Heljula Security 123

Peak Indicators Limited
OBIEE 11g Security its as easy as 1-2-3!

Antony Heljula @aheljula
BI Architect
2
Agenda
Aim of Presentation
10g Security Model
11g Security Model
What is Supported
Identity Providers
Groups
GUIDs
SSL
Single Sign On (SSO)
Important Files
Migration
Closing Thoughts

3
Aim of Presentation
To explain the key concepts behind the Oracle BI 11g security model

Clarify what is and what is not supported

Demonstrate that it can achieve great results

Explain why 11g security model is better than 10g you dont need the
10g security model any more!

Discuss some advanced topics such as SSO, SSL and migration

It is getting better..we can look forward to a brighter future!
4
10g Security Model
5
10g Security Model
BI Presentation
Services
BI Server
Catalog
Groups
Groups
Groups apply responsibilities
for BI Server
Catalog Groups apply responsibilities
for BI Presentation Services. Can be
inherited from other Catalog Groups
and also other BI Server Groups
6
10g Security Model
BI Presentation
Services
BI Server
Corporate LDAP

USERS
ASMITH

GROUPS
Sales Manager

Catalog
Groups
Groups
ASMITH is a Sales Manager
ASMITH gets data visibility
for a Sales Manager
ASMITH can see the
Sales Manager dashboard
7
10g Security Model
BI Presentation
Services
BI Server
Corporate LDAP

USERS
ASMITH

GROUPS
Sales Manager

Catalog
Groups
Groups
ASMITH is granted
some presentation
privileges directly
8
10g Security Model
BI Presentation
Services
BI Server
Corporate LDAP

USERS
ASMITH

GROUPS
Sales Manager
Answers Access
Delivers Access
Catalog
Groups
Groups
Additional LDAP
Groups applied
directly to
Presentation Services
Group
inheritance
within LDAP
9
Issues with 10g Security Model
BI Presentation
Services
BI Server
Corporate LDAP

USERS
ASMITH

GROUPS
Sales Manager
Answers Access
Delivers Access
Catalog
Groups
Groups
Not an easy model to explain!
p.s. 10g didnt even directly support Groups in LDAP
10
BI Presentation
Services
BI Server
Corporate LDAP

USERS
ASMITH

GROUPS
Sales Manager
Answers Access
Delivers Access
Catalog
Groups
Groups
Reliance on Corporate LDAP to manage
application-only privileges
e.g. Answers Access
11
Corporate LDAP

USERS
GROUPS
If every application needed their own
hierarchy of privileges how complicated
is your Corporate LDAP going to become?
GROUPS
GROUPS
GROUPS
GROUPS
GROUPS
GROUPS
GROUPS
GROUPS
GROUPS
GROUPS
GROUPS
GROUPS
GROUPS
USERS
USERS
USERS
USERS
USERS
USERS
USERS
USERS
USERS
USERS
USERS
USERS
USERS
USERS
USERS
USERS
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
12
11g Security Model
13
The 11g Security Model
BI Presentation
Services
BI Server
Corporate LDAP

USERS
ASMITH

GROUPS
Sales Manager

Your Corporate LDAP just
contains corporate
Users and Groups
14
BI Presentation
Services
BI Server
Corporate LDAP

USERS
ASMITH

GROUPS
Sales Manager

APPLICATION
ROLES

Sales Manager
Answers Access
Delivers Access

A new layer of Application Roles
define the application-specific roles.
The OBI Administrators maintain these
15
BI Presentation
Services
BI Server
Corporate LDAP

USERS
ASMITH

GROUPS
Sales Manager

APPLICATION
ROLES

Sales Manager
Answers Access
Delivers Access

A Group can belong to multiple
Application Roles e.g. Sales Managers
also have Answers Access
16
BI Presentation
Services
BI Server
Corporate LDAP

USERS
ASMITH

GROUPS
Sales Manager

APPLICATION
ROLES

Sales Manager
Answers Access
Delivers Access

But if you prefer, Application Roles can belong to
other Application Roles e.g. Sales Manager
Role also has Answers Access Role
17
BI Presentation
Services
BI Server
Corporate LDAP

USERS
ASMITH

GROUPS
Sales Manager

APPLICATION
ROLES

Sales Manager
Answers Access
Delivers Access

Application Roles are used by both BI
Presentation Services and BI Server
18
BI Presentation
Services
BI Server
Corporate LDAP

