User Authentication:Three ways of implementing security in OBIEE.
BI Server Authentication
External Table Authentication
LDAP Authentication
1) Oracle BI Server Authentication
The Oracle BI Server user IDs are stored in no encrypted form in an Oracle BI repository and are case insensitive. Passwords are stored in encrypted form and are case sensitive. The Oracle BI Server user IDs can be used to access any business model in a repository provided that the users have the necessary access privileges. User IDs are valid only for the repository in which they are set up, Here we have some problems.
While migrating Repository from Dev to prod we may differ in the users at that time we may have some manual work to add/delete some of the users in dev or QA repository. After doing those manual changes we may have a chance to miss some users
In order to avoid this we go for External table authentication. All Users are created in database we need to import that table to our repository so that while migrating by directly changing the connection pool from dev to QA/Prod it will pick up the users created in different instances
We are using External table authentication to validate the Users and their Groups based on the User id and password entered in login page. Based on the group to which the user belongs to, access is provided to authorized dashboard and data.
2) External Table Authentication:
Instead of storing user IDs and passwords in an Oracle BI repository, you can maintain lists of users and their passwords in an external database table and use this table for authentication purposes. The external database table contains user IDs and passwords, and could contain other information, including group membership and display names used for Oracle BI Presentation Services users.
3) LDAP Authentication:
In this Oracle BI Server to take the user ID and password typed by a user and pass them to an LDAP server for authentication. The server uses clear text passwords in LDAP authentication. Make sure your LDAP servers are set up to allow this.
In addition to basic user authentication, the LDAP server can also provide the Oracle BI Server with other information, such as the user display name (used by Oracle BI Presentation Services) and the name of any groups to which the user belongs. This information is contained in LDAP variables that get passed to Oracle BI session variables during the process of user authentication. LDAP authentication uses Oracle BI session variables, that you define using the Variable Manager of the Administration Tool.
Authorization:
Authorization can be done in two ways
Object level-security includes different Dashboards/pages/tables/columns.
Data level-security which will restrict/filter out the values in columns.
LDAP and External table Source: BI admin guide
BI Server Authentication
External Table Authentication
LDAP Authentication
1) Oracle BI Server Authentication
The Oracle BI Server user IDs are stored in no encrypted form in an Oracle BI repository and are case insensitive. Passwords are stored in encrypted form and are case sensitive. The Oracle BI Server user IDs can be used to access any business model in a repository provided that the users have the necessary access privileges. User IDs are valid only for the repository in which they are set up, Here we have some problems.
While migrating Repository from Dev to prod we may differ in the users at that time we may have some manual work to add/delete some of the users in dev or QA repository. After doing those manual changes we may have a chance to miss some users
In order to avoid this we go for External table authentication. All Users are created in database we need to import that table to our repository so that while migrating by directly changing the connection pool from dev to QA/Prod it will pick up the users created in different instances
We are using External table authentication to validate the Users and their Groups based on the User id and password entered in login page. Based on the group to which the user belongs to, access is provided to authorized dashboard and data.
2) External Table Authentication:
Instead of storing user IDs and passwords in an Oracle BI repository, you can maintain lists of users and their passwords in an external database table and use this table for authentication purposes. The external database table contains user IDs and passwords, and could contain other information, including group membership and display names used for Oracle BI Presentation Services users.
3) LDAP Authentication:
In this Oracle BI Server to take the user ID and password typed by a user and pass them to an LDAP server for authentication. The server uses clear text passwords in LDAP authentication. Make sure your LDAP servers are set up to allow this.
In addition to basic user authentication, the LDAP server can also provide the Oracle BI Server with other information, such as the user display name (used by Oracle BI Presentation Services) and the name of any groups to which the user belongs. This information is contained in LDAP variables that get passed to Oracle BI session variables during the process of user authentication. LDAP authentication uses Oracle BI session variables, that you define using the Variable Manager of the Administration Tool.
Authorization:
Authorization can be done in two ways
Object level-security includes different Dashboards/pages/tables/columns.
Data level-security which will restrict/filter out the values in columns.
LDAP and External table Source: BI admin guide
hi..
ReplyDeleteIn realtime which is preferred external table authenticattion or LDAP authenticattion...
PLS LET ME KNOW
Its tough question to comment but i can say if client has their own LDAP server they will prefer LDAP , else we can go with External table Authentication.
ReplyDeleteLDAP : http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol