Specialized IT Services focused on Data Management | Speak with Us 877-634-9222
Art of BI: Understanding Oracle BI 11g Security vs Legacy Oracle BI 10g
After conducting a large amount of Oracle BI 10g to Oracle BI 11g upgrades and after writing the Oracle BI 11g book, I still continually get asked one of the most basic questions regarding security in Oracle BI 11g; How does it compare to Oracle BI 10g? The trail of questions typically goes on to what are the differences? And, how do we leverage our current Oracle BI 10g security table schema in Oracle BI 11g?
Although answering those questions verbally is never a problem, when facilitated, the conversation almost always gets accompanied by a very rudimentary (I couldn’t think of a word for one not having any art skills) white board sketch of the integration in one environment versus the other. So, I decided to add another big contribution to the Oracle BI community by providing a nice diagram chart showing both Oracle BI 10g andSecurity flow at a high-level side-by-side. You may use the diagram freely but please give credit. On the Oracle BI 11g side of the diagram I’ve listed a few directional references indicated by each corresponding letter.
Here is a quick explanation of the diagram based on the lettered symbols:
- A) User connects via the Internet/intranet, through firewall, etc.
- B) User reaches Oracle BI 11g environment, commonly known as Presentation Services or OBIEE Dashboards.
- C) Presentation Services communicates with WebLogic Server from which the /analytics application deployed and attempts authentication.
- D) WebLogic Server attempts to reach the LDAP custom identity provider that gets configured in WLS Admin Console. WLS receives an authentication response based on credentials entered at the Presentation Services login screen.
- E) Using the BISQLGroupProvider to manage Relational Security Table authorization, once the user has been authentication via LDAP, WLS attempts to retrieve the username and its associated groups from the relational security system. If groups are found, it matches the identical Application Roles to those groups and assigns the WLS/OPSS Application Role security to that now authenticated user.
- F) Session Variables and respective Application Role security are loaded and Session Init Blocks fire as designed.
- G) The Oracle BI RPD continues to communicate with the data warehouse as it did in Oracle BI 10g.