USERS
ASMITH

GROUPS
Sales Manager

APPLICATION
ROLES

Sales Manager
Answers Access
Delivers Access

You can also assign a User
to an Application Role
19
Advantages
BI Presentation
Services
BI Server
Corporate LDAP

USERS
ASMITH

GROUPS
Sales Manager

APPLICATION
ROLES

Sales Manager
Answers Access
Delivers Access

1) Greater control for the OBI Administrator
2) Corporate LDAP less complex
3) Simpler architecture
4) More flexibility
5) Greater consistency between OBIPS and OBIS
20
Administration Points
BI Presentation
Services
BI Server
Corporate LDAP

USERS
ASMITH

GROUPS
Sales Manager

APPLICATION
ROLES

Sales Manager
Answers Access
Delivers Access

1
2
3
4
Weblogic Console
FMW Control
RPD
Catalog
&
Manage
Privileges

21
In the Weblogic Console you can:
Configure Identity Providers (discussed later)
Configure Users and Groups (Embedded LDAP)
1) Weblogic Console
22
You can use FMW Control for:
Creating new Application Roles
Assigning Roles/Groups/Users to Application Roles
2) FMW Control
Menu option:
Security > Application Roles
23
Within the RPD you can apply security rules to Application Roles:
Access to Subject Area contents
Access to Connection Pools
Apply Data Filters
Apply Query Limits
3) RPD
24
Within the Presentation Layer you can use Application Roles for:
Managing privileges
Object access permissions within the Catalog
4) Catalog and Manage Privileges
25
FMW Control comes with its own embedded Credential Store
WebLogic Domain > bifoundation_domain > Security > Credentials

In here are stored passwords for:
BISystemUser
RPD Passwords
Any other credentials (e.g. for custom web services)
No More Cryptotools
26
When you install Oracle BI 11g, you get the following mapping between
Users Groups Roles:

Default Configuration
BISystem
Component
BIAdministrators
BIAuthors
BIConsumers
BIAdministrator
BIAuthor
BIConsumer
member of
member of
USERS
GROUPS ROLES
BIAdministrators: All Functions
BIAuthors: Create new content
BIConsumers: Read-only
28
Each of the default Application Roles is allocated one or more Application
Policies. These Application Policies provide access to certain
Resources within Oracle BI
Application Policies
The BIAdministator role can:
Manage Repositories
Manage Jobs
Manage the Presentation Catalog
Administer BI Server
29
The policies for the BIAdministrator
role provide access to the
Administration screen

The policies for the BIAuthor role
provide access to the entire New
menu to create new reporting objects

NOTE:
Confusion still remains as to why these
types of privilege are not on the
Manage Privileges screen along with
everything else
Application Policies

30
Frequently Asked Questions
- What Roles and Policies Should I Have?
- When Should I Use the WebLogic LDAP?
- Can I Have Multiple Identity Providers?
- Where Do I Get My Groups From?
- What are GUIDs?
- Do I Still Need SA System Subject Area?
- What Are The Important Files?
- How Do We Migrate Between Environments?
- Can I Still Use The 10g Security Model?
- How Do You Implement SSL?
- How Do You Implement SSO?
- What Do I Do When it All Goes Wrong?

31
- What are GUIDs?

32
What Roles and Policies Should I Have?
First of all, use the new default Application Roles to distinguish between
your 3 main types of user:
Administrators BI Administrator Role
Report Developers BI Author Role
Everyone Else BI Consumer Role

By default, all authenticated users will get BI Consumer Role, so you only
need to manage the allocation of BI Auther/Administrator Roles

There is typically no need to alter the Application Policies that are
assigned to each role
The default policies provide a convenient way to restrict access to core Oracle
BI system resources
Default Roles and Policies
33
You can then have your own custom Application Roles to manage access
and privileges at a more granular level

For example:
Sales Manager Role Access to the Sales Manager Dashboard
HR Manager Role Access to the HR Manager Dashboards
BI Answers Role Access to Answers
BI Delivers Role Access to Delivers

NOTE: In most cases, 1 LDAP Group will map to 1 Application Role

Custom Roles
34
A Combination of Default/Custom Roles
BI Presentation
Services
BI Server
LDAP

USERS
ASMITH

GROUPS
BIAdministrator
BIAuthor
BIConsumer
Sales Manager

APPLICATION
ROLES

BIAdministrator
BIAuthor
BIConsumer
Sales Manager
Answers Access
Delivers Access

35
- What are GUIDs?

