Managing Security Using the Default Security Configuration 2-3 You can use the installed groups and Application Roles to deploy security, and if required you can develop your own groups and Application Roles to meet your business needs. For example: ■ If you want to enable an employee called Fred to create dashboards and reports, you might create a new user called Fred and assign Fred to the default BIAuthors group. ■ If you want to enable user Fred to perform BIAuthors and BIAdministrator duties, you might create a new Application Role called BIManager, which has both BIAuthors privileges and BIAdministrators privileges ■ If you want user Fred to be a Sales dashboard author, you might create an Application Role called Sales Dashboard Author that has permissions to see Sales subject areas in the repository and edit Sales dashboards. For detailed information about the installed Users, Groups, and Application Roles, see Appendix B, Understanding the Default Security Configuration.

2.2 An Example Security Setup Using the Default Groups and Application Roles

This example uses a small set of Users, Groups, and Application Roles to illustrate how you set up a security policy using the default groups and Application Roles. In this example, you want to implement the following: ■ Three users named User1, User2, and User3, who need to view business intelligence reports. ■ Two users named User4 and User5, who need to create business intelligence reports. ■ Two users named User6 and User7, who administer Oracle Business Intelligence. The figure below shows the Users, Groups, and Application Roles that you would deploy to implement this security model. Figure 2–2 Example Groups, Application Roles, and Users The example above shows the following: ■ The group named BIConsumers contains User1, User2, and User3. Users in the group BIConsumers are assigned to the Application Role named BIConsumer, which enables the users to view reports. ■ The group named BIAuthors contains User4 and User5. Users in the group BIAuthors are assigned to the Application Role named BIAuthor, which enables the users to create reports. 2-4 Security Guide for Oracle Business Intelligence Enterprise Edition ■ The group named BIAdministrators contains User6 and User7. Users in the group BIAdministrators are assigned to the Application Role named BIAdministrator, which enables the users to manage repositories. To implement this example security model, you would do the following: 1. Create seven users named User1 to User 7, as described in Section 2.3.3, Creating a New User in the Embedded WebLogic LDAP Server . 2. Assign the users to the installed and preconfigured groups, as follows: ■ Assign User1, User2, and User3 to the preconfigured group named BIConsumers. ■ Assign User4 and User5 to the preconfigured group named BIAuthors. ■ Assign User6 and User7 to the preconfigured group named BIAdministrators. For more information, see in Section 2.3.5, Assigning a User to a Group in the Embedded WebLogic LDAP Server .

2.3 Creating and Managing Users and Groups in the Embedded WebLogic LDAP Server