Monday Feb 01, 2016

OBIEE 12c: Remove Init block users from the catalog

In BI 12c, it is highly recommended to move to Fusion Middleware Security model instead of using initialization (init) blocks for authentication and authorization, because Data Visualization (DV) doesn't authenticate against init blocks. 


[Read More]

Thursday Jan 14, 2016

OBIEE 12c: How to Revoke/Grant Data Visualizations Permissions using WLST

In BI 12c, Oracle introduced Data Visualizations (DV). By default anyone who belongs to BI Content Author has access to Data Visualization. If for some reason the customer wants to prevent the users from accessing the Data Visualizations, then the customer will have to revoke the Data Visualizations permissions from BI Content Author/BI Author (default roles).


[Read More]

Tuesday Dec 15, 2015

Configuring BI 12c with IIS 8.5

BI 12c supports IIS 7.5 and 8.5 redirection. This document explains the steps to proxy BI requests through IIS 8.5.[Read More]

Friday Dec 11, 2015

OBIEE 12c: External Subject Area Cache Configuration

Data Blending or Mashup is a new Concept in OBIEE 12c where you can blend your own data with corporate data. External Subject Area Cache aka XSA Cache is new mechanism for caching Excel Files for data blending in databases. This document describes the steps required for configure External Subject Area Cache for Data Blending. Please click here to download this document. 

Tuesday Dec 01, 2015

OBIEE 12c: User's group and application role are not applied

Sometimes in OBIEE 12c, you are sure that everything is set properly, and still the user does not have the expected permission. Groups and application roles are properly assigned in Weblogic console and EM. But still, when you log in OBIEE with this user and go to My Account, the roles expected are not there.

This happens due to OPSS cache. Duration can be reduced by adding the following property with the right value in

Middleware\Oracle_Home\user_projects\domains\bi\config\fmwconfig\jps-config.xml:

<property name="oracle.security.jps.ldap.policystore.refresh.interval" value="6000000"/>

Do not forget to restart everything after modifying this file.

Monday Jan 05, 2015

OBIEE 11.1.1 - Tuning Guide Script v1

The obiee tuning guide available here https://blogs.oracle.com/proactivesupportEPM/entry/wp_obiee_tuning_guide lists a number of checks for optimization.

The script attached here https://blogs.oracle.com/pa/resource/CheckObieeTuningGuidev4_01-2014.zip automates these checks. It is only reading from the obiee server and it will not modify any values. The script outputs the current values, that you can compare with the recommended ones.


[Read More]

Thursday Jul 17, 2014

Configuring OBIEE 11.1.1.7.x with Full End to End SSL

What do we need to configure SSL:
1. CA Root Certificate
2. CA Intermediate Certificate (if exists)
3. Java Keystores :: Identity Keystore and Trust Keystore
4. OBIEE Server Certificate
5. If External LDAP Directory like Oracle Internet Directory running in SSL
   OID Server’s CA Root Certificate
   OID Server’s CA Intermediate Certificate (if exists)
   OID Server Certificate

[Read More]

Tuesday Jul 15, 2014

OBIEE 11.1.1 - In case of Firewalls, OBIEE Scheduler may fails to Restart via OPMN or during BI configuration

Issue:

If you have Firewall between OBIEE Server and Oracle Database machine, the OBIEE Scheduler component may fails to restart via OPMN or during BI configuration.

Workaround:
The firewall is setup with 'Urgent Flag'. As per firewall documentation, the Urgent Flag cannot be disabled. It is a global setting and would affect all traffic going in and out in organization. So the issue can be resolved by setting DISABLE_OOB=ON in the SQLNET.ora for BI Scheduler.

The firewall is clearing this Urgent Bit in the communication, the message is not transferred from the Scheduler (DB Client) to the Oracle database so by setting DISABLE_OOB=ON the Urgent flag is not sent from Scheduler and the connection works normally.

