Home

About

Clients

Consulting

Training

Support

Articles

Events

Blog

An OBIEE 11g Security Primer : Introduction

March 11th, 2012 by Mark Rittman
Search

For anyone whos been waiting for the Oracle Press OBIEE 11g Developers Guidethat Ive seemingly been working on ever since Oracle acquired Siebel, youll be pleased to know that Im working on the final chapter now. The only issue (for me) though with this is that Ive saved the best (ahem) to last Security. I guess Ive been putting the security chapter on the back-burner for a while now because (a) its probably the most complicated, tricky area to cover in OBIEE 11g, and (b) the initial implementation was a bit ropey, so Ive been waiting for the feature to mature over the various releases. Well, were at OBIEE 11.1.1.6 now and theres no more chapters to write, so I guess its time to tackle this topic. I tend to try and plan out chapters, and in particular the examples, in advance of actually writing something, and as security is such as complicated, and misunderstood area of OBIEE I thought itd be worth covering the topic in a series of blog posts before writing the chapter; firstly as a way of gathering my own thoughts, and also as a way of peer reviewing what Im putting together. So hopefully, if youre new to OBIEE 11g security, the five blog posts Im going to run next week will be of use to you; if youre experienced with OBIEE 11g and youve done a lot to do with security, Id also appreciate your comments and also any suggestions on how to do things better, or differently. Ill start off though with an overview of OBIEE 11g security, and put some pointers down towards the postings Ill be doing next week on this topic. So, lets start with an overview of OBIEE 11g security. Security in Oracle Business Intelligence to my mind takes several forms:
l

Recent Posts
New Wednesday Seminar Series from Robin and Mark Statistical Analysis in the Database Oracle Data Integrator Designer for OWB Developers Anatomy of BI EE Page Rendering Use of HTTP/Web Server & Compression New Training Courses and Seminars from Rittman Mead

Row-level filters that are applied to data, either automatically by settings in the repository, or by developers by adding filters to reports Subject-area permissions and restrictions giving you access (or not) to whole sets of data Restrictions and controls on what parts of the application you can access; for example, whether you have access to the analysis editor When youre logged into OBIEE as weblogicafter doing an install on your laptop, none of this really comes into play as you can access everything with no restrictions. But OBIEE systems deployed on customer sites typically want to restrict this type of access to administrators, with end-users only able to author and view reports and dashboards, not make system-level administration changes. Then, as the system gets deployed across the enterprise, youll want to restrict what sets of data are available to different groups in the organisation, partly to stop data falling into the wrong hands, but also partly to reduce the amount of data users have to navigate through. Determining and setting what data sets are available to groups of users is usually referred to as authorisation.

l l

Recent Comments
Kim Berg Hansen on Statistical Analysis in the Database chet on Anatomy of BI EE Page Rendering Use of HTTP/Web Server & Compression jeff on Oracle EPM 11.1.1.3 Installing Hyperion Components on Multiple Machines Martien Truijen on OBIEE 11g Security Week : Connecting to Active Directory, and Obtaining Group Membership from Database Tables Swamy on Anatomy of BI EE Page Rendering Use of HTTP/Web Server & Compression

As well as authorisation, you typically need to verify that someone logging into a system is really who they say they are. This is referred to as authentication, and can be as simple as checking a username and password thats stored in the built-in WebLogic LDAP server, through to connecting through to external directories such as Microsoft Active Directory, and usage of access tokens such as smart cards and the like. These two things, authorisation and authentication, is where a lot of the work goes in setting up security for OBIEE, and well cover these in the first two postings of the series next week. As well as authentication and authorisation, there are a number of topics and tasks that people associate with OBIEE 11g security. These include:
l

Categories
Apple Application Server BI (General) BI (General) BI 2.0 BI 2.0

Administering users and groups in the WebLogic Server LDAP Server, and mapping these through to Fusion Middleware application roles The mysteries of application policies, plus all the associated Oracle Platform Security Services stuff (policy stores, providers and so on) Connecting OBIEE to external directories such as Microsoft Active Directory, as well as setting up mix-and-match authorization/authentication setups involving providers, initialisation blocks, web groups and so on

Setting up things such as SSL (Secure Socket Layers), SSO (Single Sign-On) and security hand-offsbetweenOBIEEand BI Suite Developer Book the Hyperion product stack Conferences As well as the process around on-boarding, managing and then existing staff and the impact this has on security
Courses Data Mining

