Presentation is loading. Please wait.

Presentation is loading. Please wait.

OBIEE Automation OBIEE Automation User and Folder Security.

Similar presentations


Presentation on theme: "OBIEE Automation OBIEE Automation User and Folder Security."— Presentation transcript:

1 OBIEE Automation OBIEE Automation User and Folder Security

2 Use Case 1 – Role & Folder Per Entity Use Case 1: Several entities (dept’s, org’s, etc) will use OBIEE, each needs their own folder in addition to users of each entity having their own folder.

3 Use Case 1 – Create User Key Files Create User Key Files: Create a user configuration and associating key file to store encrypted authentication credentials. Login to Web Logic with WLST and run: storeUserConfig(userConfigFile, userKeyFile, [nm]) ArgumentDefinition userConfigFile Name of the file to store the user configuration. The filename can be absolute or relative to the directory from which you enter the command. userKeyFile Name of the file to store the key information that is associated with the user configuration file that you specify. The pathname can be absolute or relative to the directory from which you enter the command. nm Optional. Boolean value specifying whether to store the username and password for Node Manager or WebLogic Server. If set to true, the Node Manager username and password is stored. This argument default to false

4 Create User: import sys import socket url = 't3://'+socket.gethostname()+':7001' user = sys.argv[1] user_pass = sys.argv[2] user_desc = sys.argv[3] connect(userConfigFile='user_config',userKeyFile='keyfile',url=url) atnr=cmo.getSecurityConfiguration().getDefaultRealm().lookupAuthenticationProvider("DefaultAuthenticator") if atnr.userExists(user): exit() else: atnr.createUser(user, user_pass, user_desc) exit() Call: /path/to/wlst.sh /path/to/create_user.py user user_pass user_desc Use Case 1: Create User

5 Use Case 1: Role Exists Get Roles: import sys import socket url = 't3://'+socket.gethostname()+':7001' connect(userConfigFile='user_config',userKeyFile='keyfile',url=url) listAppRoles(appStripe=‘[replace with application stripe name]’) Call: /path/to/wlst.sh /path/to/list_roles.py >> roles.txt Parse For ‘Principal Name’ Value: grep 'Principal Name' roles.txt | awk -F':' '{print $3}' | awk -F',' '{print $1}'

6 Use Case 1: Role Exists Get Roles (use existing script): /oracle/middleware/oracle_common/common/bin/wlst.sh /oracle/middleware/oracle_common/modules/oracle.jps_11.1.1/common/wlstscripts/listAppRoles.py -appStripe [replace with your app stripe name]

7 Use Case 1: Create Role Create Role: import sys import socket url = 't3://'+socket.gethostname()+':7001' connect(userConfigFile='user_config',userKeyFile='keyfile',url=url) atnr=cmo.getSecurityConfiguration().getDefaultRealm().lookupAuthorizer("DefaultAuthenticator") try: createAppRole(appStripe=‘[replace with application stripe name]', appRoleName=sys.argv[1]) except: pass exit() Call: /path/to/wlst.sh /path/to/script.py role_name

8 Use Case 1: Add User to Role Add User to Role: import sys import socket url = 't3://'+socket.gethostname()+':7001' connect(userConfigFile='user_config',userKeyFile='keyfile',url=url) try: grantAppRole(‘[replace with application stripe name]',sys.argv[1],"weblogic.security.principal.WLSUserImpl",sys.argv[2]) except: pass exit() Call : /path/to/wlst.sh /path/to/user_to_role.py role_name user_name

9 Use Case 1: Web Service Session SAWSessionService.logon: {User} {Pass} Access WSDL at: host:9704/analytics/saw.dll?wsdl

10 Use Case 1: Create Folder WebCatalogService.createFolder: /shared/{REPLACE W/NAME OF FOLDER} 1 0 {REPLACE WITH SESSION ID}

11 Use Case 1: Remove Inherited Folder Perms WebCatalogService.updateCatalogItemACL: /shared/{REPLACE W/NAME OF FOLDER} {Replace with Role Name} 4 {Replace with Role Name} 2 0 {REPLACE WITH SESSION ID}

