Managing Security Using the Default Security Configuration 2-19 For more information about creating Application Roles, see Managing Policies with Fusion Middleware Control in Oracle Fusion Middleware Application Security Guide. Note : For advanced-level information about using a BI repository in offline mode, see Section 2.5.3.1, About Managing Application Roles in the Metadata Repository .

2.4.2.2 Creating an Application Role

There are two methods for creating a new Application Role: ■ Create New - A new Application Role is created. Members can be added at the same time or you can save the new role after naming it and add members later. ■ Copy Existing - A new Application Role is created by copying an existing Application Role. The copy contains the same members as the original, and is made a Grantee of the same Application Policy as is the original. Modifications can be made as needed to the copy to further customize the new Application Role. Membership in an Application Role is controlled using the Application Roles page in Fusion Middleware Control. Valid members of an Application Role are Users, Groups, and other Application Roles. Permission grants are controlled in the Application Policies page in Fusion Middleware Control. The permission grant definitions are set in the Application Policy, then the Application Policy is granted to the Application Role. For more information, see Section 2.4.3, Creating Application Policies Using Fusion Middleware Control . To create a new Application Role: 1. Log in to Fusion Middleware Control, navigate to Security, then select Application Roles to display the Application Roles page. For information, see Section 2.4.1, Starting Oracle Fusion Middleware Control and Locating the Pages for Managing Security . Whether or not the obi application stripe is pre-selected and the Application Policies are displayed depends upon the method used to navigate to the Application Roles page.

2. If necessary, select Select Application Stripe to Search, then select obi from the

list. Click the search icon next to Role Name. Note: Before creating a new Application Role and adding it to the default Oracle Business Intelligence security configuration, familiarize yourself with how permission and group inheritance works. It is important when constructing a role hierarchy that circular dependencies are not introduced. For more information, see Section B.4.4, How Permissions Are Granted Using Application Roles . 2-20 Security Guide for Oracle Business Intelligence Enterprise Edition The Oracle Business Intelligence Application Roles display. The following figure shows the default Application Roles.

3. Click Create to display the Create Application Role page. You can enter all

information at once or you can enter a Role Name, save it, and complete the remaining fields later. Complete the fields as follows: In the General section: ■ Role Name - Enter the name of the Application Role ■ Optional Display Name - Enter the display name for the Application Role. ■ Optional Description - Enter a description for the Application Role. In the Members section, select the Users, Groups, or Application Roles to be assigned to the Application Role. Select Add Application Role or Add Group or Add Users accordingly. To search in the dialog box that displays: ■ Enter a name in Name field and click the blue button to search. ■ Select from the results returned in the Available box. Managing Security Using the Default Security Configuration 2-21 ■ Use the shuttle controls to move the desired name to the Selected box. ■ Click OK to return to the Create Application Role page. ■ Repeat the steps until all desired members are added to the Application Role.

4. Click OK to return to the Application Roles page.

The Application Role just created displays in the table at the bottom of the page. To create an Application Role based on an existing one :

1. Log in to Fusion Middleware Control, navigate to Security, then select