2-14 Security Guide for Oracle Business Intelligence Enterprise Edition policies or roles displaying the Policy Store is organized by stripe and we use the obi stripe. 1. Log in to Fusion Middleware Control by entering the URL in a Web browser. For example, http:hostname:port_numberem. The Fusion Middleware Control login page displays.

2. Enter the Oracle Business Intelligence administrative user name and password

and click Login The password is the one you supplied during the installation of Oracle Business Intelligence. If these values have been changed, then use the current administrative user name and password combination.

3. From the target navigation pane, open Business Intelligence and select

coreapplication . Display the Security menu by selecting one of the following methods: ■ Right-click coreapplication, then select Security to display a submenu with Application Policies and Application Roles as options. ■ From the content pane, select the Business Intelligence Instance menu, then select Security to display a submenu with Application Policies and Application Roles as options. Managing Security Using the Default Security Configuration 2-15

4. Select Application Policies or Application Roles as needed. The obi Oracle

Business Intelligence application stripe is selected and the corresponding Oracle Business Intelligence policies or roles are displayed. ■ The following figure shows an example of Application Policies page displaying the default Oracle Business Intelligence Application Policies. ■ The following figure shows an example of Application Roles page displaying the default Oracle Business Intelligence Application Roles. 2-16 Security Guide for Oracle Business Intelligence Enterprise Edition

2.4.1.3 Displaying the Security Menu in Fusion Middleware Control from bifoundation_domain

To display the Security menu in Fusion Middleware Control from bifoundation_ domain : Using one of the following methods requires you later select the obi application stripe to search for the Oracle Business Intelligence Application Policies or Application Roles. 1. Log in to Fusion Middleware Control by entering the URL in a Web browser. For example, http:hostname:port_numberem. The Fusion Middleware Control login page displays.

2. Enter the Oracle Business Intelligence administrative user name and password

and click Login. The password is the one you supplied during the installation of Oracle Business Intelligence. If these values have been changed, then use the current administrative user name and password combination. Managing Security Using the Default Security Configuration 2-17

3. From the target navigation pane, open WebLogic Domain and select

bifoundation_domain . Display the Security menu by selecting one of the following methods: ■ Right-click bifoundation_domain, then select Security to display a submenu. ■ From the content pane, select the WebLogic Server menu, then select Security to display a submenu. 2-18 Security Guide for Oracle Business Intelligence Enterprise Edition

2.4.2 Creating Application Roles Using Fusion Middleware Control

This section explains how to create and manage Application Roles using Oracle Fusion Middleware Control, and contains the following topics: ■ Section 2.4.2.1, Overview ■ Section 2.4.2.2, Creating an Application Role ■ Section 2.4.2.3, Assigning a Group to an Application Role

2.4.2.1 Overview

In a new Oracle Business Intelligence deployment, you typically create an Application Role for each type of business user activity in your Oracle Business Intelligence environment. For example, a typical deployment might require three Application Roles: BIConsumer, BIAuthors, and BIAdministrator. In this case, you could either use the preconfigured Application Roles named BIConsumer, BIAuthor, and BIAdministrator that are installed with Oracle Business Intelligence, or you could create your own custom Application Roles. For more information about the default Application Roles, see Section 2.1, Working with the Default Users, Groups, and Application Roles . Oracle Business Intelligence Application Roles represent a role that a user has. For example, having the Sales Analyst Application Role might grant a user access to view, edit and create reports on a companys sales pipeline. You can create new Application Roles to supplement or replace the default roles configured during installation. Keeping Application Roles separate and distinct from the directory server groups enables you to better accommodate authorization requirements. You can create new Application Roles to match business roles for your environment without needing to change the groups defined in the corporate directory server. To control authorization requirements more efficiently, you can then assign existing groups of users from the directory server to Application Roles.