Security Features Provided by Oracle Portal
16.1.1 Default Reports-Related Groups
When you install Oracle Portal, Reports-related groups are created for you automatically. These include the following groups: ■ RW_BASIC_USER ■ RW_POWER_USER ■ RW_DEVELOPER ■ RW_ADMINISTRATOR You must assign appropriate privileges to these groups to enable group members to perform specific functions on reports through Oracle Portal. For example, for each report object that you want members of a group for example, RW_BASIC_USER to be able to run, you have to grant the Execute privilege to that group from the Access tab of the report object. Similarly, if you want members of a group for example, RW_ ADMINISTRATOR to be able manage Reports Servers, printers, and reports, you have to grant the Manage privilege to that group from the Access tab of those objects. While you can assign object privileges to individual users, we recommend that every person who will access your reports belong to one of these groups or a group that you create yourself. If users try to run reports without being a member of one of these groups, by default, they are assigned the privileges of a basic user. Note: If you have a large user population already entered into an LDAP-compatible directory, you can use Oracle Internet Directory features to synchronize the directories and save yourself the effort of entering your users individually. Youll find information about Oracle Internet Directorys Directory Integration Server in the Oracle Fusion Middleware Administrators Guide for Oracle Internet Directory. Note: When you use features like Oracle Portal Security, Portal Destination, and Job Status Repository, the JDBC database connections made by Oracle Reports Services may override the initial NLS_LANG setting. This change may in turn affect the behavior of the running report, such as bidirectional output in PDF. On UNIX platforms, you can work around this issue by using the environment switching functionality to dynamically set the environment for reports. Refer to Section 8.2.2, Dynamic Environment Switching for more information. Deploying Reports in Oracle Portal 16-3 The following commands can be run by members of any group: ■ getfile ■ showmyjobs ■ killmyjobs ■ getjobid ■ showjobid ■ help Only members of the RW_DEVELOPER group can run the following commands: ■ showmap ■ showenv ■ showjobs ■ parsequery Members of the RW_ADMINISTRATOR group can run any command.16.1.1.1 RW_BASIC_USER
Should the security check fail, members of the RW_BASIC_USER group see less detailed error messages than the users in other Oracle Reports groups, such as: Security Check Error Typically, you will want to assign this group minimal privileges. For example, you probably will want to give RW_BASIC_USER the privilege to execute reports and no more.16.1.1.2 RW_POWER_USER
In addition to the privileges of the RW_BASIC_USER group, the RW_POWER_USER group sees error messages that are more detailed than those displayed to basic users. For example, if members of this group are not permitted to run to HTML, but they try anyway, they might get the message: Cannot run report to HTML This is more detailed than the message an RW_BASIC_USER would receive for the same error.16.1.1.3 RW_DEVELOPER
In addition to the privileges of the RW_POWER_USER group, the RW_DEVELOPER group can run the following Web commands that show the system environment: ■ showmap ■ showenv ■ showjobs Note: The RW_ groups are created automatically by configuring Oracle Portal, or you can create them manually. You can also run Web commands if they are in the IASADMINS group.Parts
» Oracle Fusion Middleware Online Documentation Library
» Oracle Reports Client Oracle Reports Runtime
» Oracle Reports Servlet Introduction to Oracle Reports
» Oracle Reports Server Introduction to Oracle Reports
» Overview Oracle Reports Services
» The Oracle HTTP Server, a Web server provided by Oracle Fusion Middleware. It
» The module mod_weblogic, used by the Oracle HTTP Server to redirect requests
» The module mod_osso, used by the Oracle HTTP Server to connect to Single
» Oracle Reports Servlet Oracle Reports Services Components
» The Custom Tag Handler, which processes custom Oracle Reports tags included
» The Reports Server rwserver, which processes client requests, including
» The Reports Server Cache, which securely stores completed job outputs.
» The Reports Engine, which includes components for running SQL-based and
» The pluggable data sources, a set of design-time and runtime Java APIs that
» The pluggable engines, which are custom engines that use Java APIs to pass jobs
» Oracle Reports Services Runtime Process
» Click OK, and follow the instructions getServerRef
» runReport executeReport getServerRef Oracle Reports Services Communication Architecture
» Server Discovery Using the COS Naming Service
» Choosing the Types of Requests You Will Service
» Choosing Oracle Reports Servlet, JSP, or Web Services
» Choosing Single or Multiple-Machine Configurations
» Maintaining High Availability Setting Up a High Availability Environment
» From the Reports menu, select System MBean Browser.
