Select Page

Art of BI: Understanding Oracle BI 11g Security vs Legacy Oracle BI 10g

Christian Screen | | September 25, 2012

After conducting a large amount of Oracle BI 10g to Oracle BI 11g upgrades and after writing the Oracle BI 11g book, I still continually get asked one of the most basic questions regarding security in Oracle BI 11g; How does it compare to Oracle BI 10g?  The trail of questions typically goes on to what are the differences? And, how do we leverage our current Oracle BI 10g security table schema in Oracle BI 11g?

Although answering those questions verbally is never a problem, when facilitated, the conversation almost always gets accompanied by a very rudimentary (I couldn’t think of a word for one not having any art skills) white board sketch of the integration in one environment versus the other. So, I decided to add another big contribution to the Oracle BI community by providing a nice diagram chart showing both Oracle BI 10g and Oracle BI 11g Security flow at a high-level side-by-side. You may use the diagram freely but please give credit.  On the Oracle BI 11g side of the diagram I’ve listed a few directional references indicated by each corresponding letter.


Here is a quick explanation of the diagram based on the lettered symbols:

  • A) User connects via the Internet/intranet, through firewall, etc.
  • B) User reaches Oracle BI 11g environment, commonly known as Presentation Services or OBIEE Dashboards.
  • C) Presentation Services communicates with WebLogic Server from which the  /analytics application deployed and attempts authentication.
  • D) WebLogic Server attempts to reach the LDAP custom identity provider that gets configured in WLS Admin Console.  WLS receives an authentication response based on credentials entered at the Presentation Services login screen.
  • E) Using the BISQLGroupProvider to manage Relational Security Table authorization, once the user has been authentication via LDAP, WLS attempts to retrieve the username and its associated groups from the relational security system.  If groups are found, it matches the identical Application Roles to those groups and assigns the WLS/OPSS Application Role security to that now authenticated user.
  • F) Session Variables and respective Application Role security are loaded and Session Init Blocks fire as designed.
  • G) The Oracle BI RPD continues to communicate with the data warehouse as it did in Oracle BI 10g.


[download id=”8″]

Subscribe to Our Blog

Never miss a post! Stay up to date with the latest database, application and analytics tips and news. Delivered in a handy bi-weekly update straight to your inbox. You can unsubscribe at any time.

ORA-12154: TNS:could not resolve the connect identifier specified

Most people will encounter this error when their application tries to connect to an Oracle database service, but it can also be raised by one database instance trying to connect to another database service via a database link.

Jeremiah Wilton | March 4, 2009

12c Upgrade Bug with SQL Tuning Advisor

Learn the steps to take on your Oracle upgrade 11.2 to 12.1 if you’re having performance problems. Oracle offers a patch and work around to BUG 20540751.

Megan Elphingstone | March 22, 2017

Oracle EPM Cloud Vs. On-Premises: What’s the Difference?

EPM applications help measure the business performance. This post will help you choose the best EPM solutions for your organization’s needs and objectives.

Bobby Ellis | April 10, 2018

Work with Us

Let’s have a conversation about what you need to succeed and how we can help get you there.


Work for Us

Where do you want to take your career? Explore exciting opportunities to join our team.