Oracle BI Publisher Blog

BI Publisher Enterprise supports four security configurations (documentation).  Before changing any of your security configurations, I highly recommended that you create a local super user in BI Publisher.  This user will be able to login no matter what security configuration you choose.  I also recommend that this super user has a unique name that does not exist in your other security stores.  This makes it easier to test if your new security configuration is working.

Before going into the 4 different security models, it is important to understand a few tasks that you will need to do no matter how your configuration is setup.  These may seem a bit trivial.  However it is very important, because as you get into the different security configurations, these tasks are done in different places.

1. Create users and passwords.
2. Create BIP Required Roles.  These determine if users have permissions to do various things (e.g., edit reports, schedule reports, use the Excel Analyzer and other options).  In the docs, these are called 擢unctional Roles.?
3. Create User Defined Roles.  These roles will define what reports and data sources users have access to.
4. Manage data source permissions by assigning data sources to user defined roles.
5. Manage folder permissions by assigning folder to user defined roles.
6. Manage user access to data sources and folder by assigning users to user defined roles.
7. Manage system permissions by assigning BIP roles to users.

1. BI Publisher Security.  This means that BIP manages its own users, roles, and passwords.  This is the simplest method to setup.  In this case, steps 1-7 are all managed in BI Publisher. Also, step 2 is already done fore you.
   
2. Oracle BI Server Security.  In this case, users, roles, and role membership are managed in the BI EE server.  So, here are the steps I would go through to setup this security configuration:
1. Create users in BI EE server using the BI EE Administration tool (step 1 above)
2. Create BIP required roles in the BI EE server using the BI EE Administration tool.  The most important one to create is the XMLP_ADMIN roles.  I would create this and put you BI EE administrator in this group immediately.  This will ensure that at least one of your users will have administrative privileges in BIP.  (step 2 above)
3. Create user defined roles in the BI EE Server.  These can be roles that you are already using in the BI EE Server or they can be new roles that you create purely for BIP.  (step 3 above)
4. Login to BIP as the local super user.  Go to the administration tab and modify your Security Configuration to use BI Server security.  If you have an advanced deployment of BI EE (multiple machines or clustering), remember that when you set this up, you must tell BIP how to log into the BI EE server (not the BI EE website or presentation services). 
5. Apply your settings and restart BIP.
6. Login as a BI EE administrator and make sure the authentication works properly.
7. You値l notice now that you can no longer manager users in BIP and the Roles and Permissions page is also slightly different.
8. In BIP, assign data source to the user defined roles you created in BI EE.  (step 4 above)
9. In BIP, assign folder to the user defined roles you created in BI EE.  (step 5 above)
10. In the BI EE Administration tool, assign users to BIP roles and user defined roles. (step 6 and 7 above)
3. LDAP security.  This setup is very similar to BI EE security.  Users, roles, and role membership are all managed in the LDAP server (don稚 forget to create BIP roles and user defined roles in your LDAP server).  Access to folders and data sources is controlled in BI Publisher.
4. E-Business Suite Security.  This is designed to make it easier to use the Enterprise Edition of BI Publisher with the EBS.  EBS Responsibilities show up as roles in BIP.  I知 not an expert in EBS, so I値l let you read up on it here.

Since I知 discussing security, it痴 also worth noting that BI Publisher supports Oracle Single Sign-on.  Setup for this is documented here.