» Select rwservlet from the list.
» Configuring Reports Server for High Availability
» Enter a valid folder name in the Cluster Cache Directory fiel Click Apply.
» Using Oracle Enterprise Manager
» Checking Oracle Reports Servlet
» Checking Reports Server Verifying the Reports Server Environment
» Backward Compatibility and Interoperability
» Understanding the Oracle Fusion Middleware Installation Structure Granting Access to RWbuilder
» Overview of the Oracle Fusion Middleware Upgrade Assistant
» Overview of the Upgrade Process
» What is Upgraded? Oracle Fusion Middleware Online Documentation Library
» Summary of the Upgraded Files
» For More Information Oracle Fusion Middleware Online Documentation Library
» From the Reports Server main page, navigate to Reports Control menu, and
» Alternative Methods of Starting and Stopping Reports Server
» Starting and Stopping the Oracle Reports Bridge from the Command Line
» Set the TNS_ADMIN environment variable to your TNS_ADMIN directory.
» Starting Reports Standalone Server
» Starting and Stopping the COS Naming Service
» Starting, Stopping, and Restarting Oracle Reports Components Using Oracle Enterprise Manager
» Starting and Stopping the In-process Reports Server Using Oracle Reports Servlet
» Configuring Reports Server for Oracle Enterprise Manager
» Viewing the Component Topology
» Starting, Stopping, and Restarting Oracle Reports Components
» Log in to Oracle Enterprise Manager.
» Navigate to the Reports Server Home Page.
» From the Reports menu, select Administration Basic Configuration
» In the Reports Server Parameters content pane, enter the name of the mail server
» Select the Enable SSL for Mail Server checkbox if the mail server is secure.
» Enter the mail server username and CSF key of the password in the Mail Server
» Defining Oracle Enterprise Manager Administration Roles
» From the Reports menu, select Reports Jobs Jobs Page.
» Enter desired information in the Owner, Output Type, and Output Format fields
» Log in to Oracle Enterprise Manager. Navigate to the Reports Server Home page see
» Perform any available operation on any job.
» From the Reports menu, select Reports Jobs Schedule New Job.
» Click Submit to schedule a job.
» From the Reports menu, select Administration Advanced Configuration.
» In the Reports Security section, check Enable Security, then select Security
» From the Reports menu, select Administration Manage Reports Security
» Log in to Oracle Enterprise Manager. Navigate to the Reports Application Home page see
» Click Create or Edit to enter appropriate values for the elements on the page.
» Click Apply. Enabling and Disabling Single Sign-On
» Log in to Oracle Enterprise Manager and navigate to WebLogic Domain
» Use the button Delete to remove a selected item key or map in the table. Note
» Click Create Map to display the Create Map dialog.
» Click OK to return to the Credentials page. The new credential map name is
» Click Create Key to display the Create Key dialog.
» In this dialog, select a map from the pull-down list Select Map where the new key
» Click OK when finished to return to the Credentials page. The new key is shown
» From the Reports menu, select Administration FormsReports Common
» In the Diagnostics section, change the Log Options to TRACE:1 and click Apply.
» From the Reports menu, select Log View Log Messages to view the log
» Problems Viewing Reports Metrics When Reports is Configured for Secure Sockets Layer SSL
» Click the Certificate Path tab and select the first entry in the list of certificates.
» Click View Certificate to display a second Certificate dialog box.
» Click the Details tab on the Certificate window.
» Click Copy to File to display the Certificate Manager Export wizard.
» In the Certificate Manager Export wizard, select Base64 encoded X.509 .CER
» Log in to Oracle Enterprise Manager. Navigate to the desired component’s home page see
» From the Reports menu, select Logs View Log Messages.
» View the trend metrics; that is, how many errors of each type Incident Error,
» Use the search options available in the page to search inside log files with various
» Log in to Oracle Enterprise Manager. Navigate to the component’s home page see
» From the Reports menu, select Logs Log Configuration.
