13-6 Oracle Fusion Middleware Configuration Guide for Oracle Business Intelligence Discoverer In addition, the Oracle Fusion Middleware Security model underpins the Discoverer connection mechanism for more information, see Section 13.5.1, About Discoverer public connections and the Oracle Fusion Middleware Security model . For more information about Oracle Security, see: ■ Oracle Fusion Middleware Application Security Guide ■ Oracle Fusion Middleware Getting Started with Oracle Identity Management

13.5.1 About Discoverer public connections and the Oracle Fusion Middleware Security model

Discoverer managers can give users access to information by using Oracle Fusion Middleware Control to create public connections. Each connection specifies an EUL containing one or more business areas. Discoverer managers can control users’ access to information by restricting users to using public connections or by giving users permission to create their own private connections. For more information about connections, see Chapter 3, Managing Oracle BI Discoverer Connections .

13.6 Using Discoverer with Oracle Fusion Middleware Security

Oracle Fusion Middleware Security provides several services, including: ■ HTTPSSSL support using Oracle HTTP Server ■ user authentication and authorization using Java Authentication and Authorization Service JAAS, also known as JAZN ■ encryption using Java Cryptography Extension JCE You can specify that Discoverer uses the HTTPSSSL support offered by the Oracle HTTP Server as one of the communication protocols to communicate between the Discoverer server and the Discoverer client tier components. For more information, see: ■ Section 13.6.1, About specifying Discoverer communication protocols ■ Section 13.6.2, About Discoverer Viewer security and communication protocols ■ Section 13.6.3, About Discoverer Plus security and communication protocols For more information about Oracle Fusion Middleware Security, see Oracle Fusion Middleware Application Security Guide. Notes ■ When you install Oracle Business Intelligence, SSL is installed automatically and enabled by default. For more information, see Oracle Fusion Middleware Administrators Guide for Oracle HTTP Server.

13.6.1 About specifying Discoverer communication protocols

You can use Discoverer in different network environments that might or might not include firewalls using different communication protocols that is, JRMP, HTTP, HTTPS. Maintaining Security with Oracle BI Discoverer 13-7 The most appropriate network environment depends on both existing network strategies in your organization and your requirements for: ■ performance how long it takes to display information ■ accessibility whether data has to be accessed through a firewall ■ security how secure the data needs to be during transmission Note that you must use HTTPS if you want to ensure that sensitive information for example, passwords, data is securely transmitted across a network. Discoverer Viewer and Discoverer Plus require different security configurations: ■ for more information about configuring security for Discoverer Viewer, see Section 13.6.2, About Discoverer Viewer security and communication protocols ■ for more information about configuring security for Discoverer Plus, see Section 13.6.3, About Discoverer Plus security and communication protocols Notes ■ If you are deploying Oracle BI Discoverer with Oracle Web Cache, there are security implications for some restricted user environments. For more information, see: ■ Section 7.4, When to use Discoverer Viewer with Oracle Web Cache ■ Oracle Fusion Middleware Application Security Guide ■ If you have deployed Discoverer in a multiple-machine installation, note that you might want to specify different communication protocols on different Discoverer middle tier machines. For example, you might use: ■ the JRMP protocol on one machine for Plus users working inside a firewall ■ the HTTPS protocol on two other machines for Viewer users accessing reports across the Web

13.6.2 About Discoverer Viewer security and communication protocols

Discoverer Viewer uses standard HTTP or HTTPS protocols to connect Discoverer Viewer clients to the Discoverer servlet. Note : Discoverer Viewer client machines require only a standard Web browser to run Discoverer Viewer. In a default Oracle installation, Discoverer Viewer is configured as follows: 13-8 Oracle Fusion Middleware Configuration Guide for Oracle Business Intelligence Discoverer ■ In an HTTP environment, no additional security configuration is required. If you are using a firewall, open the firewall for the Oracle HTTP Server port used by Oracle for example, 80. ■ If you are using a firewall, open the firewall for the Oracle HTTP Server SSL port used by Oracle for example, 4443. In an HTTPS environment, Discoverer Viewer uses SSL security certificates on the client machine’s browser. If you are using a nonstandard or private SSL signing authority, you must install the root certificates in the browser. For more information about deploying Discoverer Viewer over HTTPS, see Section 2.5, About running Discoverer over HTTPS .

13.6.3 About Discoverer Plus security and communication protocols