OBIEE-EBS data security integration

Similar Messages

• OBIA 7.9.6.3 security integration with EBS R12.1.2

  Hi Experts,
  We are implementing OBI Apps 7.9.6.3 with EBS R12.1.2 as source.We need to integrate Active Directory with OBIEE and implement security of BI Apps with EBS R12.1.2. Need help on this.
  How to map EBS Responsibilities into Application Role and Groups? Whether we need to create one Application Role and Group for each responsibility ? Then provide permissions in rpd for each of them? The user should have similar permission in BI as they have in EBS - like people can see only US Finance data in EBS should see only US Finance data in BI also.
  Regards,
  mvsst

  You can go through obia security guide which explains step by step procedure with screenshot on how to implement ebs authentication and role based access.
  here is the link.
  http://docs.oracle.com/cd/E21043_01/bi.1111/e16364/ebs_actions.htm
  Regards,
  RAM
  Edited by: RAM CH on May 20, 2012 1:34 PM

• Data Security in OBIEE Repository

  I applied Data Security in OBIEE Repository,created testuser and assigned to Test group.Applied security in the Test group for specific column using Logical Fact.When i login using the testuser i am not able to see the applied data filter in the Test Group.Am i missing anything.
  Thanks in Advance

  I tried but still i don't see the security filter.Do i need to configure my NQSconfigfile.ini.Security filter status in Repository is Enable.We implemented fragmentation in logical fact,anyway that shouldn't matter as per my guess.

• Scheduler configuration in OBIEE-EBS inegrated environment

  Hi All,
  We currently have OBIEE 10g integrated with EBS. I am trying to configure a scheduler and the configuration is completed and I am able to save ibots. But when ibot is run, I am getting the below error.
  ++++ ThreadID: 1894 : 2013-02-26 11:36:23.583+
  +[nQSError: 77006] Oracle BI Presentation Server Error: A fatal error occurred while processing the request. The server responded with: Odbc driver returned an error (SQLDriverConnectW).+
  Error Codes: OPR4ONWY:U9IM8TAC
  +State: 08004.  Code: 10018.  [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.+
  +[nQSError: 13024] Successful completion of init block 'Get Oracle EBS Security Context' is required. (08004)+
  Error Codes:
  +.+
  Error Codes: AGEGTYVF
  In OBIEE - EBS integration set up, how does security work with ibots.
  Any suggestions on what should be done to over come this error.
  Thank you,
  Krishi
  Edited by: Krishi on Feb 25, 2013 11:01 PM

  Krishi
  This is possible, I have it running here.
  Oracle may be able to provide the steps to make this happen, which involve using SA System and some code in the inti blocks which will work even when the user is not logged (i.e. the job is running at night)
  Adrian

• Please Help PI Data Dependent Integration Builder Authorizations NOT Workng

  Dear Friends / Experts,
  I had spend many days and explored all Weblog  and links on this website and implemented all the steps required to acheive Data Dependent Integration Builder Security and I am not successful so far. I am just giving up now - Please Help Me ---
  As I said, I already read all the important Forum Links and SAP Web links and Followed Each and Every Step - service.sap.com/instguidesNW04 ® Installation ® SAP XI
  Security Requirement - Data Dependent/Object Level Authorizations in XI / PI
  In distributed teams or in a shared PI environment it might be necessary to limit authorization for a developer or a group of developers to only one Software Component or objects within a Software Component or to specific Configuration Objects.
  Our Environment - PI 7.0 SP 16
  Created a new role in the Integration Builder Design
  u2013Add Object Types of any Software Component and Namespace
  - Enable usage of Integration Builder roles in Exchange Profile
  Integration Builder u2013Integration Builder RepositoryParameter com.sap.aii.util.server.auth.activation to true
  Assign users to the newly created Integration Builder roles
  u2013Create dummy roles in Web AS ABAP, these roles are then available as groups in Web AS Java
  u2013Assign users to these roles
  u2013Assign the Integration Builder roles to the above groups in Web AS Java
  u2013Assign unrestricted roles to Super Users
  Please help - How to validate whether Data Dependent Authorizations are Activated?
  I am working with XI Developers and Basis Team and we did updated all the Required Exchange profile parameters.
  Per this Document - User Authorizations in Integration Builder Tools - Do we need to update the server.lockauth.activation in Exchange Profile. When We updated, It removed Edit Access from all XI Developers in PI
  In both the Integration Repository and the Integration Directory, you can define more detailed authorizations that restrict access to design and configuration objects.
  In both tools, you define such authorizations by choosing Tools ® User Roles from the menu bar. The authorization for this menu option is provided by role SAP_XI_ADMINISTRATOR_J2EE. Of course, this role should only be granted to a very restricted number of administrators. To activate these more detailed authorizations, you must set exchange profile parameter com.sap.aii.ib.server.lockauth.activation to true.
  The access authorizations themselves can be defined at the object-type level only (possibly restricted by a selection path), where you can specify each access action either individually as Create, Modify, or Delete for each object type, or as an overall access granting all three access actions.
  http://help.sap.com/saphelp_nw04/helpdata/en/f7/c2953fc405330ee10000000a114084/frameset.htm
  I was able to control display and maintain access from ABAP Roles, but completely failed to implement Integration Builder Security?
  Are there any ways to check Whether Data Dependent authorization or J2EE Authorizations are activated?
  Thanks a lot
  Satish

