Today we discuss how 11g is different/same as it’s earlier version, i.e. 10g.
The release 10g and release 11g security models differ in the following ways:
- Defining users and groups – In Oracle Business Intelligence release 10g users and groups could be defined within a repository file using Oracle BI Administration Tool. In Oracle Business Intelligence release 11g users and groups can no longer be defined within a repository. The Oracle Business Intelligence Enterprise Edition Upgrade Assistant migrates users and groups from a release 10g repository into the embedded LDAP server in a release 11g installation.
- Defining security policies – In Oracle Business Intelligence release 10g security policies in the web catalog and repository could be defined to reference groups within a directory. In Oracle Business Intelligence release 11g a level of indirection is introduced whereby security policies are defined in terms of Application Roles, which are in turn are mapped to users and groups in a directory. This indirection allows an Oracle Business Intelligence release 11g system to be deployed without changes to the corporate directory and eases movement of artifacts between development, test and production environments.
- Use of the Administrator user – In an Oracle Business Intelligence release 10g installation, a special user named Administrator has full administrative permissions and is also used to establish trust between processes within that installation. In Oracle Business Intelligence release 11g there is no special significance to the name Administrator and there can be one or more users who are authorized to undertake different sets of administrative functions. In Oracle Business Intelligence release 11g the identity used to establish trust between processes in an installation is configurable and independent.
- Repository encryption – in Oracle Business Intelligence release 10g certain sensitive elements within a repository are encrypted. In Oracle Business Intelligence release 11g the entire repository is encrypted using a key derived from a user supplied password.
The following aspects of the Oracle Business Intelligence release 10g security model remain in release 11g:
- Oracle BI Server Initialization Blocks – Oracle BI Server in release 11g continues to support the use of initialization blocks for authentication and authorization. In release 10gOracle BI Server falls back to use initialization blocks if a matching user cannot be found in the repository. In release 11g Oracle Business Intelligence falls back to use initialization blocks if the user cannot be authenticated by the installation’s configured authentication provider.
- Presentation Catalog Groups – Oracle Business Intelligence release 11g continues to support the definition of catalog groups within the Presentation Catalog. These groups are only visible within Oracle BI Presentation Services. Oracle recommends that Oracle BI Presentation Catalog groups be used for backward compatibility only and that Application Roles be used instead for new installations.
- SA System Subject Area – Oracle Business Intelligence release 11g supports the use of SA System Subject Area, in combination with Oracle BI Server initialization blocks, to access user, group and profile information stored in database tables.