22 - ODI Security

Oracle Data Integrator 11g Bootcamp
Lesson 22 : ODI Security
T : +44 (0) 8446 697 995 or (888) 631 1410 (USA) E : enquiries@rittmanmead.com W: www.rittmanmead.com
Agenda
Understand security in ODI
Learn how to create users
Learn how to create profiles
Learn how to assign profiles
Create user and assign profile
Summary
ODI Security
Security plays important role in any environment
ODI provides different security concepts
User management
Granting access to objects
Controlling privileges (add,modify,delete,readonly)
Managing profiles (developers,operators,etc)
ODI Security Navigator

Security navigator is used to for security administration
Consists of three accordions
- Profiles
- Contains list of defined profiles
- Managing profiles (add\modify\del)
- Users
- Contains list of defined users and privileges
- Managing users and privileges (add\modify\del)
- Objects
- Contains list of ODI objects
Security navigator stores all data in master repository
Security navigator can also define password policies
Security Policy Approach

There are two main approaches
Strongly secured
- No default authorization on objects
- Security administrators grants authorization for each object
- Complex to configure
- Privileges managed by object instance
- Handled by non-generic profiles (built-in or custom)
Generic
- Users inherit privileges of the generic profiles (built-in or custom) they have
- Suitable for most cases
- Simple to configure
Profiles
Profiles consists of a group of ODI objects
Each object has set of methods
Methods are operations carried out by an object
For e.g: Object Column has following methods
- View, View Data
Profiles are usually of two types
Generic
Non-Generic
A profile can be created with both generic
and non-generic privileges
Generic Profiles
Generic Profiles
Generic privilege option selected for all object methods
User has access to all methods of all instances of an object to which profile is
authorized
Non-Generic Profiles
Non-Generic Profiles
Generic privilege option not selected for all object methods
Security administrator must grant the user the rights on the methods for each
instance while assigning the profile to the user
Non-Generic profiles are usually prefixed with NG_
Built-In Profiles
CONNECT
Profile with basic privileges to connect to ODI
All users require this profile
DESIGNER
Profile with privileges to perform development operations (Designer Navigator
access)
Required for all developers
NG_DESIGNER
Non-generic version of the DESIGNER profile
OPERATOR
Profile with privileges to manage run-time objects (Operator Navigator access)
Use it for production operators
Built-In Profiles Continued...

SECURITY_ADMIN
Profile with privileges to edit security
TOPOLOGY_ADMIN
Profile with privileges to edit topology
Use it for system or ODI administrators
VERSION_ADMIN
Profile with privileges to create,restore and edit versions and solutions
REPOSITORY_EXPLORER
Profile with privileges to view objects
Use it for QA s
NG_REPOSITORY_EXPLORER
Non-generic version of REPOSITORY_EXPLORER profile
Creating ODI User Step 1 : Name and Details

Right click in the Users accordion and select New
Name the user, set Initials and fill Notes
Set Account Expiration date and set user as supervisor using Supervisor Access
Privileges check box, if needed
Creating ODI User Step 2 : Set Password

Click the Enter a password button
On the Enter a password dialog, provide a New Password
Using Password options set expiration date, if needed
Click OK button to save
Creating a Profile Step 1 : Name

Right click in the Profiles accordion and select New
Name the new profile
Creating a Profile Step 2 : Add Objects

Drag and drop objects from Objects accordion onto the profile in the Profiles
accordion
Creating a Profile Step 3 : Generic Privilege

Under Profiles accordion, open a method under an object of a profile
For a generic profile enable Generic Privilege check box for all objects
For a non-generic profile disable Generic Privilege check box for all objects
Perform the operation on all methods of all objects and save the profile
Adding Generic Profile to a User

Drag and drop generic profiles from Profiles accordion onto the user in the Users
accordion
Adding Non-Generic Profile Step 1 : Add Profile to User

Drag and drop non-generic profiles from Profiles accordion onto the user in the
Users accordion
Adding Non-Generic Profile Step 2 : Add Access to ODI objects

Drag and drop ODI objects of your choice onto the user under Users accordion
Set the Active check box to grant access for each individual object and method
Save to make privileges effective
Hands-On Labs
Lab 22 - ODI Security
Summary
ODI provides security at different levels
ODI administrators can easily manage and control users,profiles and privileges
Oracle Data Integrator 11g Bootcamp

Lesson 22 : ODI Security

22 - ODI Security

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

22 - ODI Security

Загружено:

Авторское право:

Доступные форматы

Oracle Data Integrator 11g Bootcamp

Lesson 22 : ODI Security

ODI Security Navigator

Security Policy Approach

Built-In Profiles Continued...

Creating ODI User Step 1 : Name and Details

Creating ODI User Step 2 : Set Password

Creating a Profile Step 1 : Name

Creating a Profile Step 2 : Add Objects

Creating a Profile Step 3 : Generic Privilege

Adding Generic Profile to a User

Adding Non-Generic Profile Step 1 : Add Profile to User

Adding Non-Generic Profile Step 2 : Add Access to ODI objects

Oracle Data Integrator 11g Bootcamp

Вам также может понравиться