In
OBIEE
10g
the
setup
consists
of
creating
users
&
groups
where
as
in
OBIEE
11g,
setup
consists
of
creating
users,
groups
&
roles.
The
focus
of
this
paper
is
the
introduction
of
the
basic
security
aspects
of
OBIEE
11g
using
10g as a starting point. Steps required to create users, organise them into groups and
enforcing
data
security are
addressed
in
this
paper
using
the
following
theme
•Create
two
users
•Create
two
groups
•Setup
group
level
filters
to
restrict
the
data
(using
single
Answers
report)
depending
on
the
user
region
The
standard
‘Paint’ RPD
that
comes
with
OBIEE
10g
and
11g
is
used
to
explain
the
security
setup.
In
OBIEE
10g,
the
basic
security
can
be
enforced
from
within
the
RPD
where
as
in
OBIEE
11g the security is enforced in the Oracle Weblogic Server 11g Administration Console
(hence forth referred as Weblogic Server) as well as the Oracle Enterprise Manager 11g
Fusion
Middleware
Control
(hence
forth
referred
as
OEM)
and
BI
Administrator
(hence
forth
referred
as
RPD).
•OBIEE 11g
users
&
groups
are
created
on
the
Weblogic
Server
•Users
represent
the
individuals
logging
into
OBIEE
•A selection
of
users
is
represented
by
Group
•Role
is
a
new
concept
introduced
in
OBIEE
11g
that
can
enforce
security
within
the
RPD
and the
Presentation
Catalog.
Roles
do
not
replace
Groups
but
can
co-exist.
It
should
be
noted
that a
Role
is
a
mandatory
building
block
to
enforce
security
in
OBIEE 11g
•Though usage of Groups is optional in OBIEE 11g, it is strongly recommended to rely on Groups
in
association
with
roles
to
avoid
re-starting
OEM
multiple
times
In OBIEE 11g: -We have three types of roles:
OBIEE
Security Roles
OBIEE is
delivered with 3 basic roles
Ø BIConsumer:
The base-level role that grants the user access to existing
analyses, dashboards and agents, allows them to run or schedule existing BI
Publisher reports, but not create any new ones. The Consumer can only view and run existing dashboards,
analysis and reports provided to them. These objects will be published in a
shared area with proper security rights. Consumers typically are the broadest
user base across the institution
Ø
BIAuthor: A role that is also recursively
granted the BIConsumer role that also allows users to create new analyses,
dashboards and other BI objects. The
Author can create and edit dashboards, analyses and reports. Authors will
include a narrower user base than Consumers.
Ø
BIAdministrator: Recursively granted the BIAuthor (and
therefore BIConsumer) roles that allows the user to administer all parts of the
system, including modifying catalog permissions and privilege. The Administrator can edit and create new repositories and catalogs.
They also have full control over all aspects of the OBIEE tool suite.
No comments:
Post a Comment