Thursday, June 28, 2012



In OBIEE 11g how the security system  works when a user login to the WLS/analytics.

 The default security mechanism provides controls to manage users and groups, permission grants and credential store. Following are the security controls that are available after the installation.

1.An embedded LDAP server in WebLogic available to store users and groups known as 
Identity Store
2.A file to store the permission grants information known as the “Policy Store
3.A file to store user and system credentials for inter process communication known as the 
Credential Store.

Order of Authentication:

The Oracle BI Server populates session variables using the initialization blocks in the desired order that are specified by the dependency rules defined in the initialization blocks.

If the server finds the session variable USER, it performs authentication against an LDAP server or an external database table, depending on the configuration of the initialization block with which the USER variable is associated.

Authentication against the identity store configured in Oracle WebLogic Server Administration Console occurs first, and if that fails, then initialization block authentication occurs.
If you configure your external table authentication as in OBIEE 10g when the session variable USER is associated to the initialization block and LDAP server fails to get the respective user then the user's will authenticate(Identify  store) over database(table).

Dont forgot to create Catalog group as we do normally in 10g

In 11g  Analytics - Administration- Security - Manage Catalog groups -- (+) to add new groups and set permissions to  the catalog folders w.r.t groups/users.

No comments:

Post a Comment