Oracle Fusion Middleware Application Roles 同步到Oracle BI Sever ,和Oracle BI Presentation Service,分别通过Oracle BI Administration Tool和Administration Page in Oracle BI Presentation Catalog来给Application Roles赋予OBIEE Privileges and Permissions.
Terminology
Users and Groups
A user is an entity that can be authenticated. A user can be a person, such as an
application user, or a software entity, such as a client application. Every user is given a
unique identifier within in the identity store.
Groups are organized collections of users that have something in common. A group is
a static identifier that is assigned by a system administrator. Users organized into
groups facilitate efficient security management. There are two types of groups: an
LDAP group and a Catalog group. A Catalog group is used to support the existing user
base in Presentation Services to grant privileges in the Oracle Business Intelligence
user interface. Using Catalog groups is not considered a best practice and is available
for backward compatibility in upgraded systems.
Application Policy
Oracle Business Intelligence permissions are granted by its application roles. In the
default security configuration, each role conveys a predefined set of permissions. An
application policy is a collection of Java EE and JAAS policies that are applicable to a
specific application. The application policy is the mechanism that defines the
permissions each application role grants. Permission grants are managed in the
application policy corresponding to an application role.
Application Role
Represents a role a user has when using Oracle Business Intelligence. Is also the
container used by Oracle Business Intelligence to grant permissions to members of a
role. Application roles are managed in the policy store provider.
Authentication
The process of verifying identity by confirming the credentials presented during log
in.
Authentication Provider
A security provider used to access user and group information and responsible for
authenticating users. Oracle Business Intelligence default authentication provider is
Oracle WebLogic Server embedded directory server and is named
DefaultAuthenticator.
Authorization
The process of granting an authenticated user access to a resource in accordance to
their assigned privileges.
Catalog Groups
A Catalog group is defined locally in Oracle BI Presentation Services and is used to
grant privileges in the Oracle Business Intelligence user interface in addition to
granting Oracle BI Presentation Catalog permissions.
Catalog Permissions
These rights grant access to objects that are stored in the Oracle BI Presentation
Catalog. The rights are stored in the catalog and managed by Presentation Services.
Catalog Privileges
These rights grant access to features of the Oracle BI Presentation Catalog. The rights
are stored in the catalog and managed by Presentation Services. These privileges are
either granted or denied.
Credential Store
An Oracle Business Intelligence credential store is a file used to securely store system
credentials used by the software components. This file is automatically replicated
across all machines in the installation.
Credential Store Provider
The credential store is used to store and manage credentials securely that are used
internally between Oracle Business Intelligence components. For example, SSL
certificates are stored here.
Globally Unique Identifier (GUID)
A GUID is typically a 32-character hexadecimal string that is system-generated to form
a unique identifier for an object. In Oracle Business Intelligence a GUID is used to refer
to individual users and groups.
Impersonation
Impersonation is a feature used by Oracle Business Intelligence components to
establish a session on behalf of a user without employing the user's password. For
example, impersonation is used when Oracle BI Scheduler executes an Agent.
Security Policy
The security policy defines the collective group of access rights to Oracle Business
Intelligence resources that an individual user or a particular application role have been
granted. Where the access rights are controlled is determined by which Oracle
Business Intelligence component is responsible for managing the resource being
requested. A user's security policy is the combination of permission and privilege
grants governed by the following elements:
■ Oracle BI Presentation Catalog:
Defines which Oracle BI Presentation Catalog objects and Oracle BI Presentation
Services functionality can be accessed by users. Access to this functionality is
managed in Oracle Business Intelligence user interface. These permissions and
privileges can be granted to individual users or by membership in corresponding
application roles.
■ Repository File:
Defines access to the specified metadata within the repository file. Access to this
functionality is managed in the Oracle BI Administration Tool. These permissions
and privileges can be granted to individual users or by membership in
corresponding application roles.
■ Policy Store:
Defines which Oracle Business Intelligence, Oracle BI Publisher, and Oracle
Real-Time Decisions functionality can be accessed. Access to this functionality is
managed in Oracle Enterprise Manager Fusion Middleware Control. These
permissions and privileges can be granted to individual users or by membership
in corresponding application roles.
273
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
