When to Allow Direct Database Requests by Default

The property, Allow direct database requests by default, lets all users execute physical queries.

If configured incorrectly, it can expose sensitive data to an unintended audience.

Use the following recommended guidelines when setting this database property:

  • The Oracle BI Server should be configured to accept connection requests only from a computer on which the Oracle BI Server, Oracle BI Presentation Services, or Oracle BI Scheduler are running. This restriction should be established at the TCP/IP level using the Oracle BI Server IP address. This allows only a TCP/IP connection from the IP address of Oracle BI Server.

  • To prevent users from running nqcmd, a utility that executes SQL scripts, by logging in remotely to this computer, you should disallow access by the following to the computer on which you installed Oracle BI Presentation Services:

    • TELNET

    • Remote shells

    • Remote desktops

    • Teleconferencing software such as Windows NetMeeting

    If necessary, you might want to make an exception for users with administrator permissions.

  • Only users with administrator permissions should be allowed to perform the following tasks:

    • TELNET into the Oracle BI Server and Oracle BI Presentation Services computers to perform tasks such as running nqcmd for cache seeding.

    • Access the advanced SQL page of Answers to create requests.

  • Set up group/user-based permissions on Oracle BI Presentation Services to control access to editing, preconfigured to allow access by Oracle BI Presentation Services administrators, and executing, preconfigured to not allow access by anyone, direct database requests.