36
When Should I Use the WebLogic LDAP?
The Embedded WebLogic LDAP is relatively basic compared to the more
enterprise LDAP solutions e.g. OID, AD

Oracle advise no more than 1,000 users
37
When Should I Use the WebLogic LDAP?
BI Presentation
Services
BI Server
Corporate LDAP

All other users

APPLICATION
ROLES

Sales Manager
Answers Access
Delivers Access

WebLogic LDAP

Weblogic
BISystemUser
Test users
Treat the WebLogic LDAP much like you treated the RPD as a user
store in OBI 10g (weblogic, system accounts and test users only)
All other users go in the Corporate LDAP
38
- What are GUIDs?

39
Can I Have Multiple Identity Providers?
Yes. It is possible to add multiple other Identity Providers within WebLogic console

By default, there are two embedded WebLogic providers:
DefaultAuthenticator (Embedded Weblogic LDAP)
DefaultIdentityAsserter

It is possible though to add further Identity Providers e.g. OID
40
Multiple Identity Providers with either:
Users and Groups in LDAP
Users and Groups in Database
Users in LDAP and Groups in Database (in 11.1.1.6, patch in 11.1.1.5)

Identity Providers for Authentication: (NOTE: not exhaustive)
Weblogic LDAP
Active Direcitory
iPlanet
Oracle Internet Directory (OID)
Oracle Virtual Directory (OVD)
Novell (eDirectory 8.8)
OpenLDAP
SQL
Tivoli Directory Server 6.2
SQL Group Lookup (New with 11.1.1.6, patch for 11.1.1.5)
Support
41
Adding new Identity Providers is straight forward
via the New button
Supported providers in red (not exhaustive)

You can reorder the list of providers so that
authentication is performed in a different order
e.g.
OID
Weblogic LDAP

Adding a New Provider
43
It is a common situation with Oracle BI Apps where you have:
Users to be authenticated in a Corporate LDAP
Groups to be obtained from the source OLTP (e.g. EBS)

BISQLGroupProvider
BI Presentation
Services
BI Server

Corporate
LDAP

APPLICATION
ROLES

Sales Manager
Answers Access
Delivers Access

EBS

Weblogic

Groups
44
The 11g security model now supports this type of arrangement

A new provider BISQLGroupProvider is available to obtain Groups from a
database:
Available in 11.1.1.6 (with some configuration)
Available in 11.1.1.5 (patch 11667221)

To configure, see Oracle Support article 1428008.1 to obtain the TechNote:
TechNote_LDAP_Auth_DB_Groups_V3.pdf
BISQLGroupProvider
45
When you have multiple Identity Providers you should set the virtualize =
true custom property within FMW Control:
Bifoundation_domain > Security > Security Provider Configuration

Without this setting:
Only the first identity provider listed will be used by OBI
You wont be able to log in if the AdminServer dies

NOTE:
If you can get the setting to work, try restarting Managed Server and OPMN
processes via FMW Control rather than the command line

Virtualize=True
46
Managing BISystemUser
BI Presentation
Services
BI Server
Corporate LDAP

BISystemUser

APPLICATION
ROLES

Sales Manager
Answers Access
Delivers Access

WebLogic LDAP

When you implement an additional identity provider, The
Oracle BI documentation suggests to migrate the
BISystemUser to your external LDAP provider.
47
BI Presentation
Services
BI Server
Corporate LDAP

BISystemUser

APPLICATION
ROLES

Sales Manager
Answers Access
Delivers Access

WebLogic LDAP

But what happens if the Corporate LDAP becomes unavailable?
x
48
BI Presentation
Services
BI Server
Corporate LDAP

BISystemUser

APPLICATION
ROLES

Sales Manager
Answers Access
Delivers Access

WebLogic LDAP

BISystemUser
It is better to keep the BISystemUser account in the WebLogic LDAP
store you can still start up and use Oracle BI even when the
Corporate LDAP is unavailable (NOTE: need to set virtualize=true)
x

49
- What are GUIDs?

