, you might create an application role called Sales_ Dashboard_ Author that has permissions to see Sales subject areas in the repository and edit Sales dashboards.
- If you want to enable user Fred to perform BIContentAuthors and Sales_Dashboard_Author duties, you might create a new application role called BIManager, which has both BIContentAuthors privileges and Sales_Dashboard_Author privileges.
For detailed information about the sample application roles, see Understanding the Default Security Configuration.