» Click Apply Configuring Log Levels
» Modifying Reports Server Audit Configuration
» Registering Pluggable Destinations with Reports Server
» Configuring Proxy Information Oracle Fusion Middleware Online Documentation Library
» Displaying a Consolidated Job Queue
» In the High Availability Parameters section, in the Cluster Cache Directory field,
» When should I use the Oracle Fusion Middleware System MBean Browser?
» About Reports Configuration MBeans
» Modifying Reports Configuration Settings Using the System MBean Browser
» Change the Maximum Log File Size MB and Maximum Size of all Log Files
» Diagnosing Font Issues Diagnosing Issues
» Oracle Reports Services Configuration Files
» Reports Server Configuration Elements
» Dynamic Environment Switching Reports Server Configuration File
» Oracle Reports Servlet Configuration Elements
» remoteBridge Start the Oracle Reports Bridge.
» remoteBridges Start the Oracle Reports Bridge.
» Network Configuration Elements Network Configuration File
» Editing the Server Configuration File
» opmn.xml Entering Proxy Information
» Creating a New Reports Server
» Creating a New Bridge Component Type
» About BPEL Overview of SOA Integration
» Using RWWebservice to Submit Jobs to the Reports Server
» Optimizing the Deployment of Reports
» Sample system-jazn-data.xml File
» Configuring Reports Managed Server Enabling HTTPS for Oracle Reports
» Fonts in Oracle Reports Builder
» Specifying Aliasing Information Font Aliasing
» Font Aliasing Mechanism Font Aliasing
» Font Aliasing File Verification
» Unicode Type1 Fonts Font Types
» Verifying Report Output on Different Platforms
» Running a Unicode Report using TTFTTC Fonts
» General Printing Mechanism UNIX Printing Overview
» Oracle Reports Printing Mechanism on UNIX and Windows
» Printing Support UNIX Printing Overview
» Installing a Printer on UNIX
» Environment Variables Configuring the Printing Environment
» Overview of Files Printer-Related Files
» PPD Files Printer-Related Files
» HPD Files Printer-Related Files
» Font Metrics Files Printer-Related Files
» uifont.ali Printer-Related Files
» uiprint.txt Printer-Related Files
» Editing the Printer-Related Files
» Setting Up a Single Server for Printing
» Multibyte Character Set Printing
» DEBUG_SLFIND Debugging Options
» TK_DEBUG_POSTSCRIPT Debugging Options
» ScreenPrinter Removing DISPLAY and Printer Dependencies on UNIX
» Advanced Imaging Support Removing DISPLAY and Printer Dependencies on UNIX
» If you have multiple printer queue entries in uiprint.txt and you want to set
» PCL Printing Issues Frequently Asked Questions
» PostScript Printing Issues Frequently Asked Questions
» Click OK. The Paper Layout view should now be able to read the boundary.
» Compression PDF Features Included in Oracle Reports
» Choose Edit Preferences Page Display. Select Smooth Text, Smooth Line Art, and Smooth Images.
» Font Feature Summary Click OK.
» Precedence of Execution PDF Features Included in Oracle Reports
» In Acrobat Writer 6.0 or later, open the PDF document.
» Select Document Security Restrict Opening and Editing.