50
Where Do I Get My Groups From?
When you have multiple identity providers, the Groups for each users will
be obtained from the same provider that they authenticated against

For example:
Multiple Identity Providers
WebLogic user will obtain Groups from DefaultAuthenticator
Corporate End Users will obtain their Groups from OracleInternetDirectory,
as this is where they are authenticated
51
A BI SQL Group Lookup identity provider is always assigned to a single
LDAP provider
The Groups will only come from the BI SQL Group Lookup provider
Any Groups in the LDAP store are ignored
BISQLGroupProvider
In this example, any user authenticating using OracleInternetDirectory
will obtain their Groups from the BISQLGroupProvider.
Any Groups assigned to the user in OID will be ignored.
52
If you are using the WebLogic LDAP as an authenticator then you will need
to maintain your Groups in this store
But Groups from other identity providers (e.g. OID) will be automatically
integrated (as shown below), you dont need to create them manually
WebLogic Console
External Group from OID
53
Your internal and external Groups are immediately available to be
assigned to Application Roles:
FMW Control
The BIAuthor Role will be
assigned to users belonging to the
corresponding BIAuthor groups in
both Weblogic LDAP and OID
54
- What are GUIDs?

55
What are GUIDs?
In Oracle BI 11g, users are recognized by their Global Unique Identifiers
(GUIDs), not by their names

GUIDs are identifiers that are completely unique for a given user

Using GUIDs to identify users provides a higher level of security because it
ensures that data and metadata is uniquely secured for a specific user,
independent of the user name

56
What are GUIDs?
Example Scenario
BI Presentation
Services
BI Server
Corporate LDAP

ASMITH

1) User ASMITH has been given access to the
Administrator screen within the Oracle BI front-end
ASMITH
Administration
57
What are GUIDs?
Example Scenario
BI Presentation
Services
BI Server
Corporate LDAP

ASMITH

2) User ASMITH leaves the company and
is removed from the Corporate LDAP
ASMITH
Administration
58
What are GUIDs?
Example Scenario
BI Presentation
Services
BI Server
Corporate LDAP

ASMITH

ASMITH

3) A few months later, a new ASMITH
joins the company
ASMITH
Administration
59
What are GUIDs?
Example Scenario
BI Presentation
Services
BI Server
Corporate LDAP

ASMITH

ASMITH

4) Can the new ASMITH log on to Oracle
BI and get Administration privileges?
ASMITH
Administration
60
What are GUIDs?
Example Scenario
BI Presentation
Services
BI Server
Corporate LDAP

ASMITH (1234)

ASMITH (5678)

5) The answer is NO! Because the new ASMITH
user has a different GUID to the original AMSITH
ASMITH (1234)
Administration
61
What are GUIDs?
The Outcome
In fact, the ASSMITH wont
be able to log on at all!
62
What are GUIDs?
The GUID feature is there to help secure your OBI environments
especially production

There may however be times when GUIDs become out of sync in and you
cannot log in as certain users:
Migrating from WebLogic Embedded LDAP to an alternative identity provider
Deleting users and then recreating them
Migrating Production Presentation Catalog / RPD to the Development
environment

In order to work around this, you can either:
Delete the offending users from the Presentation Catalog and log in again
or
Refresh GUIDs (explained overleaf)

Refreshing GUIDs
63
What are GUIDs?
Open up the NQSConfig.ini file for editing:

[OBI Home]/config/OracleBIServerComponent/coreapplication_obis1/NQSConfig.ini

Set the following parameter within the [SERVER] section:

FMW_UPDATE_ROLE_AND_USER_REF_GUIDS = YES;

Save the file
Regenerating GUIDs : Step 1 / 4
64
What are GUIDs?
Open up the instanceconfig.xml file for editing:

[OBI Home]/config/OracleBIPresentationServicesComponent/coreapplication_obips1/instanceconfig.xml

Add an UpdateAccountGUIDs entry to the <Catalog> section as follows:

<ps:Catalog xmlns:ps="oracle.bi.presentation.services/config/v1.1">
<ps:UpgradeAndExit>false</ps:UpgradeAndExit>
<ps:UpdateAccountGUIDs>UpdateAndExit</ps:UpdateAccountGUIDs>
</ps:Catalog>

Save the file
65
What are GUIDs?
Restart Oracle BI System components:

$ORACLE_BASE/instances/instance1/bin/opmnctl stopall
$ORACLE_BASE/instances/instance1/bin/opmnctl startall

66
What are GUIDs?
To ensure your system is secure once again you must revert the
configuration changes!

NQSConfig.ini : FMW_UPDATE_ROLE_AND_USER_REF_GUIDS = NO;

Instanceconfig.xml : Remove entry for <ps:UpdateAccountGUIDs>

Restart Processes : opmnctl stopall / startall
69
- What are GUIDs?
- What Happens During An Upgrade?

