One of the key enhancements in OBIEE 11g are the changes in Security Architecture. OBIEE 11g implements the common security architecture as the rest of the Fusion Middleware stack. While this approach has many advantages , it does represent a significant shift in both the approach and architecture of OBIEE for authorization and authentication of users.
Oracle Platform Security Services
The architectural components of Fusion Middleware that OBIEE 11g leverages are the Oracle Platform Security services (OPSS) and WebLogic authenticators. These are the components that FMW usees to provide a common security framework across the many Oracle applications that run on FMW, including OBIEE 11g and Fusion Applications.
OPSS is standards based, portable, integrated enterprise grade security framework for Java applications. OPSS provides an abstraction layer in the form of standards-based application programming interfaces (APIs) that insulate developers from security and identity management implementation details.
OPSS is used as security platform by Fusion Apps & Fusion Middleware including WLS, OES, SOA & WC.
Key Security Changes for Release 11g:
Some of the key changes in OBIEE security in 11g are
1. User and Groups are no longer defined in RPD
2. User Profile is derived from LDAP server
3. RPD is protected by RPD Password
4. RPD is encrypted
5. Introduction of Applications Roles
6. User Administrator and Group Administrators not hard-coded in RPD
7. Administrator user not used for Inter-Process Communication (component to component)
8. Credential Store storage mechanism
OBIEE 11g provides a scalable default security mechanism available for immediate implementation after installation. The default security mechanism provides controls to manage users and groups, permission grants and credential store. Following are the security controls that are available after the installation.
1. An embedded LDAP server in WebLogic available to store users and groups known as “Identity Store”
2. A file to store the permission grants information known as the “Policy Store”
3. A file to store user and system credentials for inter process communication known as the “Credential Store”.
No comments:
Post a Comment