OBIEE – Secured!
Outline
• Aspects of security
• Overview of OBI security options
• How to integrate security with E-BusinessSuite
• Encryption of sensitive data
Security: Different Aspects
• Authentication: Who should get access?
• Authorization: What data may be accessed?
• Monitoring: Is usage being audited?
• Integration: Does a common security model need to apply between your OBIEE deployment and eBS implementation?
• Encryption: Is sensitive data protected?
Authentication:-
Validate logon / password
• Use Oracle BI Security Manager to manage security for a repository.
• Set up users / groups
• LDAP users / groups
• Supports OID, SSO
Authorization
• Manage query execution
• Restrict query access to specific objects, including rows and columns, or time periods
• Control runaway queries by limiting queries to a specific number of rows or maximum run time
• Limit queries by setting up filters for an object (typically for facts)
Data Security: Object filters
Determine securing attribute
• Create an init. block to retrieve allowable values
• Assign the filter to objects and grant to the users or groups
Monitoring Usage
• Track usage to optimize
• Database for queries
• Aggregation strategies
• Billing users / groups based on usage
• Two methods
• Insert usage data into database tables (recommended)
• Insert usage data into log files
Monitoring Usage
• Modify NQSConfig.ini parameters
• Create reporting on usage tracking table S_NQ_ACCT
Integrating with E-Business Suite
• Integration aspects
• Single Sign-On / Authentication
• Application Data Security
• Drill to Transactions
When multiple users run the same report, the results that are returned to each depend on their access rights and roles in the organization. For example, a sales vice president sees results for all regions, while a sales representative for a particular region sees only data for that region.
In this example, if a user of the Country Managers group, select a column of the table SH.Salesfacts or SH.Customers, the logical query will get this filter where the country is equal to the session variable (UserCountry).
Outline
• Aspects of security
• Overview of OBI security options
• How to integrate security with E-BusinessSuite
• Encryption of sensitive data
Security: Different Aspects
• Authentication: Who should get access?
• Authorization: What data may be accessed?
• Monitoring: Is usage being audited?
• Integration: Does a common security model need to apply between your OBIEE deployment and eBS implementation?
• Encryption: Is sensitive data protected?
Authentication:-
Validate logon / password
• Use Oracle BI Security Manager to manage security for a repository.
• Set up users / groups
• LDAP users / groups
• Supports OID, SSO
Authorization
• Manage query execution
• Restrict query access to specific objects, including rows and columns, or time periods
• Control runaway queries by limiting queries to a specific number of rows or maximum run time
• Limit queries by setting up filters for an object (typically for facts)
Data Security: Object filters
Determine securing attribute
• Create an init. block to retrieve allowable values
• Assign the filter to objects and grant to the users or groups
Monitoring Usage
• Track usage to optimize
• Database for queries
• Aggregation strategies
• Billing users / groups based on usage
• Two methods
• Insert usage data into database tables (recommended)
• Insert usage data into log files
Monitoring Usage
• Modify NQSConfig.ini parameters
• Create reporting on usage tracking table S_NQ_ACCT
Integrating with E-Business Suite
• Integration aspects
• Single Sign-On / Authentication
• Application Data Security
• Drill to Transactions
OBIEE - Security Level:-
The security mechanisms in OBIEE use the security hierarchies. This minimizes the need for OBIEE administrators to manage two security systems. It also allows a high degree of control over access to elements.
security in Oracle BI can be classified broadly into the following three types.
Data Level Security
security in Oracle BI can be classified broadly into the following three types.
Data Level Security
Object-Level Security
User-level security
- DATA-
Data-level security controls the visibility of data (content rendered in subject areas, dashboards, Oracle BI Answers, and so on) based on the user's association to data in the transactional system. This controls the type and amount of data that you can see in a report. When multiple users run the same report, the results that are returned to each depend on their access rights and roles in the organization. For example, a sales vice president sees results for all regions, while a sales representative for a particular region sees only data for that region.
ROW
ROW
Row-level security is a data level security such as a Virtual Private Database (VPD)
When multiple users run the same report, the results that are returned to each depend on their access rights and roles in the organization. For example, a sales vice president sees results for all regions, while a sales representative for a particular region sees only data for that region.
In this example, if a user of the Country Managers group, select a column of the table SH.Salesfacts or SH.Customers, the logical query will get this filter where the country is equal to the session variable (UserCountry).
SH.Customers.Country = VALUEOF(NQ_SESSION."UserCountry")As the session variable (UserCountry) is defined by user, you wil get only the data for the country of the user.
COLUMN
Column security is embedded in the Business logic object security.
OBJECT
OBJECT
Object-level security controls the visibility to business logical objects based on a user's role. You can set up object-level security for metadata repository objects, such as subject areas and presentation folders, and for Web objects, such as dashboards and dashboard pages, which are defined in the Presentation Catalog.
Business Logic Object:-
Business Logic Object:-
This controls access to objects, such as:
- Subject Areas
- presentation tables,
- and presentation catalogues.
Web object security
This provides security for objects stored in the Web Catalog, such as dashboards, dashboard pages, folders, and reports. You can view only the objects for which you are authorized. For example, a mid-level manager may not be granted access to a dashboard containing summary information for an entire department.
USER
USER
User-level security refers to authentication and confirmation of the identity of a user based on the credentials provided.