70
Do I Still Need SA System Subject Area?
Delivers Recipients
It is now possible to use an
Application Role to specify
the recipients of an Agent

Previously in 10g this
approach would not work
unless you stored all the
User > Catalog Group
mappings in the BI
Presentation Catalog
Very rarely done

71
Do I Still Need SA System Subject Area?
Delivery Profiles
Direct access to LDAP Servers

With Oracle BI 11g, Delivers can now access information about users,
their groups, and email addresses directly from the configured identity
store

In many cases this completely removes the need to extract this
information from your corporate directory into a database

72
- What are GUIDs?

73
What Are The Important Files?
[middleware]\user_projects\domains\bifoundation_domain\config\config.xml

Contains:
SSL Configuration of Admin and Managed Servers
Definitions and setup of Identity Providers
config.xml
74
[middleware]\user_projects\domains\bifoundation_domain\config\fmwconfig\system-jazn-data.xml

Contains definition of all Application Roles
During BI Apps install, you deploy this file to install all the BI Apps roles
System-jazn-data.xml
75
[middleware]\user_projects\domains\bifoundation_domain\config\fmwconfig\cwallet.sso

This is your Credential Store containing encrypted
usernames/passwords for your system accounts:
BI System User
Web service credentials
RPD passwords
etc

If you dont know all the passwords, it is a good idea to back this up before
you change any configuration.just in case
cwallet.sso
76
- What are GUIDs?

77
How Do I Migrate Between Environments?
11g Security Migration Points
BI Presentation
Services
BI Server
Corporate LDAP

USERS
ASMITH

GROUPS
Sales Manager

APPLICATION
ROLES

Sales Manager
Answers Access
Delivers Access

1
2
3
4
Weblogic Console
FMW Control
RPD
Catalog
&
Manage
Privileges

78
The topic of migration is covered in the Rittman Mead blogs:
Oracle BI EE 11g Migrating Security Identity Stores Part 1
Oracle BI EE 11g Migrating Security Policy Store Part 2
Oracle BI EE 11g Migrating Security Credential Store Part 3

Just to summarise..

79
You can import/export the entire set of users/groups within the Weblogic
LDAP via the WL Console

If you wish to do an incremental update then you will need to script using
WLST

Weblogic LDAP Users/Groups
80
To migrate the full set of Application Roles, simply copy/paste the system-
jazn-data.xml file to your target environment:
[middleware]\user_projects\domains\bifoundation_domain\config\fmwconfig\system-jazn-data.xml

If you need to do an incremental update then either:
Set up the Application Roles manually via FMW Control
Use WLST scripting

Application Roles
81
Running the 11g Upgrade Assistantwill automatically migrate the 10g
security configuration to 11:
RPD Groups migrated to WebLogic LDAP
RPD Users migrated to WebLogic LDAP (and assigned to relevant Groups)
Application Role created for each Group

During an 10g-11g upgrade?
OBIEE 11g
OBIEE 10g
82
- What are GUIDs?

83
Can I Still Use The 10g Security Model?
Yes..if you must! But hopefully the need for the 10g model is diminishing

The old method of using Initialization Blocks to populate USER/GROUP
session variables will still work in Oracle BI 11g
Use the new Session Variable ROLES instead of GROUP to map a user to one
or more Application Roles

Whenever you log in, the 10g security model is attempted first
Some users can use the 10g model, others can use 11g

Dont mix security models for the same user:
A user should authenticate/authorize using either the 11g model or the 10g
model..but not both

84
- What are GUIDs?

85
How Do You Implement SSL?
SSL is the mechanism used to enable secured HTTPS communications
between client web browser and the BI Server:

SSL works fully in OBIEE, the implementation details are in the
documentation (Security Guide)

You have to do all four sections..no shortcuts!

86
How Do You Implement SSL?
SSL configuration is fiddly by nature, set aside around 2 man-days to
configure it for the first time in development

The duration to implement could take longer, since you have to obtain a
trusted certificate from a certificate authority
Demo certificates are available (but you will get a standard security warning in
the browser if you use them)

The following Tech Notes on myOracle Support compliment the Oracle
Documentation:
OBIEE 11g SSL Setup and Configuration (Doc ID 1326781.1)
Procedure for configuring Node Manager with SSL. (Doc ID 1142995.1)

Further Notes
87
- What are GUIDs?