12 Use Case 1: Add Role to Folder WebCatalogService.updateCatalogItemACL: /shared/{REPLACE W/NAME OF FOLDER} {Replace with Role Name} 4 {Replace with Role Name} {ADD Permissions MASK} 1 0 {REPLACE WITH SESSION ID}

13 Use Case 1: Add Role to Folder WebCatalogService.updateCatalogItemACL: 4 {ADD Permissions MASK*} 1 From the WSDL: permissionMask field value is combination of the following flags: 1 permission to read items content 2 permission to traverse directory 4 permission to change items content 8 permission to delete an item 16 permission to assign permissions to others 32 can take ownership of the item 2048 permission to run a publisher report live 4096 permission to schedule a publisher report 8192 permission to view output of a publisher report Invalid ACL update flag. Valid values are: 0 - replace ACL 1 - replace privileges only for mentioned accounts 2 - delete mentioned accounts from item's ACL accountType values: 0 - user 1 - group 4 - role

14 Use Case 2: Training department needs 50 training users for each business day of the week. Passwords for each user needs to be reset after one week. Use Case 2 – Training Users

15 Use Case 2: User Exists Alternative SecurityService.getAccounts: *Training* 0 {REPLACE WITH SESSION ID} Compare results with users you want to add.

16 Use Case 2: Reset Users User Expired: Use Regular Expression to compare user day on username with day from date object or sysdate. For example: ^([0-9]{1,2})(Training[0-9]{1,2}) Compare first part of regex (1,2,3,4,5) to the day of the week from date object. Change Password: import sys import socket url = 't3://'+socket.gethostname()+':7001' new_pass = sys.argv[3] old_pass = sys.argv[2] user_number = sys.argv[1] connect(userConfigFile='user_config',userKeyFile='keyfile',url=url) atnr=cmo.getSecurityConfiguration().getDefaultRealm().lookupAuthenticationProvider("DefaultAuthenticator") atnr.changeUserPassword(user_number, old_pass, new_pass) exit() Clear User Folder: rm -rf /path/to/OracleBIPresentationServicesComponent/coreapplication_obips1/catalog/root/users/user/*

17 Use Case 3: To improve product quality, the QA or Dev team want to have repeatable automated tests ran per RPD release. Tests need to be added per iteration to account for changes or additions. Previously built tests will be ran in the automated suite of tests to validate unchanged objects still contain proper logic. Use Case 3: RPD QA

18 XmlViewService.executeXMLQuery: /path/to/folder name/report name SAW_ROWSET_SCHEMA_AND_DATA false 10 true false {REPLACE WITH SESSION ID} Use Case 3: RPD Output

19 Returned XML: To get this data we have gone through all logic in the RPD we’d go through when requesting through a URL (initialization blocks, identity manager, session variables, BMM layer logic, etc). Baz Bar Foo ]]> Use XML parser to get just values or transform returned values from database into XML. Use Case 3: RPD Output

20 References WLST Commands: http://docs.oracle.com/cd/E13222_01/wls/docs92/config_scripting/quick_ref.html WebLogic Server API Reference: http://docs.oracle.com/cd/E29542_01/apirefs.1111/e13941/toc.htm Example of SecurityConfigurationMBean: http://docs.oracle.com/cd/E11035_01/wls100/javadocs_mhome/weblogic/management/configuration/SecurityConfigurationMBean.html MBean Reference: http://docs.oracle.com/cd/E28280_01/apirefs.1111/e13951/core/ Web Service Structures: http://docs.oracle.com/cd/E21764_01/bi.1111/e16364/structures.htm

21 Evaluate this session https://www.surveymonkey.com/s/UTOUGSessions https://www.surveymonkey.com/s/UTOUGSessions Session Evaluation Number: 7


Download ppt "OBIEE Automation OBIEE Automation User and Folder Security."

Similar presentations


Ads by Google