An Example Security Setup of Users, Groups, and Application Roles

This example uses a small set of users, groups, and application roles to illustrate how you might set up a security model. In this example, you want to implement the following:

  • Three users named User1, User2, and User3, who need to view business intelligence reports.
  • Two users named User4 and User5, who need to create business intelligence reports.
  • Two users named User6 and User7, who administer Oracle Business Intelligence.

The diagram shows the users, groups, and application roles that you would deploy to implement this example security model.


Description of GUID-4613974B-199C-40DB-A29E-01FACBC2B625-default.png follows
Description of the illustration GUID-4613974B-199C-40DB-A29E-01FACBC2B625-default.png

The diagram shows the following:

  • The group named BIConsumers contains User1, User2, and User3. Users in the group BIConsumers are assigned to the application role named BIConsumer, which enables the users to view reports.
  • The group named BIContentAuthors contains User4 and User5. Users in the group BIContentAuthors are assigned to the application role named BIContentAuthor, which enables the users to create reports.
  • The group named BIServiceAdministrators contains User6 and User7. Users in the group BIServiceAdministrators are assigned to the application role named BIServiceAdministrator, which enables the users to manage repositories.

To implement this example security model:

  1. Create seven users named User1 to User 7, as described in Creating a New User in the Embedded WebLogic LDAP Server.
  2. Create the groups BIConsumers and BIContentAuthors and BIServiceAdministrators as described in Creating a New Group in the Embedded WebLogic LDAP Server.
  3. Assign the users to the default groups, as follows:
    • Assign User1, User2, and User3 to the group named BIConsumers.
    • Assign User4 and User5 to the group named BIContentAuthors.
    • Assign User6 and User7 to the group named BIServiceAdministrators.

    For more information, see Assigning a User to a Group in the Embedded WebLogic LDAP Server.

  4. Assign the groups to the sample application roles as follows:
    • Make the BIConsumers group a member of the BIConsumer application role.
    • Make the BIContentAuthors group a member of the BIContentAuthor application role.
    • Make the BIServiceAdministrators group a member of the BIServiceAdministrator application role.

    For more information, see Assigning a Group to an Application Role.