In OBIEE 11g how the security system works when a user login to the WLS/analytics.
The default security mechanism provides controls to manage users and groups, permission grants and credential store. Following are the security controls that are available after the installation.
1.An embedded LDAP server in WebLogic available to store users and groups known as
2.A file to store the permission grants information known as the “Policy Store”
3.A file to store user and system credentials for inter process communication known as the
The Oracle BI Server populates session variables using the initialization blocks in the desired order that are specified by the dependency rules defined in the initialization blocks.
If the server finds the session variable USER, it performs authentication against an LDAP server or an external database table, depending on the configuration of the initialization block with which the USER variable is associated.
Authentication against the identity store configured in Oracle WebLogic Server Administration Console occurs first, and if that fails, then initialization block authentication occurs.
If you configure your external table authentication as in OBIEE 10g when the session variable USER is associated to the initialization block and LDAP server fails to get the respective user then the user's will authenticate(Identify store) over database(table).
Dont forgot to create Catalog group as we do normally in 10g
In 11g Analytics - Administration- Security - Manage Catalog groups -- (+) to add new groups and set permissions to the catalog folders w.r.t groups/users.