Presentation is loading. Please wait.

Presentation is loading. Please wait.

19 Copyright © 2008, Oracle. All rights reserved. Security.

Published byEdgar Hart Modified over 7 years ago

Similar presentations

Presentation on theme: "19 Copyright © 2008, Oracle. All rights reserved. Security."— Presentation transcript:

1 19 Copyright © 2008, Oracle. All rights reserved. Security

2 Copyright © 2008, Oracle. All rights reserved. 19 - 2 Objectives After completing this lesson, you should be able to: Define users and groups Set permissions for users and groups to control access to repository objects Explain group inheritance Identify and describe the authentication methods used by Oracle BI Server Use query limits, timing restrictions, and filters to control access to repository information

3 Copyright © 2008, Oracle. All rights reserved. 19 - 3 Business Challenge Only qualified persons should have access rights to applications. Data needs to be protected so that only authorized employees can access sensitive information. Employees should automatically see the information that is relevant to their roles.

4 Copyright © 2008, Oracle. All rights reserved. 19 - 4 Business Solution: Oracle BI Security Provides ability to authenticate users through logon Controls user access to data Secures access control on object and data levels

5 Copyright © 2008, Oracle. All rights reserved. 19 - 5 Security Manager Is a utility in the Administration Tool that displays all the security information for a repository.

6 Copyright © 2008, Oracle. All rights reserved. 19 - 6 Working with Users User accounts can be defined explicitly in: –An Oracle BI Server repository –An external source (such as a database table or an LDAP server) Users must be authenticated by Oracle BI Server for a session to take place.

7 Copyright © 2008, Oracle. All rights reserved. 19 - 7 Adding a User to a Repository Name Password Logging level Group membership

8 Copyright © 2008, Oracle. All rights reserved. 19 - 8 Setting User Permissions and Logons Undefined Denied Read-only

9 Copyright © 2008, Oracle. All rights reserved. 19 - 9 Administrator Account Is a default, permanent user account in every Oracle BI Server repository Cannot be deleted or modified other than to change the password and logging level

10 Copyright © 2008, Oracle. All rights reserved. 19 - 10 Working with Groups A group is a set of security attributes. Use Security Manager to create groups and then grant membership in them to users or other groups. Groups Users and groups can belong to a group.

11 Copyright © 2008, Oracle. All rights reserved. 19 - 11 Administrators Group Is a predefined group with authority to access and modify any object in a repository Administrator user is automatically a member. Default member Defined members

12 Copyright © 2008, Oracle. All rights reserved. 19 - 12 Defined Groups You can create an unlimited number of groups in a repository. Each group can contain: –Explicitly granted privileges –Implicitly granted privileges through membership in another group Defined groups

13 Copyright © 2008, Oracle. All rights reserved. 19 - 13 Group Inheritance Privileges granted explicitly to a user have precedence over privileges granted through groups. Privileges granted explicitly to a group take precedence over any privileges granted through other groups. If security attributes conflict, a user or group is granted the least restrictive security attribute.

14 Copyright © 2008, Oracle. All rights reserved. 19 - 14 Group Inheritance: Example User 1 Member Group 1 Member Group 2 Group 1 DENY Table A Member Group 3 Member Group 4 Group 2 READ Table A Member Group 5 Group 3 READ Table B Group 4 READ Table C Group 5 DENY Table A

15 Copyright © 2008, Oracle. All rights reserved. 19 - 15 Adding a New Group Members include users and groups. Add members. Set permissions.

16 Copyright © 2008, Oracle. All rights reserved. 19 - 16 Viewing Member Hierarchies Click the hierarchy icon in the left pane of the Security Manager, and then expand the tree in the right pane.

17 Copyright © 2008, Oracle. All rights reserved. 19 - 17 Authentication Is the process by which a system verifies (with a user ID and password) that a user has the necessary permissions and authorizations to log on and access data Oracle BI Server authenticates each connection request that it receives.

18 Copyright © 2008, Oracle. All rights reserved. 19 - 18 Authentication Options Oracle BI Server supports the following authentication types: Operating system External table LDAP Database Internal

19 Copyright © 2008, Oracle. All rights reserved. 19 - 19 Operating System Authentication Oracle BI Server supports Windows Unified Logon. If a user is configured on a trusted Windows domain, an Oracle BI Server user of the same name does not need to be authenticated by Oracle BI Server. The user ID in the repository must match the user ID in the trusted Windows domain.

20 Copyright © 2008, Oracle. All rights reserved. 19 - 20 External Table Authentication Instead of storing IDs and passwords in a repository, maintain lists of users and passwords in an external database table. Use Oracle BI session variables to get values. External table

21 Copyright © 2008, Oracle. All rights reserved. 19 - 21 LDAP Authentication Instead of storing IDs and passwords in a repository, Oracle BI Server passes the user ID and password entered by the user to an LDAP server for authentication. Use Oracle BI session variables to get authentication values.

