Use this process to set up security in a new Oracle Business Intelligence installation.
After you have installed Oracle Business Intelligence, you can evaluate the installation and functionality using the sample application. Later, you can create and develop your own users, groups, and application roles iteratively to meet your business requirements.
Read:
Note:
If you are using the default SampleAppLite.rpd
file in a production system, you should change the password from its installed value, using the Administration Tool. See About the SampleApp.rpd Demonstration Repository in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition.
Oracle recommends that you complete these post installation tasks in the following order:
Decide which authentication provider to use to authenticate users:
Oracle does not recommend using WebLogic Embedded LDAP Server in an environment with more than 1000 users. If you require a production environment with high-availability and scalability, then you should use a directory server such as Oracle Internet Directory (OID) or a third-party directory server.
See System Requirements and Certification.
When using the embedded WebLogic LDAP Server as the authentication provider, do the following:
When using Oracle Internet Directory (OID) as the authentication provider, do the following:
Use your authentication provider tools, for example, OID Console to create your users and groups as required.
Set up the application roles that you want to deploy, see Creating and Deleting Application Roles Using Fusion Middleware Control.
For example, you might use BIConsumer, BIContentAuthor, and BIServiceAdministrator, or you might create your own application roles.
Assign each group to an appropriate application role, see Assigning a Group to an Application Role.
Use the Administration Tool to update the permissions that users and groups have in the Oracle BI repository, see Managing Metadata Repository Privileges Using the Oracle BI Administration.
For example, you can enable an application role, BISuperConsumer, to create analyses. You use the Administration Tool to change the access from Read to Read/Write access to the specific subject area.
To change the permissions for users and groups have in the Presentation Services, see Managing Presentation Services Privileges Using Application Roles.
For example, you can prevent the application role, BISuperConsumer, from viewing scorecards, so you use Presentation Services Administration page to change the Scorecard\View Scorecard privileges for BISuperConsumer from Granted to Denied.
If you want to deploy Single Sign-On, see Enabling SSO Authentication.
To deploy secure sockets layer (SSL), see Configuring SSL in Oracle Business Intelligence. Oracle Business Intelligence is installed with SSL disabled.