88
How Do You Implement SSO?
Supported SSO Mechanisms:
Oracle Access Manager (OAM)
Oracle Single Sign on (OSSO)
Windows Native Authentication without IIS (Kerberos)
Weblogic Default Asserter (Client Certificate Authentication)

Other supported features:
EBS ICX Cookie Mechanism
Siteminder 6 via HTTP Header
Go-URL with NQUser / NQPassword
SSO via HTTP header & cookie (requires customisation of BI Config)
SSO Support (11.1.1.6)
89
With OAM you need an HTTP Proxy and Webgate to sit in front of
WebLogic and perform the SSO redirection:
OAM
90
With SSO, the order of authenticators should be as follows:
1. Your LDAP authenticator (Sufficient)
2. Your SSO Asserter (Required)
3. WebLogic Embedded LDAP (Sufficient)

The LDAP authenticator is required for two reasons:
Perform authentication for non-SSO access (e.g. BI Office)
Obtain Groups for users who have authenticated via SSO
Identity Providers
91
You also need to enable SSO within FMW Control:
Specify SSO provider
SSO Logon URL
SSO Logoff URL
FMW Control
92
OAM Install Steps
93
A tech note / white paper exists
for implementing SSO with AD

Not for the faint hearted!
Active Directory / Kerberos
94
- What are GUIDs?

95
Error Messages That Could Mean a Million Things
96
97
98
99
What Do I Do When It All Goes Wrong?
1. Try a different user account

2. Try logging on with a system user account e.g. weblogic

3. Confirm you can log on to Weblogic Console and/or FMW Control (to
confirm authentication is actually working)

4. Reset the users password

5. Archive and delete user from the catalog, restart Presentation Services
and then unarchive user back into the catalog
If issue is just with one user
Try different logins
100
6. Check OPMN services are running

7. Check database and listener are working to _BIPLATFORM and _MDS
schemas (and make sure db passwords have not expired!):
Check Services
101
8. Check the Admin and Managed Server log files:
./user_projects/domains/bifoundation_domain/servers/AdminServer/log
./user_projects/domains/bifoundation_domain/servers/bi_server1/log

9. Check BI Server and BI Presentation Services logs:
./instances/instance1/diagnostics/log/OracleBIPresentationServices/coreapplcation
./instances/instance1/diagnostics/log/OracleBIBIServer/coreapplcation

Check Log Files
102
10. Check connectivity to LDAP / AD server is ok (you do this in WebLogic
Console make sure you can see the external Groups and Users)

11. Check HOSTS file has not changed, the very first entry should have IP
address and server name

12. Refresh GUIDs

13. Restart WebLogic and OPMN Services

14. Restart WebLogic AdminServer, and then start all other process from
within the WebLogic Admin Console and FMW Control (i.e. no command-
line)

15. Restart whole server, then start up WebLogic and OPMN services

Further Actions
103
16. Delete the two BISystemUser user entries from Presentation Catalog,
then restart services:
[Catalog Root]\root\users

17. Delete the two sawguidstate entries from the System Presentation
Catalog folder, then restart services:
[Catalog Root]\root\system\mktgcache\[Hostname]
More Drastic Actions
104
18. Re-enter BISystemUser credentials in the Credential Store, then restart
all services:
Last Ditch Attempts.
105
19. See Oracle Support article 1359798.1 to download Technote on
troubleshooting OBIEE security:
Oracle BI Enterprise Edition 11g Security - Troubleshooting.pdf
Oracle Technote
106
20. http://support.oracle.com

Contact Oracle!
107
Closing Thoughts
108
Closing Thoughts
Security is by nature a complex topic it is not just complicated in Oracle BI

There is obviously more work that can be done to simplify things in Oracle
BI 11g but lets try to be pleased with what we have:

A huge array of security capability

Support for small implementations all the way up to very large
enterprise deployments

A common model across Fusion Middleware applications

Summary
Questions?
Helping Your Business Intelligence Journey

Heljula Security 123

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Heljula Security 123

Hochgeladen von

Copyright:

Verfügbare Formate

Peak Indicators Limited

OBIEE 11g Security its as easy as 1-2-3!

Das könnte Ihnen auch gefallen