About all

When you are deploying Oracle Business Intelligence Enterprise Edition, how you handle identity management is as important as query speed and the quality of your data. A well-architected identity management solution ensures that your users are set up automatically when they first join the organization, that they can quickly access applications and data appropriate for their varied roles, and that personal details and access privileges can be easily managed.

This article focuses on integrating Oracle Business Intelligence Enterprise Edition with two of Oracle's flagship identity management tools: Oracle Internet Directory and Oracle Application Server Single Sign-On. You'll see how to combine the security features of Oracle Business Intelligence Enterprise Edition and Oracle Identity Management to provide granular, secure access to data.

Identity Management in Focus

User identity has its own lifecycle, beginning with the initial hire, continuing through promotions and changes of department or role, and ending when the staff member leaves and that person's application access is removed. Over time, employees typically need access to multiple systems, and their requirement for data access will change with their roles.

Oracle Identity Management is a broad set of products that provides standards-based identity management tools, including Oracle Access Manager, Oracle Application Server Single Sign- On, Oracle Enterprise Single Sign-On Suite, Oracle Identity Federation, Oracle Identity Manager, Oracle Internet Directory, Oracle Virtual Directory, and Oracle Web Services Manager. Oracle Internet Directory is an LDAP v.3 directory that leverages the scalability and high availability of Oracle Database to store user and group profiles. Oracle Internet Directory is widely used within Oracle's own applications and middleware tools to provide a single store of identity information. (For an overview of identity management concepts and Oracle Identity Management, see "Access Granted" in the July/August 2006 issue of Oracle Magazine.)

Oracle Business Intelligence Enterprise Edition has its own security infrastructure for user and group management and control of access to datasources, but it can also be integrated with numerous other industry-standard identity management implementations, including Oracle Identity Management.

Oracle Business Intelligence Enterprise Edition includes Oracle Business Intelligence Server, Oracle Business Intelligence Presentation Services, and the Oracle Business Intelligence Administration Tool, plus several other server and desktop applications.

Oracle Business Intelligence Server has a local repository that contains information about the many datasources (data warehouses, data marts, packaged applications, and so on) that business users will have access to via Oracle Business Intelligence Interactive Dashboards.

Oracle Business Intelligence Presentation Services has its own separate security infrastructure of users and groups stored in a separate repository, known as the Web Catalog. Oracle Business Intelligence Interactive Dashboard is the main user interface provided by Oracle Business Intelligence Presentation Services.

When users log in to their respective dashboards, Oracle Business Intelligence Server authenticates their credentials. If an account does not already exist in the Web Catalog, one is created for them. If a user is a member of any groups that have corresponding Web Catalog entries, the user is granted access to these Web Catalog groups and any dashboards to which that person has access.

As you'll see later in this article, the user and group information contained in Oracle Internet Directory can be used to facilitate the same access scenarios.

Oracle Business Intelligence Server makes it possible for privileged users to "impersonate" other users—this functionality is used by Oracle Business Intelligence Presentation Services to implement single-sign-on functionality in various scenarios, including one demonstrated later in this article.

Example 1: Leverage Oracle Internet Directory for Oracle Business Intelligence Interactive Dashboard Security steps you through enabling users of Oracle Business Intelligence Interactive Dashboard to connect to their dashboards by using their Oracle Internet Directory logins and passwords.

Example 2: Augment Oracle Internet Directory User Identity with Oracle Business Intelligence Server Security Features shows you how the features in Oracle Business Intelligence Server can provide granular, row-level control over report data to users authenticated with Oracle Internet Directory.

Exeampl 3: Streamline Access to Oracle Business Intelligence by Using Oracle Single Sign-On steps you through configuring Oracle Business Intelligence Enterprise Edition to leverage Oracle Application Server Single Sign-On as a partner application. Business users will then be able to access Oracle Business Intelligence Server functionality by using the same user account as for other applications and will be able to access their Oracle Business Intelligence Server dashboards based on group membership.