Integrating with Oracle Database Security

BI Publisher offers integration with Oracle Database security to enable you to administer the BI Publisher users with your Oracle Database users.

Follow these procedures to integrate BI Publisher with Oracle E-Business Suite:

• Defining the BI Publisher Functional Roles in the Oracle Database

• Adding Data Sources to Roles

• Granting Catalog Permissions to Roles

Note:

For information on setting up Oracle Database security, see Oracle Database Security Guide.

When you restart the server, the roles to which BI Publisher roles have been assigned are visible as roles in the BI Publisher security center.

Defining the BI Publisher Functional Roles in the Oracle Database

You can create roles in the Oracle database that correspond to BI Publisher functional roles.

To define BI Publisher functional roles in the Oracle database:

1. In the Oracle Database, create the following roles to correspond to the BI Publisher functional roles:

   • XMLP_ADMIN — Serve as the administrator role for the BI Publisher server.

   • XMLP_DEVELOPER — Allows users to build reports in the system.

   • XMLP_SCHEDULER — Allows users to schedule reports.

   • XMLP_TEMPLATE_DESIGNER — Allows users to connect to the BI Publisher server from the Template Builder and to upload and download templates.

2. Assign these roles to the appropriate Database roles and users. You might also want to create additional reporting roles that you can use when setting up your report privileges on the BI Publisher side. For example, you might create a role called "HUMAN_RESOURCES_MANAGER" that you can assign a Human Resources Folder of reports to. You can then assign that role to any user requiring access to the Human Resources reports.
3. Assign the XMLP_ADMIN role to a user with administration privileges, such as SYSTEM.
4. Log in to BI Publisher application with Administrator privileges. On the Administration page, select Security Configuration.
5. In the Authorization region of the page, select Oracle Database from the Security Model list. Provide the following connection information:

   • JDBC Connection String — Example: jdbc:oracle:thin:@mycompany.com:1521:orcl

   • Administrator Username and Administrator Password — Note the following requirements for this user:

     • The user must be granted the XMLP_ADMIN role

     • The user must have privileges to access data from the dba_users/_roles/role_privs tables.

   • Database Driver Class — Example: oracle.jdbc.driver.OracleDriver

6. Click Apply. Restart BI Publisher for the security changes to take effect.

Adding Data Sources to Roles

To view a report generated from a particular data source, a report consumer's role must be granted access to the data source.

Similarly, to create a data model based on a particular data source, the report author's role must be granted access to the data source.

To grant a role access to a data source:

1. On the Administration tab, under Security Configuration, click Roles and Permissions.
2. Find the role to which you want to add data sources and click Add Data Sources. The Add Data Sources page is displayed.
3. Locate the appropriate data sources in the Available Data Sources list and use the shuttle buttons to move the sources to the Allowed Data Sources list for the role.
4. Click Apply.
5. Repeat for all roles that need access to report data sources.

Granting Catalog Permissions to Roles

For a role to access objects in a folder, you must grant the role permissions to the catalog object.

You can grant permissions at the folder level, so that a role has the same access to every object in a folder, or you can assign access individually to each object in a folder.

See the following sections for more information:

• Understanding BI Publisher Users, Roles, and Permissions

• About Privileges to Use Functionality

• About Catalog Permissions

• How Functional Privileges and Permissions Work Together

To grant catalog permissions to a role:

1. In the catalog, navigate to a catalog object required for a role.
2. Click the More link for the object and then click Permissions to open the Permissions dialog.
3. Click the Create icon to open the Add Roles dialog.
4. Click Search to populate the list of Available Roles.
5. Use the Move button to move the appropriate roles from the Available Roles list to the Selected Roles list.
6. Click OK.
7. Enable the appropriate permissions for the role by selecting the check boxes.
8. If you have selected a folder: To apply the selections to all items within a folder, select Apply permissions to items within this folder.