» In the password prompt, enter the appropriate password as specified in
» In the dialog box that displays, make desired changes to passwords and
» Accessibility Taxonomy PDF Features Included in Oracle Reports
» Font Subsetting Generating a Bidirectional BiDi PDF File
» Font Aliasing Generating a Multibyte PDF File
» Set NLS_LANG=JAPANESE_JAPAN.JA16SJIS or JA16EUC on UNIX
» Set the REPORTS_PATH environment to the font directory in which the TrueType
» Open the uifont.ali file and edit the [PDF:Subset] section to specify the
» Font Subsetting Generating a Barcode PDF File
» Font Lookup Overview of the Font Model
» Font Availability On Different Platforms
» Development platform Fixing Font-Related Issues
» Deployment platform Fixing Font-Related Issues
» Same comment holds for all the subsequent sections where you have asked to
» Client platform Fixing Font-Related Issues
» Create a new report. While creating your report ensure that you leave additional
» Copy all the TTF and TTC files, which are used in the report, to the REPORTS_
» Remove any unnecessary aliasing from the uifont.ali file. For example, Arial is
» Run the Report. Deploying Your Report
» The PPD file that you modified should be picked up. If it is not picked up it is
» The AFM files that you have copied to AFM directory should be picked up
» Frequently Asked Questions Generating HTMLCSS, RTF, or Web Output
» Designing Your Report Generating Single-Byte PDF Output
» Copy the Windows TTF files that you have used in your report to the fonts
» Add the path to the TTF files in the REPORTS_PATH environment variable. This
» Designing Your Reportin Pre-11g Version That Uses Motif Tool Kit Mechanism
» Locate the TTF files corresponding to the fonts used in your report. Convert these
» Post-conversion, remove the .afm extension in the AFM file name. For example:
» Frequently Asked Questions Generating Multibyte PDF Output
» Designing Your Report in Pre-11g Version That Uses Motif Tool Kit Mechanism
» Deploying Your Report Frequently Asked Questions
» Pluggable Destinations from Oracle Forms Services.
» Submitting Reports to Pluggable Destinations from Oracle Forms Services
» JDBC Configuration File Configuring and Using the JDBC PDS
» Oracle Reports Builder rwbuilder.conf Reports Server: jdbcpds.conf
» Oracle Reports Builder rwbuilder.conf
» Reports Server: jdbcpds.conf
» jdbcpds.conf Oracle Fusion Middleware Online Documentation Library
» Running a JDBC Report Using Oracle Reports Services
» Text Configuration File Configuring and Using Text PDS
» Overview Introduction to Oracle Reports Security
» Resources Protected Introduction to Oracle Reports Security
» Credential Store Introduction to Oracle Reports Security
» Out-of-the-Box Behavior Oracle Fusion Middleware Online Documentation Library
» User requests the report through a URL
» Oracle HTTP Server routes the request to rwservlet deployed on Oracle rwservlet
» User name and password are passed on to
» Reports Server authenticates the user that is, verifies the user name and
» Authentication Scenarios for JPS-Based Security
» Authentication Scenario for Portal-Based Security
» Report output is passed to Oracle HTTP Server
» Report output is passed to the user
» Navigate to the WebLogic Domain menu.
» Choose Security Application Roles.
» Defining Security Policies for Reports
» In the Permissions field, enter the permissions.
» Log in to Enterprise Manager.
» Navigate to the Reports Application home page.
» From the Reports menu, select Security Application Roles.
» In the Role Name field, enter the name of the application role to search.
» Click the right arrow button to search application roles.
» End-to-End Security Scenarios Oracle Fusion Middleware Online Documentation Library
» Recommended Production Scenario for JPS-Based Security
» Recommended Production Scenario for Portal-Based Security
» From the Domain Structure window on the left pane of the console, select
» Click the Users and Groups tab.
» Click New to add users. Click OK.
» Enter appropriate values in the Security Configuration for Reports page. Click OK
» Click Configure. Configuring External Oracle Internet Directory for In-Process Servers
» Provide the Oracle Internet Directory and JPS root node details and click OK.
» Log in to Oracle Enterprise Manager. Navigate to your Reports Application home page.
» From Reports menu select Administration Reports OID Association.
» Click OK. Reassociating Reports with Oracle Internet Directory
» Under jpsContext name=default add the following: Under serviceInstances, add the following:
» Under serviceProviders, add the following: Save and restart WLS_REPORTS.
» Forms and Reports Security Recommendations
» Intermediate-level Security for Forms and Reports
» Using DAS and Editing the Server Configuration File
» Configuring Proxy User Authentication in the Database
» Obtaining Proxy Access Information
» Configuration Settings in Reports Configuration Files
» Security Features Provided by Oracle Portal
» Security Interfaces Oracle Fusion Middleware Online Documentation Library
» Default Reports-Related Groups Creating Reports Users and Named Groups
» Portal Password in Credential Store
» On the Server Definition page: Click Next.
» Optional Enter a Custom Destination Type, if you have defined a custom Click Next.
» Optional Enter the Availability Calendar name or click the list button to select
» Click Finish. Registering a Reports Server
» Click Close to close this page and return to the Oracle Reports Security page.
