Art of BI: Understanding Oracle BI 11g Security vs Legacy Oracle BI 10g

By | In 11g, Art of BI, Big Data, Business Intelligence | September 25th, 2012

After conducting a large amount of Oracle BI 10g to Oracle BI 11g upgrades and after writing the Oracle BI 11g book, I still continually get asked one of the most basic questions regarding security in Oracle BI 11g; How does it compare to Oracle BI 10g?  The trail of questions typically goes on to what are the differences? And, how do we leverage our current Oracle BI 10g security table schema in Oracle BI 11g?

Although answering those questions verbally is never a problem, when facilitated, the conversation almost always gets accompanied by a very rudimentary (I couldn’t think of a word for one not having any art skills) white board sketch of the integration in one environment versus the other. So, I decided to add another big contribution to the Oracle BI community by providing a nice diagram chart showing both Oracle BI 10g and Oracle BI 11g Security flow at a high-level side-by-side. You may use the diagram freely but please give credit.  On the Oracle BI 11g side of the diagram I’ve listed a few directional references indicated by each corresponding letter.


Here is a quick explanation of the diagram based on the lettered symbols:

  • A) User connects via the Internet/intranet, through firewall, etc.
  • B) User reaches Oracle BI 11g environment, commonly known as Presentation Services or OBIEE Dashboards.
  • C) Presentation Services communicates with WebLogic Server from which the  /analytics application deployed and attempts authentication.
  • D) WebLogic Server attempts to reach the LDAP custom identity provider that gets configured in WLS Admin Console.  WLS receives an authentication response based on credentials entered at the Presentation Services login screen.
  • E) Using the BISQLGroupProvider to manage Relational Security Table authorization, once the user has been authentication via LDAP, WLS attempts to retrieve the username and its associated groups from the relational security system.  If groups are found, it matches the identical Application Roles to those groups and assigns the WLS/OPSS Application Role security to that now authenticated user.
  • F) Session Variables and respective Application Role security are loaded and Session Init Blocks fire as designed.
  • G) The Oracle BI RPD continues to communicate with the data warehouse as it did in Oracle BI 10g.


[download id=”8″]

Contact Us
Christian Screen
Christian is an innovator in analytics and data warehousing design, best practices, and delivery. With more than fifteenyears of decision support and data warehousing with key experiences at Office Depot HQ, Sierra-Cedar, and Capgemini, he oversees the Oracle Analytics Practice which includes the technical development and delivery of Oracle BI collaboration software, data warehouse solutions, Oracle BI/EPM projects, and packaged analytics solutions at Datavail.

Leave a Reply

Your email address will not be published.
Required fields are marked (*).