Managing Security Using the Default Security Configuration 2-39 Use the Privilege dialog to change permissions, grant privileges to Application Roles, and revoke privileges from an Application Role. For example, to grant the selected privilege to an Application Role, you must add the Application Role to the Permissions list.

5. To add an Application Role to the Permissions list, do the following:

a. Click Add UsersRoles.

b. Select Application Roles from the list and click Search.

c. Select the Application Role from the results list.

d. Use the shuttle controls to move the Application Role to the Selected

Members list.

e. Click OK.

6. Set the permission for the Application Role by selecting Granted or Denied in the

Permission list. Note : Explicitly denying a Presentation Services privilege takes precedence over user access rights either granted or inherited as a result of group or Application Role hierarchy.

7. Save your changes.

2.6.4 Advanced Security Configuration Topics

This section contains advanced topics.

2.6.4.1 About Encryption in BI Presentation Services

The Oracle BI Server and Oracle BI Presentation Services client support industry-standard security for login and password encryption. When an end user enters a user name and password in the Web browser, the Oracle BI Server uses the Hyper Text Transport Protocol Secure HTTPS standard to send the information to a Note: Existing Catalog groups are migrated during the upgrade process. Moving an existing Presentation Services Catalog security configuration to the role-based Oracle Fusion Middleware security model based requires that each Catalog group be replaced with a corresponding Application Role. To duplicate an existing Presentation Services configuration, replace each Catalog group with a corresponding Application Role that grants the same Presentation Services Catalog privileges. You can then delete the original Catalog group from Presentation Services. 2-40 Security Guide for Oracle Business Intelligence Enterprise Edition secure Oracle BI Presentation Services port. From Oracle BI Presentation Services, the information is passed through ODBC to the Oracle BI Server, using Triple DES Data Encryption Standard. This provides a high level of security 168 bit, preventing unauthorized users from accessing data or Oracle Business Intelligence metadata. At the database level, Oracle Business Intelligence administrative users can implement database security and authentication. Finally, a proprietary key-based encryption provides security to prevent unauthorized users from accessing the metadata repository.

2.7 Enabling High Availability of the Default Embedded Oracle WebLogic Server LDAP Identity Store

To enable high availability of the default embedded Oracle WebLogic Server LDAP Identity Store in a clustered environment, you configure the virtualize attribute. When you set the virtualize attribute value to true, Managed servers are able to use a copy of the embedded default Oracle WebLogic Server LDAP Identity Store. To configure the virtualize attribute for high availability of the default embedded Oracle WebLogic Server LDAP Identity Store: 1. In Fusion Middleware Control, navigate to \Weblogic domain\bifoundation_ domain in the navigation pane. 2. Right-click bifoundation_domain and select Security, then Security Provider Configuration to display the Security Provider Configuration page.

3. In the Identity Store Provider area, click Configure to display the Identity Store

Configuration page. Managing Security Using the Default Security Configuration 2-41

4. In the Custom Properties area, use the Add option to add a Custom Property

called virtualize. The screenshot below shows an example set of Custom Properties including a new property called virtualize with its value set to true.

5. Click OK to save the changes.

6. Restart the Admin Server, Managed Servers, and BI components. 2-42 Security Guide for Oracle Business Intelligence Enterprise Edition 3 Using Alternative Authentication Providers 3-1 3 Using Alternative Authentication Providers This chapter explains how to configure Oracle Business Intelligence to use commercial directory servers for authentication instead of using the default Oracle WebLogic Server LDAP directory. This chapter explains how to set up Oracle Business Intelligence to use Oracle Internet Directory and other authentication providers, and also explains how to use OID as a policy store, and credential store. This chapter contains the following sections: ■ Section 3.1, Common Tasks for Deploying an Alternative Authentication Provider