Manohar Paleti

My photo
Hyderabad, AP, India
Working as a BI Consultant, Served for various organizations as an OBIEE Developer by building the BI Solutions for Business Decision Making..

Tuesday, September 3, 2013

Security in OBIEE 11g

Hi Folks,

Let me take you a walk through the security aspects in OBIEE 11g.

OBIEE security is mainly categorized into Authentication, Authorization and Data level/row level.
Authentication : it is the first layer/level in the security mechanism - validating the user's credentials (Validating username and their passwords time of log in to OBIEE analytics)
Authorization: it is the process of restricting/enabling obiee objects against the users based on the user's groups/application roles)
Eg: User with Admin group can access - view/modify/delete the dashboards,pages or reports.
User with BI Author role can only view set of dashboards/reports.
Data level or row level: it is the process of restricting the data/records in the reports based on the user's accessibility levels.
Eg: US HRMS Manger - able to see only US data but not other region data.

Implementation:

Implementing security can be done in several ways listed below,
Internal security: Defining users,groups and roles with in the OBIEE(Weblogic)
External security:: importing security stuff which is defined out side of OBIEE.
LDAP and AD
Database - External Table
SSO - Typically Oracle EBS, also possible for  SEDC,Hyperion and MSAS.
LDAP: Pls follow the url for detailed document on configuring LDAP Click here for LDAP configuration

 AD: Follow below steps to configure AD

Below are the steps involved in configuring AD with OBIEE 11.1.1.5:
1. Login to Weblogic console and create provider as BI Authenticator by navigating to Security Realms -> my realm.
2. Change the control flag of "Default Authenticator" from REQUIRED to SUFFICIENT.
3. Change the control flag of BI Authenticator from OPTIONAL to SUFFICIENT.
4. Update BI Authenticator provider with the below details under provider specific tab:
Sl.No
Parameter Name
Value
1
active directory host 
Host name of the AD
2
port
389
3
principal 
CN=Adminusername ,OU=Users,OU=,DC=domain DC=domain
4
ssl enabled
no
5
User Base DN  
DC=,DC=
6
User Name Attribute
sAMAccountName
7
User Object Class    
user
8
Group Base DN    
OU=,DC=,DC=corp
9
GUID Attribute  

10
AllUsersFilter
 (&(sAMAccountName=*)(objectclass=person))
11
AllGroupsFilter
(&(cn=*)(|(objectclass=groupofUniqueNames)(objectclass=orcldynamicgroup)))
5. Reorder the provider to make sure that BI Authenticator at the top of the list.
6. From EM Console, create user.login.attr and username.attr attributes to store identity configuration.
7. Create a custom property called virtualize and value as “true” to allow authentication from multiple providers.
8. Create a separate account in AD and add the password in credential provider.
9. Assign BI System role to user.
10. Ensure that New BI System user is a part of Weblogic Global Admin role.
11. Map the Active directory groups to Application roles and test the changes.
12. Login to weblogic server console by entering http://server:7001/console and providing with the user “adminuser” credentials.
13. Navigate to  Home > Summary of Security Realms > myrealm > Users and Groups > adminuser
14. Click on the Groups tab and assign the Groups BI Admin, BI Administrators, BI Authors, BI Consumers, SDD Retail Sales Power Users, XMLP_ADMIN and XMLP_DEVELOPER to the user adminuser.
15. Click Save to save the changes.
16. Login to Presentation Analytics by entering 
http://server:9704/analytics and providing with the user “weblogic” user credentials.
       17. Navigate to Administration > Manage Privileges
       18. Grant the following privileges to the user “user:
Access > Access to Answers
Access > Access to Dashboards
Admin: General > Manage Sessions
Admin: General > Manage Dashboards
Admin: Security > Manage Privileges
Admin: Security > Manage Catalog Groups
       19. Navigate to Administration > Manage Catalog Groups
20. Add the user “adminuser” to the Catalog Groups: 
BI Admin
BI Developers 
DD Retail Sales Power users




Monday, October 22, 2012

Sorting Issue - Pivot table OBIEE 11g

Hi Folks,

I'm back again after a long time with an interesting post
an often Issue after up grading from 10g to OBIEE 11g -- Pivot table in 11g is not in order like 10g.
Ex:- Customer ID,Customer Name and #Orders
if, its not in same order as like in 10g ???
No worry, work around is duplicate the measure column and place it in left side of row section and hide it .

Now, its DONE -- !!!

Note: As OBIEE 11g sorts the columns from Left to right, so keep the one which needs to be sort at left most side to get the exact sorting...!!!


Thanks,

Sunday, January 22, 2012

Installing OBIEE 10G on Windows 7 a 32 bit Machine

Hi Folks,

Posting after a long period,

one of my collegue asked me about installation process for OBIEE 10g on windows 7 32 Machine..
Here is the steps to follow before running the setup.exe
Thanks for Nico and Wilson !!]

As per certification Oracle Business Intelligence Enterprise Edition is only certified on the following Windows Versions;
  • Windows XP x86Windows 2003 x86
  • Windows 2003 AMD64
  • Windows 2003 EM64T
  • Windows Vista x86
  • Windows Vista AMD64
  • Windows Vista EM64T and
  • Windows 2000 x86
Issue on installing OBIEE on windows 7 ?
If you are planning to install OBIEE on Windows then download OBIEE for Windows from Here
You can install OBIEE by double clicking on “setup.exe“ but installation will fail with below error message on Windows 7
___________
Oracle Business Intelligence is not supported on this Windows version. Oracle Business Intelligence is only supported on Windows XP x86, Windows 2003 x86, Windows 2003 AMD64, Windows 2003 EM64T, Windows Vista x86, Windows Vista AMD64, Windows Vista EM64T, and Windows 2000 x86.

Workaround
You can by pass this error by changing compatibility mode on “setup.exe” to Windows vista as shown in screenshot below
Yes, after all Windows 7 is a leaner and meaner Vista, so try to install it in compatibility mode.













Right click on “setup.exe”. In the setup properties, click on “Change settings for all users” the in the new window, check the check box “Run the program in compatibility mode for” and choose Windows Vista in the drop down.
Click ok and start setup.exe, thereafter the usual selections will be invoked.

Another work around 


  1. Turn off Aero. OBIEE does not seem to like when Aero is running, so if you have that running, turn it off while you’re installing.
  2. Install the correct (32-Bit)JDK prior to installing OBIEE. I ran through an install using the 64-Bit version and the install succeeded but OBIEE refused to load. The 32-Bit worked on the first try.
  3. Prior to running the Setup.exe file, a quick right click and into Properties gives you the following image:
 You want to make sure that you have the compatibility set to Vista. I tried a few others and they didn’t work for me. Your mileage may vary, but that’s what I found.When you go to run Setup.exe, right click, and select “Run as Administrator”, as I errored out during my install because I didn’t have sufficient privileges.

  1. Write down your OC4J password! If I had a nickel for every time I forgot that damn password…. I’d have quite a few nickels.
  2. Restart your computer, on the restart, you’ll see the OC4J client run:





Next we have to set up the ODBC Connection. The tool is found here