Managing Users and Groups in the Embedded WebLogic LDAP Server

This section explains how to manage users and groups in the Embedded WebLogic LDAP Server, and contains the following topics:

Assigning a User to a New Group, and a New Application Role

This section describes how to extend the security model by creating your own users, and assigning them to new groups, and new application roles. For example, you might want to create a user called Jim and assign Jim to a new group called BIMarketingGroup that is assigned to a new application role named BIMarketingRole.

To create a new user and assign the user to a new group and a new application role:

  1. Launch WebLogic Administration Console as described in Using Oracle WebLogic Server Administration Console.
  2. Create a new user as described in Creating a New User in the Embedded WebLogic LDAP Server.
  3. Create a new group as described in Creating a New Group in the Embedded WebLogic LDAP Server.
  4. Assign the new user to the new group as described in Assigning a User to a Group in the Embedded WebLogic LDAP Server.
  5. Create a new application role and assign it to the new group as described in Creating Application Roles.If you simply want to assign a group to an application role, follow the steps in Assigning a Group to an Application Role.
  6. Edit the Oracle BI repository and set up the privileges for the new application role as described in Setting Metadata Repository Privileges for an Application Role.
  7. Edit the Oracle BI Presentation Catalog and set up the privileges for the new user and group as described in Setting Presentation Services Privileges for Application Roles.

Creating a New User in the Embedded WebLogic LDAP Server

You typically create a separate user for each business user in your Oracle Business Intelligence environment. For example, you might plan to deploy 30 report consumers, 3 report authors, and 1 administrator. In this case, you would use Oracle WebLogic Server Administration Console to create 34 users, which you would then assign to appropriate groups.

Repeat this task for each user that you want to deploy.

Note:

About the built-in Authenticated User application role.

All users who are able to log in are given a basic level of operational permissions conferred by the built-in Authenticated User application role. . The author of the BI application that is imported into your service instance may have designed the security policy so that all authenticated users are members of an application role that grants them privileges in the BI application. For more information, see Security Configuration Using the Sample Application

To create a new user in the embedded WebLogic LDAP server:
  1. Log in to the Oracle WebLogic Server Administration Console.
  2. InOracle WebLogic Server Administration Console, select Security Realms from the left pane and click the realm you are configuring. For example, myrealm.
  3. Select Users and Groups tab, then Users. Click New.
  4. In the Create a New User page provide the following information:
    • Name: Enter the name of the user. See the online help for a list of invalid characters.
    • (Optional) Description: Enter a description.
    • Provider: Select the authentication provider from the list that corresponds to the identity store where the user information is contained. DefaultAuthenticator is the name for the default authentication provider.
    • Password: Enter a password for the user that is at least 8 characters long.
    • Confirm Password: Re-enter the user password.

      Description of GUID-95116AB0-C3C1-4526-B814-28261F3311AA-default.gif follows
      Description of the illustration GUID-95116AB0-C3C1-4526-B814-28261F3311AA-default.gif

  5. Click OK.

    The user name is added to the User table.

Creating a New Group in the Embedded WebLogic LDAP Server

You typically create a separate group for each functional type of business user in your Oracle Business Intelligence environment. For example, a typical deployment might require three groups: BIConsumers, BIContentAuthors, and BIServiceAdministrators. In this case, you could create groups named BIConsumers, BIContentAuthors, and BIServiceAdministrators that you can configure to use with Oracle Business Intelligence, or you might create your own custom groups.

Tip:

For an example security model showing a set of users, groups, and application roles, see An Example Security Setup of Users, Groups, and Application Roles.

Repeat this task for each new group that you want to deploy.

To create a new group in the embedded WebLogic LDAP server:

  1. Launch Oracle WebLogic Server Administration Console.
  2. InOracle WebLogic Server Administration Console, select Security Realms from the left pane and click the realm you are configuring. For example, myrealm.
  3. Select Users and Groups tab, then Groups. Click New
  4. In the Create a New Group page provide the following information:
    • Name: Enter the name of the group. Group names are case insensitive but must be unique. See the online help for a list of invalid characters.
    • (Optional) Description: Enter a description.
    • Provider: Select the authentication provider from the list that corresponds to the identity store where the group information is contained. DefaultAuthenticator is the name for the default authentication provider.
  5. Click OK

    The group name is added to the Group table.

Assigning a User to a Group in the Embedded WebLogic LDAP Server

You typically assign each user to an appropriate group. For example, a typical deployment might require user IDs created for report consumers to be assigned to a group named BIConsumers. In this case, you could either assign the users to the default group named BIConsumers, or you could assign the users to your own custom group that you have created.

Tip:

For an example security model showing a set of users, groups, and application roles, see An Example Security Setup of Users, Groups, and Application Roles.

Repeat this task to assign each user to an appropriate group.

To add a user to a group in the embedded WebLogic LDAP server:

  1. Launch Oracle WebLogic Server Administration Console.
  2. In Oracle WebLogic Server Administration Console, select Security Realms from the left pane and click the realm you are configuring. For example, myrealm.
  3. Select Users and Groups tab, then Users.
  4. In the Users table select the user you want to add to a group.
  5. Select the Groups tab.
  6. Select a group or groups from the Available list box.
  7. Click Save.

(Optional) Changing a User Password in the Embedded WebLogic LDAP Server

Perform this optional task if you want to change the default password for a user.

To change a user password in the embedded WebLogic LDAP server:

  1. In Oracle WebLogic Server Administration Console, selectSecurity Realms from the left pane and click the realm you are configuring. For example, myrealm.
  2. Select Users and Groups tab, then Users
  3. In the Users table select the user you want to change the password for. The user's Settings page displays.
  4. Select the Passwords tab and enter the password in the New Password and Confirm Password fields.
  5. Click Save.

    Note:

    If you change the password of the system user, you also need to change it in the credential store.