This section lists the changes to security features in Oracle Business Intelligence release 12c.
If you are upgrading to Oracle BI EE from a previous release, read the following information carefully. There are significant differences in features, tools, and procedures. See Upgrade Guide for Oracle Business Intelligence.
This section contains the following topics:
New security features in Oracle BI EE 12c (12.2.1.3.0) include:
This release uses OpenSSL version 1.0.2h.
Users can log in to Oracle Business Intelligence once and navigate between the Classic (Analytics) Home page, Visual Analyzer, and the new Home page.
Lightweight SSO is enabled by default in Oracle Business Intelligence for new installations only. If you patched Oracle BI EE to the latest release, lightweight SSO is not enabled by default.
If external SSO is configured, lightweight SSO defers to the external SSO configuration. Oracle BI EE uses the same mechanism to enable internal lightweight SSO and external SSO.
If you need to disable lightweight SSO, use the WSLT disable SSO command. See Enabling and Disabling SSO Authentication Using WLST Commands.
This section contains information about new security features.
There are no new security features in Oracle BI EE 12c (12.2.1.2.0).
New security features in Oracle BI EE 12c (12.2.1.1.0) include:
Catalog Groups are Not Supported
In this release Catalog groups are not supported and you must use application roles.
See the Upgrading Oracle Business Intelligence.
New security features in Oracle BI EE 12c (12.2.1.0) include:
BISystemUser and BISystem Removed
To simplify administration and configuration in this release Oracle Business Intelligence no longer requires a real user called BISystemUser (or equivalent) for internal communication. The system user concept is virtual and represented by the oracle.bi.system/system.user credential. The values are securely and randomly generated by the Configuration Assistant. Oracle BI components use this credential for internal communication, backed by Oracle BI Security. The BISystem application role is no longer available in the Policy Store, and is removed from any environment upgraded from 11g.
User GUIDs Removed
In this release user GUIDs are removed to make administration easier. There is no longer any need to refresh GUIDs as part of lifecycle operations. GUIDs are replaced with user names. Users now authenticate by user ID, which means that a user authenticating with a particular user ID is granted access permissions associated with their user ID. Therefore, a user leaving the system must have their user ID completely removed. Your administrator is now responsible for ensuring that users leaving the system are totally removed from Oracle Business Intelligence.
See Deleting a User.
Database Security Store
In this release the Security Store (Policy and Credential Stores) is configured in a relational database rather than in a file. The database is the same as used by RCU. This change makes scaling easier, and makes clusters more reliable.
See Installing and Configuring Oracle Business Intelligence.
Easier SSL Configuration
In this release configuring SSL end to end is now less complex and uses offline commands.
The key differences in SSL support in this release, from 11g, are as follows:
SSL uses the WebLogic trust store
No additional BI-specific trust configuration is required.
Offline commands
There is no need to use Fusion Middleware Control UI to configure processes.
Diagnostics for WebLogic certificate issues
Higher security - TLSv1.2 only
Configuration is central and not intermingled with user configuration.
Supports advanced options with no risk of settings being overwritten.
Migrating Catalog Groups to Application Roles
In this release a new process enables you to migrate Catalog groups to application roles.
See Migrating Catalog Groups in Upgrading Oracle Business Intelligence.