» Log in as an administrator to Oracle Portal.
» Click the Oracle Reports Security Settings link in the Oracle Reports Security
» Click the Create Reports Definition File Access link in the Reports Definition
» On the resulting page, the Name internal name and the Portal DB Provider
» Click Next. Registering a Report
» Select the Parameter Form Template and click Preview Template to see what the
» Define the limits for the reports existing parameters on the Optional Parameters
» Navigate to the Builder page.
» Click the Create Reports Printer Access link in the Reports Printer Access
» On the resulting page, the Name internal name and Portal DB Provider fields
» Click Next. Registering a Printer
» Click Finish. Click Close to close this page and return to Oracle Portals Oracle Reports
» Click the Create Reports Simple Calendar Access link in the Reports Calendar
» On the resulting page, the Name internal name and Portal DB Provider fields Click Next.
» Optionally, enter a description of the calendar under Description.
» Click Next. Creating an Availability Calendar
» On the DateTime Availability page, define the parameters for the calendar:
» On the Summary page, click the Show Calendar button to preview your
» On the Summary page, click Finish to complete the availability calendar.
» Creating a Combined Availability Calendar
» Click the Create Reports Combined Calendar Access link in the Reports Calendar
» Optional Enter a description of the Availability Calendar in the Description field.
» On the Selection page, highlight the calendars on the Availability Calendars list
» Click the right arrow to move the selected calendars to the Selected Availability
» On the Exclude page, highlight the calendars on the Availability Calendars list
» Click the right arrow to move the selected calendars to the Excluded Availability
» On the Summary page, click the Show Calendar button to preview your calendar.
» Click Finish to complete creation of the combined calendar.
» Click Close to close this page and return to Oracle Portals Oracle Reports
» The Manage Portlet Registering Oracle Reports Components
» Creating a Provider for Your Reports
» If you are not already on the Builder page, click Builder at the top of the page.
» In the Page Groups portlet, choose the name of the page group in which you want
» Create a new page by clicking Create a Page or edit an existing page by entering
» In the page region where you wish to add your report portlet, click the Add
» Drill down through the Portlet Repository to the provider that contains the report
» Click the name of your report portlet to add it to the Selected Portlets list.
» Click OK. Adding the Report Portlet to a Page
» Click Customize in the upper right corner of your report portlet.
» Enter parameter values in the Parameter tab and, if desired, schedule the job to
» Run a report with the following URL:
» In Oracle Portal, go to the page specified in the URL and make sure the report is
» Click Customize at the bottom of the Develop tab for the report. Connecting to Oracle Portal
» In the 9.0.4 IM ORACLE_HOME, open the following file in a text editor:
» Prerequisites Oracle Fusion Middleware Online Documentation Library
» Oracle Identity Management and OracleAS Single Sign-On Infrastructure
» Launch Oracle Delegated Administration Services and go to the Home tab.
» Click the Configuration tab.
» Click the Preferences sub tab and you should see a page similar to the one in
» Under Default Resource Access Information, click Create.
» Click Next. Enabling and Disabling Data Source Security
» Click Submit. Enabling and Disabling Data Source Security
» Login as the administrator orcladmin.
» Under Configure Resource Type Information, click Create and you should see a
» Click Submit. Your resource type is created and you can now reference it in the
» Connecting to Oracle Internet Directory
» Oracle Reports Servlet The Reports URL Syntax
» Transfer the report file RDF, REP, XML, or JSP and its associated files for
» Running a Report with a Paper Layout
» Deploying a JSP Report to the Web and to Paper
» Running a JSP-Based Web Report from a Browser
» Running a JSP report with a Paper Layout
» Running with the WE8MSWIN1252 Character Set on UNIX
» Publishing a Report in Oracle Portal
» Specifying a Report Request from a Web Browser
» Sending a Request to the URL Engine
» Running Reports Through a Web Service
» From your present working directory, run the following command:
» Create the ReportsTools directory as follows:
» Copy the tools-logging.xml file as follows:
» Copy the tools-log-template.xml file as follows:
» Copy the rwnetwork.conf file as follows:
» Replace the following macros in the copied files:
» Understanding Key Mapping Using a Key Map File
» Enabling Key Mapping Using a Key Map File
» Adding Key Mapping Entries to a Key Map File
» Using a Key with Non-JSP Reports
» Using a Key with a Report Run as a JSP
» Additional Parameters Overview Oracle Fusion Middleware Online Documentation Library
» Start a Oracle WebLogic Server instance, where the Oracle Reports instance
» Enter the following URL in the address field of your browser:
» View the Oracle Reports Web service WSDL.
