By Olivier Bennardo-Oracle on Apr 06, 2016
The document describes the steps to configure Hyperion Financial Management with OBIEE 12c. Hyperion Financial Management can be used as a data source in OBIEE 12c.
In BI 12c, it is highly recommended to move to Fusion Middleware Security model instead of using initialization (init) blocks for authentication and authorization, because Data Visualization (DV) doesn't authenticate against init blocks.
In BI 12c, Oracle introduced Data Visualizations (DV). By default anyone who belongs to BI Content Author has access to Data Visualization. If for some reason the customer wants to prevent the users from accessing the Data Visualizations, then the customer will have to revoke the Data Visualizations permissions from BI Content Author/BI Author (default roles).
Sometimes in OBIEE 12c, you are sure that everything is set properly, and still the user does not have the expected permission. Groups and application roles are properly assigned in Weblogic console and EM. But still, when you log in OBIEE with this user and go to My Account, the roles expected are not there.
This happens due to OPSS cache. Duration can be reduced by adding the following property with the right value in
<property name="oracle.security.jps.ldap.policystore.refresh.interval" value="6000000"/>
Do not forget to restart everything after modifying this file.
The obiee tuning guide available here https://blogs.oracle.com/proactivesupportEPM/entry/wp_obiee_tuning_guide lists a number of checks for optimization.
The script attached here https://blogs.oracle.com/pa/resource/CheckObieeTuningGuidev4_01-2014.zip automates these checks. It is only reading from the obiee server and it will not modify any values. The script outputs the current values, that you can compare with the recommended ones.
What do we need to configure SSL:
1. CA Root Certificate
2. CA Intermediate Certificate (if exists)
3. Java Keystores :: Identity Keystore and Trust Keystore
4. OBIEE Server Certificate
5. If External LDAP Directory like Oracle Internet Directory running in SSL
OID Server’s CA Root Certificate
OID Server’s CA Intermediate Certificate (if exists)
OID Server Certificate
If you have Firewall between OBIEE Server and Oracle Database machine, the OBIEE Scheduler component may fails to restart via OPMN or during BI configuration.
The firewall is setup with 'Urgent Flag'. As per firewall documentation, the Urgent Flag cannot be disabled. It is a global setting and would affect all traffic going in and out in organization. So the issue can be resolved by setting DISABLE_OOB=ON in the SQLNET.ora for BI Scheduler.
The firewall is clearing this Urgent Bit in the communication, the message is not transferred from the Scheduler (DB Client) to the Oracle database so by setting DISABLE_OOB=ON the Urgent flag is not sent from Scheduler and the connection works normally.
How-to: On BIServer side only, set DISABLE_OOB=ON in SQLNET.ora file > …/Oracle_BI1/network/admin
– Clone up the existing 126.96.36.199 environment.[Read More]
– Move the cloned copy to the new location / host (same 188.8.131.52.0 version at this point).
– Patch new location / host (184.108.40.206) to the 220.127.116.11 level.
– Switch to Production.
This wlst/python script connects to bi security web service to
authenticate a user specified in the "ObieeWebServiceClient.properties"
file. In 18.104.22.168, this calls:
getAuthenticatedUserWithLanguageAndProperties operation of the
/bisecurity/service web service.
In 22.214.171.124, this calls authenticate operation of the /bimiddleware/security/service web service.
This returns as part of the xml response the user unique identifier (guid) and other permissions/roles for the user. This is useful when debugging an issue with OBIEE security.
The script has to be run with %ORACLE_HOME%\oracle_common\common\bin\wlst.cmd (sh)
Script is available there: https://blogs.oracle.com/pa/resource/ObieeWebServiceSecurityClient.zip[Read More]
Following are the useful nqcmd command lines arguments:
a. In your environment set the "export SA_NQCMD_ADVANCED=yes"
b. Following is the description of the nqcmd command line arguments for BIServer (nqsserver) testing:
-d = Datasource.
-u = username.
-p = password.
-s = inputsqlsfile.
-o = outputfile. counters will be in outputfile_Counters.txt.
-td <secs> = timeduration in secs. nqcmd will run until <secs> elapses.
-qsel r = select queries random manner from inputsqlsfile.
-ds <secs> = dump statistics to outputfile_Counters.txt every <secs>.
-T = Timer is on. Otherwise you won’t get correct statistics.
-t <number> = generate users . if you give -t 50, 50 users will be there.
-q = turn off row output - mandatory flag for nqsserver load testing.
-n <number> = used for login test run for <number> iterations.
-w = thinktime (in seconds).
New updates have been made to the OBIEE "Best Practices Guide for
Infrastructure Tuning" whitepaper. This updated whitepaper is for 11g Release 1 (126.96.36.199, 188.8.131.52) and can be
downloaded from the My Oracle Support knowledge article: Doc ID 1333049.1
The new revised document contains the following useful new and/or updated tuning items:
A blog focused on Tips & Tricks about Oracle Business Intelligence (OBI), Oracle Exalytics and Oracle Enterprise Performance Management (EPM) products.
[Blog Admin: Ahmed Awan] Please note the CEAL blog posts are for information and demonstration purposes only and are not official documentation or supported by Oracle Support.