So its a pretty big topic, and one that realistically its tricky to cover in just one chapter in a book. But its still a very important topic, and so over five days next week Im going to take a look into a number of OBIEE 11g security topics, with the outline of the week looking like this (Ill update the links as I post the articles):
l l l l

Data Quality Data Warehousing Dimensional Modelling

OBIEE 11g Security Week : Row-Level Security OBIEE 11g Security Week : Subject Area, Catalog and Functional Area Security OBIEE 11g Security Week : Understanding OBIEE 11g Security, Application Roles and Application Policies OBIEE 11g Security Week : Managing Application Roles and Policies, and Managing Security Migrations and Deployments OBIEE 11g Security Week : Connecting to Active Directory, and Obtaining Group Membership from Database Tables

Discoverer Exadata FMW General Hyperion Hyperion Essbase Hyperion Smart View

Which looks like a fun set of topics by anyones standards ;-) So, keep an eye on the blog next week, and add any comments or feedback as each post goes up. See you all next week.

Linux Methodology Oracle BI Apps

http://www.rittmanmead.com/2012/03/an-obiee-11g-security-primer-introduction/

Page 1 / 3

Tweet

Like

Oracle BI Apps Oracle BI Suite EE

Posted in Oracle BI Suite EE | 4 Comments

Oracle Data Integrator Oracle Database Oracle Discoverer Oracle Endeca

Comments
Dina Gomez Says:
March 12th, 2012 at 6:20 am

Oracle EPM Oracle Exalytics Oracle GoldenGate Oracle News Oracle OLAP Oracle Reports & XML Publisher Oracle Warehouse Builder Professional

Looking forward to succeding topics. Would also like to know how in 11g can users update their passwords.

Scott Powell Says:

March 12th, 2012 at 3:57 pm

rant Real-Time Decisions Rittman Mead Seminar Series Technology

Mark thank you so much! This is exactly what weve been hoping for. You and your company do a great job of condensing 2000+ pages of Oracle docs into something actually usable and understandable. Thank you! Scott Powell

The Great Blog Disaster Training Uncategorized

Mini Says:
March 14th, 2012 at 8:50 am

User Groups & Conferences

MarkThanks for your blog on explaning about the security features in obiee 11g. Looking forward for the same which will be useful for many new comers in obiee 11g..

Mini Says:
March 14th, 2012 at 8:53 am

MarkBeen Looking for your blog on integration of obiee 11g LDAP security with the Ms Active Directory and obiee 11g to the Oracle R12 applications so that it will navigate to the dashboard page from the ebs menu.

Write a comment
Name (required)

Mail (will not be published) (required)

Website

Your comment 5

6
Submit Comment

Call us now to talk about your BI project: +44 (0) 8446 697 995 (UK) or (888) 631-1410 (USA) or +61 3 9596 7186 (Australia & New Zealand) or +91 997 256 7970 (India)
Home About Us
> > > > About us About our team Contact us Our clients

Services
> Consulting > Training > Support

Consulting Services
> > > > > > Projects Expert Services OBIEE 11g Sustainability On Discoverer? Oracle DW

Training
> OBI10g Developer > OBI11g Training Days > OBI10g End-User > BI Publisher > Oracle BI Apps

Resources
> Articles > Blog > OBIEE 11g

Blog Authors
> Mark Rittman > Venkat J > Stewart Bryson > Peter Scott > Borkur S > Mike Vickers > Robin Moffatt > Jon Mead

Rittman Mead Consulting ltd. Registered Office : Preston Park House, South Road, Brighton, East Sussex, BN1 6SB, United Kingdom United Kingdom Company No. : 6032852 VAT No. : 900 3839 48 Rittman Mead America, Inc. Registered Office : 3605 Sandy Plains Road, Suite 240-404, Marietta, GA 30066, USA Rittman Mead Oceania Pty Ltd.

http://www.rittmanmead.com/2012/03/an-obiee-11g-security-primer-introduction/

Page 2 / 3

Registered Office : 8/196, North Road, Brighton East, Victoria, 3187, Australia Australian Company No. : 149 458 935 Rittman Mead Consulting Pvt Ltd. #101 Evoma Business Center, 82, Borewell Road, Whitefield Bengaluru, Karnataka 560066 INDIA

2010-2011RittmanMeadConsulting.| Privacy Policy| E: info@rittmanmead.com

Website Design & Build: tymedia.co.uk

http://www.rittmanmead.com/2012/03/an-obiee-11g-security-primer-introduction/

Page 3 / 3