» Click the WSDL link on the RWWebService Web page to view the Oracle Reports
» From the Operation drop-down list, select getAPIVersion.
» Navigate to the Test Web Service page in Oracle Enterprise Manager. See steps 1-3
» From the Operation drop-down list, select getServerInfo.
» runJob Click Test Web Service.
» From the Operation drop-down list, select runJob.
» Using RWWebServiceUtil to Test RWWebService
» Distribution Overview Oracle Fusion Middleware Online Documentation Library
» The distribution.dtd File Using Variables Within Attributes
» destinations Elements of a Distribution XML File
» foreach mail Elements of a Distribution XML File
» body Elements of a Distribution XML File
» attach Elements of a Distribution XML File
» include Elements of a Distribution XML File
» file Elements of a Distribution XML File
» printer Elements of a Distribution XML File
» destype Elements of a Distribution XML File
» property Elements of a Distribution XML File
» foreach Examples Distribution XML File Examples
» mail Examples Distribution XML File Examples
» file Examples Distribution XML File Examples
» printer Examples Distribution XML File Examples
» destype Examples Distribution XML File Examples
» Using a Distribution XML File at Runtime
» Delimited Output Limitations with Using Distribution
» Dynamic Format Values Limitations with Using Distribution
» Creating and Manipulating a Parameter List
» Including non-ASCII Characters in Parameter Names and Values
» Submitting a Job The Event-Driven Publishing API
» Checking for Status The Event-Driven Publishing API
» Debugging Applications that Use the Event-Driven Publishing API
» Invoking a Report from a Database Event
» Creating a Queue That Holds Messages of Type SRW_PARAMLIST
» Creating the Dequeuing Procedure
» Customization Overview Oracle Fusion Middleware Online Documentation Library
» Required XML Tags Creating XML Customizations
» Changing Styles Changing a Format Mask
» Adding Formatting Exceptions Creating XML Customizations
» Creating Multiple Data Sources Linking Between Data Sources
» Creating Group Hierarchies Within Each Data Source
» Creating Cross-Product Matrix Groups
» Creating Formulas, Summaries, and Placeholders at Any Level
» Creating Parameters Creating XML Data Models
» Applying an XML Report Definition at Runtime
» rwbuilder Debugging XML Report Definitions
» Writing XML to a File for Debugging
» Defining the Language and Territory
» Character Set Design Considerations If you are designing a multilingual
» Font Aliasing Considerations There may be situations where you create a
» DEVELOPER_NLS_LANG and USER_NLS_LANG Environment Variables
» Specifying a Character Set in a JSP or XML File
» Modify the page directive to read
» Enhanced BIDI Reshaping Bidirectional Support
» Translating Applications Troubleshooting Globalization Issues
» Diagnosing Engine Crashes Logging Enhancements
» Oracle Enterprise Manager Performance Analysis Tools
» About WLST Performance Analysis Tools
» listLogstarget=opmn:instance1ohs1 displayLogstail=100
» displayLogsquery=ECID equals Logging-Related WLST Commands
» Metrics Related WLST Commands
» Audit Configuration WLST Commands
» Tracing Report Execution Performance Analysis Tools
» Load the rw_server.sql file to a database this file is included with your Oracle
» Set the repositoryconn property of the jobStatusRepository element in
» SHOWJOBS Command Line Keyword
» Efficient SQL Performance Analysis Tools
» PLSQL Performance Analysis Tools
» Java Stored Procedures Performance Analysis Tools
» The Java Importer Performance Analysis Tools
» Tuning Reports Server Configuration
» Non-SQL Data Sources Accessing the Data
» Database Indexes Accessing the Data
» Calculations Accessing the Data
» Redundant Data Accessing the Data
» Break Groups Accessing the Data
» Group Filters Accessing the Data
» Paper Layout Formatting the Data
Show more