22 Copyright © 2008, Oracle. All rights reserved. 19 - 22 Database Authentication Authenticates users through database logons To set up database authentication: –Store user IDs (without passwords) in a repository. –Import database to the repository. –Specify authentication database in NQSConfig.ini. Add users to the repository. Import the database. Modify the NQSConfig.ini file.

23 Copyright © 2008, Oracle. All rights reserved. 19 - 23 Internal Authentication Maintain lists of users and passwords in the repository using the Administration Tool. Oracle BI Server authenticates against this list unless: –Another authentication method has already succeeded –Database authentication is specified in NQSConfig.ini User IDs are nonencrypted and non-case-sensitive. Passwords are encrypted and case-sensitive. Users can access any business model if they have the necessary access privileges. Users do not span repositories.

24 Copyright © 2008, Oracle. All rights reserved. 19 - 24 Order of Authentication 1.Operating system (OS): –No logon name –Turned on in NQSConfig.ini 2.LDAP or external database table –Populates session variables 3.Internal or database

25 Copyright © 2008, Oracle. All rights reserved. 19 - 25 Bypassing Oracle BI Security It is possible to bypass Oracle BI Server security and rely on the security that is provided by issuing user-specific database logons and passwords. Set in the NQSConfig.ini file.

26 Copyright © 2008, Oracle. All rights reserved. 19 - 26 Setting Query Limits Use Query Limits tab to: Control the number of rows received by a user or group Control the maximum query run time Enable or disable Populate Privilege Enable or disable Execute Direct Database Requests

27 Copyright © 2008, Oracle. All rights reserved. 19 - 27 Setting Timing Restrictions Restrict access to a database during particular time periods.

28 Copyright © 2008, Oracle. All rights reserved. 19 - 28 Setting Filters Limit queries by setting up filters on objects for a user or group.

29 Copyright © 2008, Oracle. All rights reserved. 19 - 29 Summary In this lesson, you should have learned how to: Define users and groups Set permissions for users and groups to control access to repository objects Explain group inheritance Identify and describe the authentication methods used by Oracle BI Server Use query limits, timing restrictions, and filters to control access to repository information

30 Copyright © 2008, Oracle. All rights reserved. 19 - 30 Practice 19-1 Overview: Creating Users and Groups This practice covers the following topics: Using the Security Manager to define users and groups Setting up group hierarchies Changing the default permission setting

31 Copyright © 2008, Oracle. All rights reserved. 19 - 31 Practice 19-2 Overview: Setting Permissions for Users and Groups This practice covers setting permissions for users and groups.

32 Copyright © 2008, Oracle. All rights reserved. 19 - 32 Practice 19-3 Overview: Authenticating Using an External Database This practice covers the following topics: Creating an initialization block to populate security session variables Verifying external database authentication

33 Copyright © 2008, Oracle. All rights reserved. 19 - 33 Practice 19-4 Overview: Authenticating Users with Database Authentication This practice covers the following topics: Importing an authentication database Adding a database user to the repository Editing the security section of NQSConfig.ini Verifying database authentication

34 Copyright © 2008, Oracle. All rights reserved. 19 - 34 Practice 19-5 Overview: Setting Query Limits and Timing Restrictions This practice covers the following topics: Setting query limits for users and groups Setting timing restrictions for users and groups

35 Copyright © 2008, Oracle. All rights reserved. 19 - 35 Practice 19-6 Overview: Setting Filters to Personalize Information This practice covers the following topics: Setting query filters Setting a query filter using a variable

36 Copyright © 2008, Oracle. All rights reserved. 19 - 36

Download ppt "19 Copyright © 2008, Oracle. All rights reserved. Security."

Similar presentations

Managing User, Computer and Group Accounts

Managing User, Computer and Group Accounts
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Administering User Security

Administering User Security
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.

11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Working with Workgroups and Domains

Working with Workgroups and Domains
2 Copyright © 2009, Oracle. All rights reserved. Getting Started with Warehouse Builder.

2 Copyright © 2009, Oracle. All rights reserved. Getting Started with Warehouse Builder.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.

Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Module 6: Designing Active Directory Security in Windows Server 2008.

Module 6: Designing Active Directory Security in Windows Server 2008.
9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.

9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.
Copyright © 2007, Oracle. All rights reserved. Managing Concurrent Requests.

Copyright © 2007, Oracle. All rights reserved. Managing Concurrent Requests.
IOS110 Introduction to Operating Systems using Windows Session 8 1.

IOS110 Introduction to Operating Systems using Windows Session 8 1.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.

1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
IS 221: DATABASE ADMINISTRATION Lecture 6:Create Users & Manage Users. Information Systems Department 1.

IS 221: DATABASE ADMINISTRATION Lecture 6:Create Users & Manage Users. Information Systems Department 1.

Similar presentations

Ads by Google