Security in OBIEE

Security in OBIEE

Security in Oracle BI can be classified broadly into the following three types.

1. Object Level security/authorization

2. Data Level security/authorization

3. User Authentication / User Level Security

Object Level security

Object-level security controls the visibility to business logical objects based on a user's role.

You can set up object-level security for -

·         Repository level: In Presentation layer of Administration Tool, we can set Repository level security by giving permission or deny permission to users/groups to see particular table or column.

 Web level: This provides security for objects stored in the Presentation Catalog, such as dashboards, dashboards pages, folder and reports. You can only view the objects for which you are authorized. For example, a mid level manager may not be granted access to a dashboard containing summary information for an entire department.

Data Level security

Data-level security controls the visibility of data (content rendered in subject areas, dashboards, Oracle BI Answers, and so on) based on the user's association to data in the transactional system.

This controls the type and amount of data that you can see in a report. When multiple users run the same report, the results that are returned to each depend on their access rights and roles in the organization. For example, a sales vice president sees results for all regions, while a sales representative for a particular region sees only data for that region. 

 User Authentication in OBIEE :

The goal of the authentication configuration is to get a confirmation of the identity of a user based on the credentials provided. 

In OBIEE, the credentials provided are hold in this two variables:

·         USER

·         PASSWORD

The authentication process in OBIEE is managed by the BI Server.

OBIEE Support four types of authentication.

1)LDAP Authentication : Users are authenticated based on credentials stored in LDAP.This is the BEST method to do authentication in OBIEE and it supports company’s Single Sign On (SSO) philosophy as well.

2)External Table Authentication : you can maintain lists of users and their passwords in an external database table and use this table for authentication purposes.
To know about configuration of External Table Authentication click hear >>.

3)DatabaseAuthentication: The Oracle BI Server can authenticates user based on database logins. If a user has read permission on a specific database. Oracle BI Presentation Services authenticates those users. To know about configuration of Database Authentication click hear >>.


4)Oracle BI Server User Authentication: You can maintain lists of users and their passwords in the Oracle BI repository using the Administration Tool. The Oracle BI Server will attempt to authenticate users against this list when they log on.



Oracle BI Server User Authentication is not quite popular as it has its support/maintenance issue associated, once system grows beyond certain users.