Why do we need security in OBIEE?
This is a rather very basic question but to them who have just started working on OBIEE, this is very important to understand. OBIEE is a reporting tool wherein multiple users belonging to multiple groups create multiple reports and dashboards. Reports created by a particular group of users should be visible to that particular group only or some specific data should be visible to only a specific set of people. So, to achieve this we need to have some sort of security in place using which we can protect reports belonging to a group of users from the users of other groups.
Users and groups in OBIEE?
End users who make use of OBIEE for reporting need to be defined somewhere. These users can be defined either in the OBIEE RPD, External database tables, LDAP Servers or in Active directories with their respective passwords.
The users belonging to same business unit can be clubbed and Groups can be created for them. Its not always necessary to create users in the RPD but its necessary to create the groups in the RPD. Infact, creating several users in the RPD can be a cumbersome job and it will also increase the size of the RPD, so, according to the best practice create the users and groups on the DB(or add in AD/LDAP) and associate them with the RPD groups by creating groups of the same name on the RPD as in DB.
Authentication and Authorization?
Authentication means validating the user while logging in the OBIEE application. When a user logs in the OBIEE application a request is sent to the BI Server asking that whether this user is a valid user or not. When BI Server validates the user then only the user is able to login in the application.
Authorization means a user is authorized to view what all objects. Example, User A might be authorized to view only particular set of reports and dashboards based on the security applied.
Types of Security in OBIEE?
There are basically 2 types of security in OBIEE:
Object Level Security:
As the name states, Object level security refers to restricting access to OBIEE objects between different users and groups. The access to following objects can be restricted using object level security: Presentation tables, Presentation table columns, Subject Areas, Reports, Dashboards, Project Specific shared folders.
Data Level Security:
Data Level Security is basically securing the data. Users belonging to particular group should see a certain set a data whereas users outside that groups shouldn’t see that data. Example: Users belonging to Asia group should see only the data for Asia region whereas users belonging to US region should see data for US region.
This is a rather very basic question but to them who have just started working on OBIEE, this is very important to understand. OBIEE is a reporting tool wherein multiple users belonging to multiple groups create multiple reports and dashboards. Reports created by a particular group of users should be visible to that particular group only or some specific data should be visible to only a specific set of people. So, to achieve this we need to have some sort of security in place using which we can protect reports belonging to a group of users from the users of other groups.
Users and groups in OBIEE?
End users who make use of OBIEE for reporting need to be defined somewhere. These users can be defined either in the OBIEE RPD, External database tables, LDAP Servers or in Active directories with their respective passwords.
The users belonging to same business unit can be clubbed and Groups can be created for them. Its not always necessary to create users in the RPD but its necessary to create the groups in the RPD. Infact, creating several users in the RPD can be a cumbersome job and it will also increase the size of the RPD, so, according to the best practice create the users and groups on the DB(or add in AD/LDAP) and associate them with the RPD groups by creating groups of the same name on the RPD as in DB.
Authentication and Authorization?
Authentication means validating the user while logging in the OBIEE application. When a user logs in the OBIEE application a request is sent to the BI Server asking that whether this user is a valid user or not. When BI Server validates the user then only the user is able to login in the application.
Authorization means a user is authorized to view what all objects. Example, User A might be authorized to view only particular set of reports and dashboards based on the security applied.
Types of Security in OBIEE?
There are basically 2 types of security in OBIEE:
- Object Level Security
- Data Level Security
Object Level Security:
As the name states, Object level security refers to restricting access to OBIEE objects between different users and groups. The access to following objects can be restricted using object level security: Presentation tables, Presentation table columns, Subject Areas, Reports, Dashboards, Project Specific shared folders.
Data Level Security:
Data Level Security is basically securing the data. Users belonging to particular group should see a certain set a data whereas users outside that groups shouldn’t see that data. Example: Users belonging to Asia group should see only the data for Asia region whereas users belonging to US region should see data for US region.
No comments:
Post a Comment