Select Page

Understanding Oracle BI 11g Security vs Legacy Oracle BI 10g

Christian Screen | | September 25, 2012

After conducting a large amount of Oracle BI 10g to Oracle BI 11g upgrades and after writing the Oracle BI 11g book, I still continually get asked one of the most basic questions regarding security in Oracle BI 11g; How does it compare to Oracle BI 10g?  The trail of questions typically goes on to what are the differences? And, how do we leverage our current Oracle BI 10g security table schema in Oracle BI 11g?

Although answering those questions verbally is never a problem, when facilitated, the conversation almost always gets accompanied by a very rudimentary (I couldn’t think of a word for one not having any art skills) white board sketch of the integration in one environment versus the other. So, I decided to add another big contribution to the Oracle BI community by providing a nice diagram chart showing both Oracle BI 10g and Oracle BI 11g Security flow at a high-level side-by-side. You may use the diagram freely but please give credit.  On the Oracle BI 11g side of the diagram I’ve listed a few directional references indicated by each corresponding letter.


Here is a quick explanation of the diagram based on the lettered symbols:

  • A) User connects via the Internet/intranet, through firewall, etc.
  • B) User reaches Oracle BI 11g environment, commonly known as Presentation Services or OBIEE Dashboards.
  • C) Presentation Services communicates with WebLogic Server from which the  /analytics application deployed and attempts authentication.
  • D) WebLogic Server attempts to reach the LDAP custom identity provider that gets configured in WLS Admin Console.  WLS receives an authentication response based on credentials entered at the Presentation Services login screen.
  • E) Using the BISQLGroupProvider to manage Relational Security Table authorization, once the user has been authentication via LDAP, WLS attempts to retrieve the username and its associated groups from the relational security system.  If groups are found, it matches the identical Application Roles to those groups and assigns the WLS/OPSS Application Role security to that now authenticated user.
  • F) Session Variables and respective Application Role security are loaded and Session Init Blocks fire as designed.
  • G) The Oracle BI RPD continues to communicate with the data warehouse as it did in Oracle BI 10g.


[download id=”8″]

Subscribe to Our Blog

Never miss a post! Stay up to date with the latest database, application and analytics tips and news. Delivered in a handy bi-weekly update straight to your inbox. You can unsubscribe at any time.

Art of BI: BI Publisher (BIP) Quick Guide and Tips

Read our blog post on how to take over production support of BI Publisher reports.

Sherry Milad | January 15, 2018

How to Index a Fact Table – A Best Practice

At the base of any good BI project is a solid data warehouse or data mart.

Christian Screen | March 16, 2010

Art of BI: How to Add Comments in Oracle BI (OBIEE)

Ultimately the goal of commentary in OBIEE is to have a system for persisting feedback, creating a call to action, and recognizing the prolific users.

Christian Screen | December 29, 2013

Work with Us

Let’s have a conversation about what you need to succeed and how we can help get you there.


Work for Us

Where do you want to take your career? Explore exciting opportunities to join our team.