After developing your metadata repository, you need to set up your data access security architecture.
Data access security accomplishes the following goals:
Protects business data from unauthorized access.
Protects your repository metadata such as measure definitions.
Prevents individual users from damaging overall system performance.
You can implement and enforce row-level data security in both the repository and in the database. Object permissions and query limits are set up in the repository and are enforced only by the Oracle BI Server.
If you choose to implement row-level security in the database, you should also implement object permissions and query limits in the repository. Although it is possible to provide database-level object restrictions on individual tables or columns, objects to which users do not have access are still visible in all clients, even though queries against them will fail. It is better to set up object permissions in the repository, so that objects to which users do not have access are hidden in all clients.
Because a variety of clients can connect to the Oracle BI Server, you cannot implement or enforce data security in Oracle BI Presentation Services. You can use the Oracle BI Presentation Services set of security controls that enable setting up privileges to access functionality in the Oracle Business Intelligence user interface, as well as dashboards and analyses objects. If you only implement security controls in Oracle BI Server, the repository and database are exposed to SQL injection hacker attacks and other security vulnerabilities. You must provide object-level security in the repository to create rules that apply to all incoming clients.
See Security Guide for Oracle Business Intelligence Enterprise Edition to review the security controls available in Oracle BI Server.
The table lists the location of security task information for Oracle Business Intelligence.
| Task | Location |
|---|---|
|
Setting up user authentication with the default authentication provider or an alternative authentication provider |
Managing Security Using the Default Security Configuration in Security Guide for Oracle Business Intelligence Enterprise Edition |
|
Creating and managing users and groups in the default authentication provider |
Managing Users and Groups in the Embedded WebLogic LDAP Server in Security Guide for Oracle Business Intelligence Enterprise Edition |
|
Creating application roles and managing policies in the default policy store |
Managing the Policy Store in Securing Applications with Oracle Platform Security Services |
|
Viewing and understanding the default Oracle Business Intelligence permissions used with application roles in the policy store |
Default Permissions in Security Guide for Oracle Business Intelligence Enterprise Edition |
|
Applying data access security in offline mode and setting up placeholder application roles |
|
|
Setting up row-level data security |
|
|
Setting repository object permissions |
|
|
Setting query limits (governors) |
|
|
Setting up single sign-on (SSO) |
Enabling SSO Authentication in Security Guide for Oracle Business Intelligence Enterprise Edition |
|
Enabling SSL communication |
SSO Configuration in Oracle Business Intelligence in Security Guide for Oracle Business Intelligence Enterprise Edition |
|
Managing custom authenticators |
Authenticating by Using a Custom Authenticator Plug-In in Security Guide for Oracle Business Intelligence Enterprise Edition |