Security Configuration Page and Overview

Enabling a Local Superuser

Oracle recommends that you define an administration Superuser. Using the Superuser credentials you can directly access the BI Publisher administrative functions without logging in through the defined security model.

Set up this Superuser to ensure access to all administrative functions in case of failures with the configured security model. It is highly recommended that you set up a Superuser.

1. Click Administration.

2. Under Security Center click Security Configuration.

3. Under Local Superuser, select the box and enter the credentials for the Superuser.

4. Restart the BI Publisher application.

Enabling a Guest User

You can configure public access to specific reports by defining a "Guest" folder. Any user can access the reports in this folder without entering credentials.

All objects required to view a report must be present in the Guest folder because the Guest folder is the only folder the guest user will have any access rights to. Therefore the report and the data model must be present in the Guest folder as well as Sub Templates and Style Templates, if applicable. The guest user has read access only. The Guest user must also be granted access to the report data source.

To enable guest access:

1. Under Shared Folders, create the folder to which you want to grant public access.

2. Click Administration.

3. Under Security Center select Security Configuration.

4. Under Guest Access, select Allow Guest Access.

5. Enter the name of the folder that you created for public access.

   Figure 24-1 Enabling Guest Access

   
   

6. Restart the BI Publisher application.

7. Add the objects to the Guest folder that you want the guest users to access: folders, reports, data models, Sub Templates and Style Templates.

   The report must reference the data model that is stored in the guest folder. Therefore, if you copy a report with its data model from another location, ensure to open the report and reselect the data model so that the report references the data model inside the guest folder. Similarly, any references to Sub Templates or Style Templates must also be updated.

8. Grant access to the data sources used by data models in your Guest folder. See "About Data Sources and Security" in the About Data Sources and Security for information on granting Guest access to a data source.

Users who access BI Publisher will see the Guest button on the log on page. Users can select this button and view the reports in your chosen guest folder without presenting credentials.

Authentication and Authorization Options

BI Publisher supports several options for authentication and authorization. You can choose a single security model to handle both authentication and authorization; or, you can configure BI Publisher to use a Single Sign-On provider or LDAP provider for authentication with another security model to handle authorization.

Authentication: Support for Single Sign-on

Oracle BI Publisher supports the following Single Signon (SSO) providers:

• Oracle Single Sign-On

• Oracle Access Manager

• Siteminder

For information on configuring these options see the Oracle Fusion Middleware Administrator's Guide for Oracle Business Intelligence Publisher.

Security Model

BI Publisher offers the following security options:

• Oracle Fusion Middleware Security

  For more information, see "Configuring Oracle Fusion Middleware Security" in the Oracle Fusion Middleware Administrator's Guide for Oracle Business Intelligence Publisher.

• BI Publisher Security

  Use BI Publisher's Users and Roles paradigm to control access to reports and data sources. See "Understanding BI Publisher's Users and Roles" in the Oracle Fusion Middleware Administrator's Guide for Oracle Business Intelligence Publisher.

• Oracle BI Server Security

  This option is offered for backward compatibility with Oracle Business Intelligence Enterprise Edition 10g. See "Integrating with Oracle BI Server Security" in the Oracle Fusion Middleware Administrator's Guide for Oracle Business Intelligence Publisher

• LDAP

  Set up the BI Publisher roles in your LDAP server then configure BI Publisher to integrate with it. See the Oracle Fusion Middleware Administrator's Guide for Oracle Business Intelligence Publisher for information on configuring LDAP.

• Oracle E-Business Suite

  Upload a DBC file to recognize your Oracle E-Business Suite users. See "Integrating with E-Business Suite Security" in the Oracle Fusion Middleware Administrator's Guide for Oracle Business Intelligence Publisher.

• Oracle Database

  Set up the BI Publisher roles in your Oracle Database and then configure BI Publisher to integrate with it. See "Integrating with Oracle Database Security" in the Oracle Fusion Middleware Administrator's Guide for Oracle Business Intelligence Publisher.

• Siebel CRM Security

  Set up the BI Publisher roles in Siebel CRM and then configure BI Publisher to integrate with it. See "Integrating with Siebel CRM Security" in the Oracle Fusion Middleware Administrator's Guide for Oracle Business Intelligence Publisher.

Granting Data Access to Roles and Permissions

Use the Roles and Permissions page to add data sources to roles.

A role must be granted access to a data source if the role must:

• Run or schedule a report built on a data model that retrieves data from the data source

• Create or edit a data model that retrieves data from the data source

To grant a role access to a data source:

1. Navigate to the BI Publisher Administration page.

2. Under Security Center, click Roles and Permissions.

3. On the Roles and Permissions page, locate the role, then click Add Data Sources.

4. On the Add Data Sources page you see a region for each of the following types of data sources:

   • Database Connections

   • File Directories

   • LDAP Connections

   • OLAP Connections

5. Use the shuttle buttons to move the required data sources from the Available Data Sources list to the Allowed Data Sources list.

6. When finished, click Apply.