2-24 Security Guide for Oracle Business Intelligence Enterprise Edition 3. Select an Application Role in the list and click Edit to display an edit dialog, and complete the fields as follows:

4. In the Members section, use the Add Group option to add the group that you

want to assign to the Roles list. For example, if a group for marketing report consumers named BIMarketingGroup require an Application Role called BIConsumerMarketing, then add the group named BIMarketingGroup to Roles list.

5. Click OK to return to the Application Roles page.

2.4.3 Creating Application Policies Using Fusion Middleware Control

You can create Application Roles based on default preconfigured Application Policies, or you can create your own Application Policies. Application Policies do not apply privileges to RPD or Oracle BI Presentation Catalog objects and functionality. All Oracle Business Intelligence permissions are provided as part of the installation and you cannot create new permissions. The Application Policy is the mechanism that defines the permissions grants. Permission grants are controlled in the Fusion Middleware Control Application Policies page. The permission grants are defined in an Application Policy. An Application Role, User, or Group, is then assigned to an Application Policy. This process makes the Application Role a Grantee of the Application Policy. There are two methods for creating a new Application Policy: ■ Create New - A new Application Policy is created and permissions are added to it. ■ Copy Existing - A new Application Policy is created by copying an existing Application Policy. The copy is named and existing permissions are removed or permissions are added. For more information about creating Application Policies, see Managing Policies with Fusion Middleware Control in Oracle Fusion Middleware Application Security Guide. To create a new Application Policy: 1. Log in to Fusion Middleware Control, navigate to Security, then select Application Policies to display the Application Policies page. For information, see Section 2.4.1, Starting Oracle Fusion Middleware Control and Locating the Pages for Managing Security . Whether or not the obi application stripe is pre-selected and the Oracle Business Intelligence Application Policies are displayed depends upon the method used to navigate to the Application Policies page.

2. If necessary, select Select Application Stripe to Search, then select the obi from

the list. Click the search icon next to Role Name. The Oracle Business Intelligence Application Policies are displayed. The Principal column displays the name of the policy Grantee. Managing Security Using the Default Security Configuration 2-25

3. Click Create to display the Create Application Grant page.

4. To add permissions to the policy being created, click Add in the Permissions area

to display the Add Permission dialog. ■ Complete the Search area and click the blue search button next to the Resource Name field. All permissions located in the obi application stripe are displayed. 2-26 Security Guide for Oracle Business Intelligence Enterprise Edition ■ Select the desired Oracle Business Intelligencer permission and click OK. Repeat until all desired permissions are selected. Selecting non-Oracle Business Intelligence permissions have no effect in the policy. ■ To remove any items, select it and click Delete. You are returned to the Create Application Grant page. The selected permissions display in the Permissions area. 5. To add an Application Role to the policy being created, click Add Application Role in the Grantee area to display the Add Application Role dialog. ■ Complete the Search area and click the blue search button next to the Resource Name field. ■ Select from the Available Roles list and use the shuttle controls to move it to Selected Roles . ■ Click OK. You are returned to the Application Policies page. The Principal and Permissions of the policy created are displayed in the table. The following figure shows the new Application Policy just created with MyNewRole Application Role as the Grantee Principal. Managing Security Using the Default Security Configuration 2-27 To create an Application Policy based on an existing one: 1. Log in to Fusion Middleware Control, navigate to Security, then select Application Policies to display the Application Policies page. For information, see Section 2.4.1, Starting Oracle Fusion Middleware Control and Locating the Pages for Managing Security . Whether or not the obi application stripe is pre-selected and the Application Policies are displayed depends upon the method used to navigate to the Application Policies page.

2. If necessary, select Select Application Stripe to Search, then select the obi from