How-to: On BIServer side only, set DISABLE_OOB=ON in SQLNET.ora file > …/Oracle_BI1/network/admin


Monday Jun 02, 2014

OBIEE 11.1.1 - Tips for In-place Upgrade from 11.1.1.6 to 11.1.1.7.x

Tips:

Use the Test to Production (T2P) / cloning process (movement scripts). For example:
– Clone up the existing 11.1.1.6 environment.
– Move the cloned copy to the new location / host (same 11.1.1.6.0 version at this point).
– Patch new location / host (11.1.1.6) to the 11.1.1.7 level.
– Switch to Production.
[Read More]

Monday Mar 24, 2014

BI Web service security client - authentication operations for 11.1.1.6 and 11.1.1.7.x

This wlst/python script connects to bi security web service to authenticate a user specified in the "ObieeWebServiceClient.properties" file. In 11.1.1.7, this calls: getAuthenticatedUserWithLanguageAndProperties operation of the /bisecurity/service web service.

In 11.1.1.6, this calls authenticate operation of the /bimiddleware/security/service web service.

This returns as part of the xml response the user unique identifier (guid) and other permissions/roles for the user. This is useful when debugging an issue with OBIEE security.

The script has to be run with %ORACLE_HOME%\oracle_common\common\bin\wlst.cmd (sh)

Script is available there: https://blogs.oracle.com/pa/resource/ObieeWebServiceSecurityClient.zip

[Read More]

Thursday Feb 27, 2014

OBIEE 11.1.1 - Advanced Usage of nqcmd command

Following are the useful nqcmd command lines arguments:

a. In your environment set the "export SA_NQCMD_ADVANCED=yes"

b. Following is the description of the nqcmd command line arguments for BIServer (nqsserver) testing:

-d = Datasource.
-u = username.
-p = password.
-s = inputsqlsfile.
-o = outputfile. counters will be in outputfile_Counters.txt.
-td <secs> = timeduration in secs. nqcmd will run until <secs> elapses.
-qsel r = select queries random manner from inputsqlsfile.
-ds <secs> = dump statistics to outputfile_Counters.txt every <secs>.
-T = Timer is on. Otherwise you won’t get correct statistics.
-t <number> = generate users . if you give -t 50, 50 users will be there.
-q = turn off row output - mandatory flag for nqsserver load testing.
-n <number> = used for login test run for <number> iterations.
-w = thinktime (in seconds).

[Read More]

Monday Feb 03, 2014

BI Checks with WLST - Enable debug, login and parse logs - Part 3

This third post continues with the BIEE Security checks using WLST and Python scripting.[Read More]

Friday Jan 31, 2014

OBIEE 11.1.1 - Tuning Guide Whitepaper - update available

New updates have been made to the OBIEE "Best Practices Guide for Infrastructure Tuning" whitepaper. This updated whitepaper is for 11g Release 1 (11.1.1.6, 11.1.1.7) and can be downloaded from the My Oracle Support knowledge article: Doc ID 1333049.1

The new revised document contains the following useful new and/or updated tuning items:

  • Optimized JVM switches for Oracle JRockit / Sun JVM / IBM JVM etc
  • New tuning parameters settings / values for JavaHost / OPIS / OBIS components.
  • Improved BIEE / platform performance monitoring techniques.
  • IBM WebSphere tuning parameters.
  • More WebLogic Server tuning parameters.
  • Windows Server 2012 tuning parameters.
  • New optimized Linux / AIX tuning parameters.
  • Additional Essbase ASO tuning parameters.
  • libOVD authenticator search tuning
    And many more….

Friday Jan 24, 2014

BI Check with WLST - Providers and Technical users part 1

 Checking OBIEE 11.1.1.7.1 security configuration manually is relatively time consuming. Using WLST and Python, it is possible to automate most of these tasks. The following script performs checks on OBIEE configuration. It is the first of a 3 part series.[Read More]

Tuesday Jan 07, 2014

OBIEE 11.1.1: Load Testing Oracle Business Intelligence Enterprise Edition (OBIEE) 11g Using Oracle Load Testing (OLT) 12.x

Published whitepaper on Load Testing Oracle Business Intelligence Enterprise Edition (OBIEE) 11g Using Oracle Load Testing (OLT) 12.x) which can be found at: https://support.oracle.com/epmos/faces/DocumentDisplay?id=1611188.1

(Oracle Support Document 1611188.1)