Managing Users and Groups in the Embedded WebLogic LDAP Server

This section explains how to manage users and groups in the Embedded WebLogic LDAP Server, and contains the following topics:

Assigning a User to a New Group, and a New Application Role

This section describes how to extend the security model by creating your own users, and assigning them to new groups, and new application roles. For example, you might want to create a user called Jim and assign Jim to a new group called BIMarketingGroup that is assigned to a new application role named BIMarketingRole.

See:

The process for assigning a user to a group, and an application role is as follows:

  1. Launch WebLogic Administration Console.
  2. Create a new user.
  3. Create a new group.
  4. Assign the user to the group.
  5. Create an application role and assign it to the new group.
  6. Edit the Oracle BI repository and set up the privileges for the new application role.
  7. Edit the Oracle BI Presentation Catalog and set up the privileges for the new user and group.

Creating a New User in the Embedded WebLogic LDAP Server

You typically create a separate user for each business user in your Oracle Business Intelligence environment. For example, you might plan to deploy 30 report consumers, 3 report authors, and 1 administrator. In this case, you would use Oracle WebLogic Server Administration Console to create 34 users, which you would then assign to appropriate groups.

All users who are able to log in are given a basic level of operational permissions conferred by the built-in Authenticated User application role. . The author of the BI application that is imported into your service instance may have designed the security policy so that all authenticated users are members of an application role that grants them privileges in the BI application. See Security Configuration Using the Sample Application

  1. Log in to the Oracle WebLogic Server Administration Console.
  2. InOracle WebLogic Server Administration Console, select Security Realms from the left pane and click the realm you are configuring. For example, myrealm.
  3. Select Users and Groups tab, then Users. Click New.
  4. In the Create a New User page provide the following information:
    • Name: Enter the name of the user. See the online help for a list of invalid characters.
    • (Optional) Description: Enter a description.
    • Provider: Select the authentication provider from the list that corresponds to the identity store where the user information is contained. DefaultAuthenticator is the name for the default authentication provider.
    • Password: Enter a password for the user that is at least 8 characters long.
    • Confirm Password: Re-enter the user password.
  5. Click OK.

    The user name is added to the User table.

Creating a New Group in the Embedded WebLogic LDAP Server

You typically create a separate group for each functional type of business user in your Oracle Business Intelligence environment.

A typical deployment might require three groups: BIConsumers, BIContentAuthors, and BIServiceAdministrators. You could create groups with those names and configure the group to use with Oracle Business Intelligence, or you might create your own custom groups.

See An Example Security Setup of Users, Groups, and Application Roles.

  1. Launch Oracle WebLogic Server Administration Console.
  2. InOracle WebLogic Server Administration Console, select Security Realms from the left pane and click the realm you are configuring. For example, myrealm.
  3. Click the Users and Groups tab, and then click Groups.
  4. Click New.
  5. In Create a New Group, in the Name field, type a group names that is unique.
  6. (Optional) In the Description field, type a brief note about the composition of the group.
  7. From the Provider list, select the authentication provider that corresponds to the identity store where the group information is contained.

    DefaultAuthenticator is the default authentication provider.

  8. Click OK

Assigning a User to a Group in the Embedded WebLogic LDAP Server

You typically assign each user to an appropriate group. For example, a typical deployment might require user IDs created for report consumers to be assigned to a group named BIConsumers. In this case, you could either assign the users to the default group named BIConsumers, or you could assign the users to your own custom group that you have created.

See An Example Security Setup of Users, Groups, and Application Roles and Using Oracle WebLogic Server Administration Console.

  1. Launch Oracle WebLogic Server Administration Console.
  2. In Oracle WebLogic Server Administration Console, select Security Realms from the left pane and click the realm you are configuring. For example, myrealm.
  3. Select Users and Groups tab, then Users.
  4. In the Users table select the user you want to add to a group.
  5. Select the Groups tab.
  6. Select a group or groups from the Available list box.
  7. Click Save.

Changing a User Password in the Embedded WebLogic LDAP Server

Perform this optional task to change the default password for a user.

If you change the password of the system user, you also need to change it in the credential store.

  1. In Oracle WebLogic Server Administration Console, selectSecurity Realms, and click the realm you are configuring, for example, myrealm.
  2. Select the Users and Groups tab, and then click Users.
  3. In the Users table, select the user receiving the changed password.
  4. In the user's Settings page, select the Passwords tab.
  5. Type the password in the New Password and Confirm Password fields.
  6. Click Save.