Skip Headers
Oracle® Business Intelligence Publisher
11g Release 1 (11.1.1)
  Go To Table Of Contents
Contents
Previous
Previous 		 Next
Next		  

Security Configuration Page and Overview

The Security Configuration page contains the following

Enabling a Local Superuser

Oracle recommends that you define an administration Superuser. Using the Superuser credentials you can directly access the BI Publisher administrative functions without logging in through the defined security model.

Set up this Superuser to ensure access to all administrative functions in case of failures with the configured security model. It is highly recommended that you set up a Superuser.


Important:

The superuser defined here has access only to administrative functions. Ensure that the user you create as the superuser does not require access to other functions.

  1. Click Administration.

  2. Under Security Center click Security Configuration.

  3. Under Local Superuser, select the box and enter the credentials for the Superuser.

  4. Restart the BI Publisher application.

Enabling a Guest User

You can configure public access to specific reports by defining a "Guest" folder. Any user can access the reports in this folder without entering credentials.


Important:

Guest access is not supported with Single Sign-On.

All objects required to view a report must be present in the Guest folder because the Guest folder is the only folder the guest user will have any access rights to. Therefore the report and the data model must be present in the Guest folder as well as Sub Templates and Style Templates, if applicable. The guest user has read access only. The Guest user must also be granted access to the report data source.

To enable guest access:

  1. Under Shared Folders, create the folder to which you want to grant public access.

  2. Click Administration.

  3. Under Security Center select Security Configuration.

  4. Under Guest Access, select Allow Guest Access.

  5. Enter the name of the folder that you created for public access.

    Figure 26-1 Enabling Guest Access

    Enabling gues access

  6. Restart the BI Publisher application.

  7. Add the objects to the Guest folder that you want the guest users to access: folders, reports, data models, Sub Templates and Style Templates.

    The report must reference the data model that is stored in the guest folder. Therefore, if you copy a report with its data model from another location, ensure to open the report and reselect the data model so that the report references the data model inside the guest folder. Similarly, any references to Sub Templates or Style Templates must also be updated.

  8. Grant access to the data sources used by data models in your Guest folder. See Granting Access to Data Sources Using the Security Region for information on granting Guest access to a data source.

Users who access BI Publisher will see the Guest button on the log on page. Users can select this button and view the reports in your chosen guest folder without presenting credentials.

Authentication and Authorization Options

BI Publisher supports several options for authentication and authorization. You can choose a single security model to handle both authentication and authorization; or, you can configure BI Publisher to use a Single Sign-On provider or LDAP provider for authentication with another security model to handle authorization.

Authentication: Support for Single Sign-on

Oracle BI Publisher supports the following Single Signon (SSO) providers:

For information on configuring these options see the Oracle Fusion Middleware Administrator's Guide for Oracle Business Intelligence Publisher.

Security Model

BI Publisher offers the following security options:

Configuring Users and Roles

The following procedures describe:

Creating Roles

To create a new role in BI Publisher:

  1. Navigate to the BI Publisher Administration page.

  2. Under Security Center, click Roles and Permissions.

  3. Click Create Role.

  4. Enter a Name for the role and optionally, enter a Description.

  5. Click Apply.

  6. Click Assign Roles to assign roles to the user.

  7. Use the shuttle buttons to move Available Roles to Assigned Roles. Click Apply.

  8. To add a role to a role, click Add Roles.

  9. Use the shuttle buttons to move Available Roles to Included Roles. Click Apply.

To add data sources to a role, see Granting Data Access to Roles and Permissions.

Creating Users and Assigning Roles to a User

To create a new user in BI Publisher:

  1. Navigate to the BI Publisher Administration page.

  2. Under Security Center, click Users.

  3. Click Create User.

  4. Add the User Name and Password for the user.

  5. Click Apply.

  6. Click Assign Roles to assign roles to the user.

  7. Use the shuttle buttons to move Available Roles to Assigned Roles. Click Apply.

Granting Catalog Permissions

For a role to access an object in the catalog, the role must be granted Read permissions on both the object and the folder in which the object resides. Permissions can be granted at the folder level and applied to all the objects and subfolders it contains, or applied to individual objects.

To grant catalog permissions to a role:

  1. Navigate to the Catalog.

  2. Locate the folder or object on which to grant permissions and click More. From the menu (shown in Figure 26-2), select Permissions. Alternatively, you can select the folder and click Permissions in the Tasks region.


    Note:

    Permissions cannot be granted on the root Shared folder.

    Figure 26-2 More Menu

    Surrounding text describes Figure 26-2 .

  3. On the Permissions dialog (shown in Figure 26-3), click Create.

    Figure 26-3 Permissions Dialog

    Surrounding text describes Figure 26-3 .

  4. On the Add Roles dialog (shown in Figure 26-4), enter a search string to find a role, or simply click Search to display all roles. Use the shuttle buttons to move roles from the Available Roles list to the Selected Roles list.

    Figure 26-4 Add Roles Dialog

    Surrounding text describes Figure 26-4 .

  5. When finished, click OK to return to the Permissions dialog.

  6. On the Permissions dialog (shown in Figure 26-5), configure the permissions required by the role.

    Figure 26-5 Permissions Dialog

    Surrounding text describes Figure 26-5 .

    Note the following:

    • The icon next to the Report Developer role indicates that this role is assigned one of the BI Publisher functional roles (in this case, the BI Publisher Developer role).

    • Once the Report Developer role is assigned access to this folder, the following permissions are automatically granted based on the privileges that comprise the BI Publisher Developer Role: Run report online, Scheduler Report, View Report Output.

  7. If you are granting permissions on a Folder, select Apply permissions to items within this folder, if the permissions should apply to all objects.

Granting Data Access to Roles and Permissions

Use the Roles and Permissions page to add data sources to roles.

A role must be granted access to a data source if the role must:

To grant a role access to a data source:

  1. Navigate to the BI Publisher Administration page.

  2. Under Security Center, click Roles and Permissions.

  3. On the Roles and Permissions page, locate the role, then click Add Data Sources.

  4. On the Add Data Sources page you see a region for each of the following types of data sources:

    • Database Connections

    • File Directories

    • LDAP Connections

    • OLAP Connections

  5. Use the shuttle buttons to move the required data sources from the Available Data Sources list to the Allowed Data Sources list.

  6. When finished, click Apply.

Previous
Previous 		 Next
Next
Go To Table Of Contents
Contents