About Discoverer and the database security model About Discoverer and the Discoverer EUL security model
13.2 About Discoverer and the database security model
At the most basic level, data in the database is protected from unauthorized access by the database’s own security model. In the case of an Oracle database, this security model comprises: ■ database users and roles ■ database privileges The database privileges granted directly to database users or granted indirectly through database roles determine the data that users can access. Typically, you set up database security by using a database administration tool or SQLPlus. Discoverer uses the database’s own security model to ensure that users never see information to which they do not have database access. For more information about the database security model and how Discoverer uses it, see Oracle Fusion Middleware Administrators Guide for Oracle Business Intelligence Discoverer. Note: Discoverer is certified with the Oracle Advanced Security Option ASO encryption technology provided by the Oracle database that is, in Oracle 8.1.7 databases and later. The certification has four encryption types RC4, DES, Triple-DES, and AES. Oracle ASO encryption incurs little performance overhead, although performance varies depending on several factors for example, the operating system, the encryption algorithm. For more information about Oracle ASO encryption, refer to the Oracle database documentation.13.3 About Discoverer and the Discoverer EUL security model
Discoverer managers use Discoverer Administrator to grant Discoverer access permissions and task privileges directly to database users or indirectly through database roles, as follows: ■ to control who can see and use which business areas, Discoverer managers grant Discoverer access permissions ■ to control the tasks each user is allowed to perform, Discoverer managers grant Discoverer task privileges Regardless of the access permissions and task privileges granted in Discoverer Administrator, a Discoverer end user only sees folders if that user has been granted the following database privileges either directly or through a database role: ■ SELECT privilege on all the underlying tables used in the folder Security Model Used by Discoverer Plus Used by Discoverer Viewer Used by Discoverer Portlet Provider Used by Discoverer Administrator Used by Discoverer pages in Fusion Middleware Control Database Yes Yes Yes Yes No Discoverer EUL Yes Yes Yes Yes No Applications Yes Yes Yes Yes No Oracle Fusion Middleware Yes Yes Yes No Yes 13-4 Oracle Fusion Middleware Configuration Guide for Oracle Business Intelligence Discoverer ■ EXECUTE privilege on any PLSQL functions used in the folder Even if they share workbooks with each other, Discoverer users never see information to which they do not have database access. Discoverer Administrator also enables Discoverer managers to protect system resources by: ■ setting scheduled workbook limits to control the system resources available to end users ■ preventing end user queries from running for longer than a specified maximum duration ■ preventing end user queries from returning more than a specified number of rows Discoverer managers can extend Discoverer functionality by registering their own PLSQL functions. However, they can only register PLSQL functions to which they have been granted the EXECUTE database privilege. For more information about the Discoverer EUL security model, see Oracle Fusion Middleware Administrators Guide for Oracle Business Intelligence Discoverer. Notes ■ To enforce read-only access to Discoverer workbooks, run Discoverer Plus in read-only mode for specified Discoverer end users by removing the CreateEdit Query privilege in Oracle BI Discoverer Administrator for more information, see Oracle Fusion Middleware Administrators Guide for Oracle Business Intelligence Discoverer. ■ Some EUL maintenance scripts supplied with Discoverer grant database privileges to the Discoverer manager and the PUBLIC user for more information, see Appendix D, Oracle BI Discoverer Administrative Account Information .13.4 About Discoverer and the Oracle Applications security model
Parts
» Oracle Fusion Middleware Online Documentation Library
» What is Oracle BI Discoverer?
» About Discoverer installations that are associated with Oracle Internet Directory and schemas
» How to confirm an Oracle BI Discoverer installation
» About connecting to Discoverer What is the Oracle BI Discoverer architecture?
» About the Discoverer Java EE applications
» About the Discoverer CORBA components
» About the Discoverer database tier Oracle BI Discoverer Navigation
» Display Trusted Certificates from the Certificate type drop down list if it is not Click Apply.
» About running Discoverer Plus over HTTP for the first time on a client machine
» How to start Discoverer Plus
» How to modify the URL that starts Discoverer
» What are the types of Discoverer connections?
» How to create public connections
» What happens when you start Discoverer servlets? What happens when you stop Discoverer servlets?
» What happens when you enable and disable Discoverer client-tier components
» What is the Discoverer Catalog? What is the OLAP Catalog?
» Characteristics of the folder structure of the Discoverer Catalog? Folders in the structure
» Types of privileges for objects and folders Managing privileges as the D4OSYS user
» Go to the Fusion Middleware Control Discoverer Home page.
» Customizing the look and feel of Discoverer Plus OLAP Information to be provided to end users
» Forms of output from the utility Description of output from the utility
» URL parameters for the Discoverer Plus OLAP
» Discoverer topology with a single instance Discoverer topology with multiple instances
» About providing load balancing
» About using Fusion Middleware Control to manage multiple machines
» What are the benefits of Oracle Web Cache? How does Oracle Web Cache work?
» In the Components area, click Discoverer Viewer in the Name column. Click Customize.
» How to improve Discoverer performance by using worksheets and page items appropriately
» How to set the log level for Discoverer component loggers How to copy Discoverer log files
» List of URL parameters specific to Discoverer Plus
» List of URL parameters specific to Discoverer Viewer
» About Discoverer and security
» About Discoverer and the Oracle Applications security model
» Configuring End-to-End Secure Sockets Layer for Discoverer
» Using Discoverer with Oracle Single Sign-On
» Using Discoverer with Oracle Access Manager
» Introducing Virtual Private Databases, Single Sign-On, and Discoverer
» Example for using GUID or SSO user name to limit Discoverer data
» How to use the eul_triggerpost_login trigger
» What is a firewall? What is a demilitarized zone DMZ?
» What is HTTPS and why should I use it? How do I configure Discoverer to work in an intranet
» About Discoverer connections and Oracle e-Business Suite
Show more