Using Alternative Authentication Providers 3-21 ■ Click OK. Next you must make the new trusted user a member of the BISystem Application Role.

3. In Fusion Middleware Control target navigation pane, go to the Oracle WebLogic

Server domain in which Oracle Business Intelligence is installed. For example, bifoundation_domain.

4. Select Security and Application Roles from the WebLogic Domain menu, to

display the Application Roles page. 5. Click the Select Application Stripe to Search radio button, and select obi from the list. Click the search arrow to the right of the Role Name field. The Oracle Business Intelligence Application Roles are displayed and should resemble the screenshot below.

6. Select the BISystem Application Role and click Edit.

7. In the Edit Application Role page, scroll down to the Users section and click Add

User . 3-22 Security Guide for Oracle Business Intelligence Enterprise Edition

8. In the Add User dialog, click the arrow next to the User Name field to search for

the trusted user created in the alternative authentication provider for example, Oracle Internet Directory. Use the shuttle controls to move the trusted user name BISystemUser from the Available Users list to the Selected Users list.

9. Click OK.

The trusted user BISystemUser contained in the alternative authentication provider for example, Oracle Internet Directory, or Active Directory, is now a member of the BISystem Application Role. The next stage of configuring the new system user is to ensure they are part of the WebLogic Global Admin role. 10. In WebLogic Console, click myrealm to display the Settings for Realm page, display the Roles and Policies tab. 11. In the list of roles, click on the plus sign to expand Global Roles, then Roles, then click View Role Conditions link for the Admin Role. Using Alternative Authentication Providers 3-23 12. Add the new trusted user to the Global Admin Role. Ensure the conditions specified will match your user, either directly, or by virtue of a group they belong to for example, condition may be User = BiSystemUser or Group=Administrators.

13. Click Save.

14. If you change the trusted user name to a value other than BISystemUser, you must also change the equivalent user name for JMS Modules. Oracle Business Intelligence Publisher JMS modules use BISystemUser by default, therefore if you have changed your trusted user account name to a value other than BISystemUser, you must also change the user name for JMS Modules to the value of the new trusted user. 1. In WebLogic Console, select - Services - Messaging - JMS Modules. 2. Select BipJmsResource. 3. Go to the Security tab, and display the Policies sub-tab. 4. Replace BISystemUser with the name of the new trusted user. 15. Start the Managed Servers. Once you have changed the system user credentials in this way, you will need to restart the BI Server and BI Presentation Server before these changes will take effect. The easiest way to do this is using Fusion Middleware Control - selecting Business Intelligence and Restart All Components. The new trusted user from the authentication provider for example, Oracle Internet Directory, Active Directory, is configured for Oracle Business Intelligence.

3.2.7 Regenerating User GUIDs