It covers the following topics:
This chapter describes how to integrate BI Publisher with other Oracle product security models.
In most cases you must first define the BI Publisher functional roles in the other Oracle product and then configure BI Publisher to use the other Oracle product security for authorization. You can use one of the Oracle product authorization methods described here in conjunction with a supported authentication method (SSO or LDAP) described in Alternative Security Options.
For conceptual information regarding BI Publisher roles and permissions, see Understanding BI Publisher Users, Roles, and Permissions.
Before you implement any of these security models, first create a local superuser.
The local superuser credentials ensure that you can access the Administration pages of Oracle BI Publisher in case of any unexpected failures in the configured security settings.
To create a local superuser:
If you have installed BI Publisher as part of the Oracle Business Intelligence Enterprise Edition and you have configured Oracle BI Enterprise Edition to use legacy Oracle BI Server authentication, then follow the procedures below to configure BI Publisher to use BI Server security.
Note:
The Oracle BI Server security option is for customers who want to use legacy 10g authentication. This section does not apply to you if you have configured Oracle Fusion Middleware Security.
These procedures assume that you have performed the configuration required in the BI Server. For information on configuring legacy Oracle BI security, see Security Guide for Oracle Business Intelligence Enterprise Edition.
You configure BI Publisher for BI Server Security on the Administration page.
To configure BI Publisher for BI Server Security:
BI Publisher can leverage your E-Business Suite security to enable your users to log in to BI Publisher using their E-Business Suite credentials. The BI Publisher security integration recognizes the user's E-Business Suite responsibility and org_id combinations.
When users log in, they are prompted to select a responsibility. Reports that users run against the E-Business Suite data tables then filter the data based on their responsibility and org_id combination. Users can switch responsibilities and reporting organization while still logged in using the My Account dialog.
When you integrate with the E-Business Suite security, your E-Business Suite responsibilities appear as roles in the BI Publisher security center. You can then add BI Publisher catalog permissions and data access privileges to the imported roles/responsibilities. See Understanding BI Publisher Users, Roles, and Permissions.
Follow these procedures to integrate BI Publisher with Oracle E-Business Suite:
Note:
In this release, users cannot access or execute reports that are stored on the E-Business Suite instance. Reports must reside in the BI Publisher catalog. The E-Business Suite data security is enforced when BI Publisher connects to the E-Business Suite data tables to retrieve the report data.
Oracle BI Publisher relies on information stored in the DBC file to connect to the E-Business Suite instance. Ensure that you can locate and have access to this file. The DBC file is typically located under the $FND_SECURE directory.
When BI Publisher is integrated with E-Business Suite security, certain features are enabled.
When users log in to BI Publisher using their E-Business Suite credentials, they are prompted to choose a responsibility, as shown below.
Users can switch responsibilities or reporting organizations using the My Account dialog.
The data source connection to the E-Business Suite instance is automatically configured and available in the data model editor, as shown below.
You configure BI Publisher for E-Business Suite Security on the Administration page.
When you restart the system, the E-Business Suite responsibilities to which BI Publisher roles have been assigned are visible as roles in the BI Publisher security center.
To view a report generated from a particular data source, a report consumer's role must be granted access to the data source.
Similarly, to create a data model based on a particular data source, the report author's role must be granted access to the data source.
To grant a role access to a data source:
For a role to access objects in a folder, you must grant the role permissions to the catalog object.
You can grant permissions at the folder level, so that a role has the same access to every object in a folder, or you can assign access individually to each object in a folder.
See the following sections for more information:
To grant catalog permissions to E-Business Suite roles:
BI Publisher offers integration with Oracle Database security to enable you to administer the BI Publisher users with your Oracle Database users.
Follow these procedures to integrate BI Publisher with Oracle E-Business Suite:
Note:
For information on setting up Oracle Database security, see Oracle Database Security Guide.
When you restart the server, the roles to which BI Publisher roles have been assigned are visible as roles in the BI Publisher security center.
You can create roles in the Oracle database that correspond to BI Publisher functional roles.
To view a report generated from a particular data source, a report consumer's role must be granted access to the data source.
Similarly, to create a data model based on a particular data source, the report author's role must be granted access to the data source.
To grant a role access to a data source:
For a role to access objects in a folder, you must grant the role permissions to the catalog object.
You can grant permissions at the folder level, so that a role has the same access to every object in a folder, or you can assign access individually to each object in a folder.
See the following sections for more information:
To grant catalog permissions to a role:
To configure BI Publisher to integrate with Siebel security, perform the tasks in the following sections.
After setting up BI Publisher Roles as Siebel CRM Responsibilities, assign these roles to the appropriate users. You might also want to create additional reporting roles that you can use when setting up your report privileges in the BI Publisher.
You configure BI Publisher to use Siebel Security on the Administration page.
When you log back in to BI Publisher, the responsibilities to which you added the BI Publisher functional roles are displayed on the Roles and Permissions page.
To view a report generated from a particular data source, a report consumer's role must be granted access to the data source.
Similarly, to create a data model based on a particular data source, the report author's role must be granted access to the data source.
To grant a role access to a data source:
For a role to access objects in a folder, you must grant the role permissions to the catalog object.
You can grant permissions at the folder level, so that a role has the same access to every object in a folder, or you can assign access individually to each object in a folder.
See the following sections for more information:
To grant catalog permissions to a role: