OBIEE 11g Architecture & Security

OBIEE 11g Architecture & Security

Domains in OBIEE

• Web Logic Server Domain

•      J2EE App Server used across the board for all 11g BI applications

•      Contains :

–       Managed Server : Set of J2EE Applications used for “functioning” the BIEE system

–     Admin Server : Set of J2EE Applications used for “administering” of BI EE system

         Oracle Process Manager and Notification Server (OPMN) domain

•      Used to start/Stop system components (BI Svr, BI Pres Svr, BI Schdlr, BI ClustrCntrl)

•      Can be accessed from CMD or from EM page(GUI)

 Admin Server Components

•     WLS Admin Console

•      Admin GUI for WLS,Security and J2EE Components

•     Fusion Middleware-EM Control (FMW EM)

•      Admin GUI to Manage the BI Domain

•      JMX Beans

•      Java components that provide programmatic access for managing a BI domain.

Managed Server Components

•      BI Plugin : Sends web http requests to BI Presentation Services

•      BI Security :Integrates BI Server and FMW sec platform(using webservice calls)

•      BI Action Services: Dedicated web services for Action framework

•      BI Web Service SOA: Provides Web services for objects in the BIEE Presentation Catalog, to invoke analysis, agents, and conditions.

•      BI Office: Provides the integration between Oracle Business Intelligence and Microsoft Office products

BIEE Domain System Components

 •     BI Server

–     Provides capabilities to query and access data as well as services for accessing and managing the RPD file (BIEE Metadata).

•     BI Presentation Services

–     Provides the framework and interface for the presentation of business intelligence data to Web clients. It maintains an Oracle BI Presentation Catalog service on the file system for the customization of this presentation framework.

•     BI Scheduler     

–      Provides framework for scheduling and delivering reports to users (used by delivers)

•     BI Javahost

–     Enables BI Presentation Services to support various components: Java tasks for BI Scheduler, BI Publisher, and Graph generation.

•     BI Cluster Controller

–     Used for distributing requests to BI server and ensure load balancing

•     Files

–     Repository file (e.g. SampleSales.rpd)

–     Config Files (nQconfig.ini,instanceconfig.xml,)

–     Log Files (nqserver.log,nqquery.log, nqscheduler.log, sawlog0.log etc)

–     Presentation catalog (<MW_HOME>\OracleBIPresentationServicesComponent\coreapplication_obips1\catalog)

OBIEE 11G Security

What’s Security ?

•      Authentication – checking passwords and other tokens against user lists, to “authenticate” a user and check that they are who they say they are

•      Authorization – once we know who they are, what are we going to “authorize” them to do on our system. (Object Security and data Security, both done from rpd)

•      Administration – how do we administer these lists of users, groups and permissions(app policy), plus connections to external directories and applications

Security Providers

•      Authentication provider

o   OBIEE delegates authentication to the first authentication provider configured for the domain.

o   Defined and managed from WLS Console

•      Policy store provider

o               Provides access to :

•      Application Roles (to create functional group)

•      Application Policies (to define Oracle BI Server, BIP and RTD functionality permissions)

o   Forms a core part of security policy ,used for Object security and Data security

o   Defined and managed from FMW Enterprise Manager

o   Policy stored in system-jazn-data.xml file

•      Credential store provider

o   Responsible for securely storing /providing access to credentials reqd. by OBIEE components internally

o   Credentials are stored in the file cwallet.sso file

Tools for security Management (In a nutshell)

•      Users and Groups are managed in Oracle WLS Admin console (by default). If WLS is integrated with other LDAP products, then Users and Groups needs to managed using the interface provide by the respective LDAP vendor – New in OBIEE 11g

•      Application Roles and Application Policies are managed in Oracle Enterprise Manager - Fusion Middleware Control – New in OBIEE 11g

•      RPD object permissions are managed in OBIEE Admin tool – Same as 10g but the assignment is to Application Roles instead of Groups

Webcat Permissions and Privileges are managed in OBI Application administration page - Same as 10g but the assignment is to Application Roles instead of groups

Directory Structure

MW_HOME    : MiddleWare directory e.g. D:\OBIEE11G

WL_HOME    : MW_HOME\wlserver_10.3\

DOMAIN_HOME: MW_HOME\user_projects\domains\bifoundation_domain\

ORACLE_INSTANCE : MW_HOME\instance\instance1

'If you found this article useful, please rate the same"