Planning to Upgrade from Oracle BI 10g to BI 11g 1-41 identity used to establish trust between processes in an installation is configurable and independent. ■ Repository encryption — In Oracle Business Intelligence 10g, certain sensitive elements within a repository are encrypted. In Oracle Business Intelligence 11g, the entire repository is encrypted using a key derived from a user-supplied password. An 11g repository can be opened only with the password, and there is no mechanism to recover a lost password. The following aspects of the Oracle Business Intelligence 10g security model remain in 11g: ■ Oracle Business Intelligence Server Initialization Blocks — Oracle BI Server 11g continues to support the use of initialization blocks for authentication and authorization. In 10g, BI Server falls back to use initialization blocks if a matching user cannot be found in the repository. In 11g, Oracle Business Intelligence falls back to use initialization blocks if the user cannot be authenticated by the installation’s configured authentication provider. For information see Creating Initialization Blocks in Oracle Fusion Middleware Metadata Repository Builders Guide for Oracle Business Intelligence Enterprise Edition. ■ Catalog Groups — Oracle Business Intelligence 11g continues to support the definition of catalog groups within the Oracle BI Presentation Catalog. These groups are visible only within Oracle BI Presentation Services. Oracle recommends that catalog groups be used for backward compatibility only and that application roles be used instead for new installations. For information see Working with Catalog Groups in Oracle Fusion Middleware Security Guide for Oracle Business Intelligence Enterprise Edition. ■ SA System Subject Area — Oracle Business Intelligence 11g supports the use of SA System Subject Area in combination with BI Server initialization blocks to access user, group, and profile information that is stored in database tables. This subject area is available for backward compatibility only and embedded LDAP is recommended for new installations. For information see Setting Up the SA System Subject Area in Oracle Fusion Middleware Scheduling Jobs Guide for Oracle Business Intelligence Enterprise Edition. For more information about Oracle Business Intelligence security, see Oracle Fusion Middleware Security Guide for Oracle Business Intelligence Enterprise Edition. During the upgrade process, the existing 10g security mechanism is upgraded. The upgrade process handle any combination of the security mechanisms supported in 10g, including the following: repository users and groups, authentication initialization blocks, catalog groups, and the SA System Subject Area. However, before you run Upgrade Assistant, there are a number of Oracle BI security areas to be aware of. For more information, see Section 1.5.1, Oracle BI Security: Major Upgrade Considerations. In addition to the areas that are described in Section 1.5.1 , there are a number of other factors to consider when planning to upgrade BI security. For more information, see Section 1.5.2, Oracle BI Security: Other Upgrade Considerations.

1.5.1 Oracle BI Security: Major Upgrade Considerations

Significant changes have been made to the security model regarding how and where users, groups, and credentials are defined and stored as described in the following list.