New Features in Oracle Business Intelligence Security

This section lists the changes to security features in Oracle Business Intelligence release 12c (12.2.1).

If you are upgrading to Oracle BI EE from a previous release, read the following information carefully, because there are significant differences in features, tools, and procedures. See Upgrade Guide for Oracle Business Intelligence.

This section contains the following topics:

New Features for 12c (

This section contains information about new security features.

There are no new security features in Oracle BI EE 12c (

New Features for 12c (

New security features in Oracle BI EE 12c ( include:

Catalog Groups are Not Supported

In this release Catalog groups are not supported and you must use application roles.

See the Oracle Business Intelligence Migration Guide.

New Features for 12c (

New security features in Oracle BI EE 12c ( include:

BISystemUser and BISystem Removed

To simplify administration and configuration in this release Oracle Business Intelligence no longer requires a real user called BISystemUser (or equivalent) for internal communication. The system user concept is now deemed "virtual" and is represented by the credential, for which the values are securely randomly generated by the Configuration Assistant. Oracle BI components continue to use this credential for internal communication, backed by Oracle BI Security. The application role BISystem is also no longer present in the Policy Store, and will be removed from any upgraded 11g environment.

User GUIDs Removed

In this release user GUIDs have been removed to make administration easier. There is no longer any need to refresh GUIDs as part of lifecycle operations. GUIDs are replaced with user names. Users now authenticate by user ID, which means that a user authenticating with a particular user ID is granted access permissions associated with their user ID. Therefore, a user leaving the system must have their user ID completely removed. Your administrator is now responsible for ensuring that users leaving the system are totally removed from Oracle Business Intelligence.

See Deleting a User.

Database Security Store

In this release the Security Store (Policy and Credential Stores) is configured in a relational database rather than in a file. The database is the same as used by RCU. This change makes scaling easier, and makes clusters more reliable.

See Installing and Configuring Oracle Business Intelligence.

Easier SSL Configuration

In this release configuring SSL end to end is now less complex and uses offline commands.

The key differences in SSL support in this release, from 11g, are as follows:

  • SSL uses the WebLogic trust store

    No additional BI-specific trust configuration is required.

  • Offline commands

    There is no need to use Fusion Middleware Control UI to configure processes.

  • Diagnostics for WebLogic certificate issues

  • Higher security - TLSv1.2 only

  • Configuration is central and not intermingled with user configuration.

  • Supports advanced options with no risk of settings being overwritten.

See Configuring SSL in Oracle Business Intelligence.

Migrating Catalog Groups to Application Roles

In this release a new process enables you to migrate Catalog groups to application roles.

See Migrating Catalog Groups in Oracle Business Intelligence Migration Guide.