  Hello,
  so to give you status of our issue.
  We were able to export missing business component .
  But we also exported some interfaces after that and we had some return code 8, due  to objects still present in change list on quality system (seems after previous failed transports , the change list was not cleared completley...).
  So now we have checked that no objects is present in the change list of quality system and we plan to export again our devs on quality system.
  Hope after that no more return code 8 during imports and all devs transported correctly on quality system.
  Also recommending to read that, which is pretty good.
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/7078566c-72e0-2e10-2b8a-e10fcf8e1a3d?overridelayout=t…
  Thanks all,
  S.N

• Data security (Data from SAP BW) for AD users

  Hi  All,
  I have a scenario.
  BO env : Business Objects 3.1 Sp3
  Sap Integration kit Sp3
  My target is to implement AD SSO & also provide data security for data from SAP BW. Currently there are no roles & authorization defined in the sap System. My plan was
  Step 1:-  Implement AD SSO in Business Objects
  Step 2:  Map the AD users in SAP system
  Step 3:- Crate roles in SAP System
  Step 4:-  Assign the users roles
  Steps 5:- (Not sure) :-  Map the users (Now in SAP) to BO & then aliases them with the users from AD.
  Pleas let me know if this would be correct approach... if not please suggest.... I am kind of new to SAP BO integration with experience in BO admin

  Step 1: Setup Windows AD SSO on your BOBJ server
  Step 2: Import Windows AD groups in BO
  Step 2-  Setup Server-side SNC between BO and your SAP system
  Step 3:- Create roles in SAP System and import them in BO
  Step 4:-  Assign SAP users the created roles
  Step 5: - In the CMC create SAP aliases for your Windows AD accounts
  Step 6: - Setup your reports and/or universe connections to use SSO.
  For more information on server side SNC check the installation guide of the integration Kit.
  Regards,
  Stratos

• Payment Card Industry Data Security Standards Requirement

  We store credit card numbers in our CRM and ERP systems for billing
  purposes. We use Delego software for credit card security. We also mask
  the credit card numbers during display.
  According to our interpretation of section 3 of the Payment Card
  Industry (PCI) Data Security Standards, we understand that we can
  retain cardholder data only as long as needed for business, legal,
  and/or regulatory purposes. According to our compliance policy that
  period is 3 years.
  Hence we wish to replace all card numbers older than 3 years with dummy
  card numbers. Since this requirement is mandated by the PCI-DSS, we
  believe SAP should be supplying us means to accomplish this. Are there any programs delivered by SAP to modify card numbers? Has anybody come across such a requirement?

  Hi Gina,
  Did you find good information about PCI-DSS compliance topics with SAP from this forum?  In particular we are looking at options to comply with requirement 11, File Integrity Monitoring.
  We would appreciate any guidance.
  Thank you, TMM

• [svn:bz-trunk] 20680: Tomcat 7 Login Module work, due to the Tomcat 7 Security framework change we need to work out the security integration piece for tomcat 7 .

  Revision: 20680
  Revision: 20680
  Author:   [email protected]
  Date:     2011-03-08 08:23:30 -0800 (Tue, 08 Mar 2011)
  Log Message:
  Tomcat 7 Login Module work, due to the Tomcat 7 Security framework change we need to work out the security integration piece for tomcat 7. So far the ValveBase and tomcat Realm had API changes which will impact on the Login integration with Tomcat 7
  Modified Paths:
      blazeds/trunk/modules/opt/build.xml
  Added Paths:
      blazeds/trunk/modules/opt/lib/catalina-708.jar
      blazeds/trunk/modules/opt/src/tomcat/flex/messaging/security/TomcatValve708.java

  Revision: 20680
  Revision: 20680
  Author:   [email protected]
  Date:     2011-03-08 08:23:30 -0800 (Tue, 08 Mar 2011)
  Log Message:
  Tomcat 7 Login Module work, due to the Tomcat 7 Security framework change we need to work out the security integration piece for tomcat 7. So far the ValveBase and tomcat Realm had API changes which will impact on the Login integration with Tomcat 7
  Modified Paths:
      blazeds/trunk/modules/opt/build.xml
  Added Paths:
      blazeds/trunk/modules/opt/lib/catalina-708.jar
      blazeds/trunk/modules/opt/src/tomcat/flex/messaging/security/TomcatValve708.java

• Oracle EBS Data Purging and Archival

  Hi,
  I would like to know if there is any tool available in market for Oracle EBS data purging and Archival?
  Thanks,

  yes, there are 3rd-party tool available which will apply a set of business rules (ie all data older than Nov.1, 2007) through the various Oracle modules implemented at a customer site.
  They are 3rd-party tools; You can go to Oracle.com and look in partners validated integration solutions. At the moment there are 2 partners offering such integrated solution:
  Solix EDMS Validated Integration with 12.1
  IBM Optim Data Growth Solution
  the only other solution is to hire OCS for a customized developed solution

• UMX for modules that do not support data security policies

  Hi,
  I am trying to set up UMX (including function and data security) for Purchasing. Oracle Support states that Purchasing has not adopted data security in their UIs. Is there a way to create my own own objects and instance sets? For example, User A can only see POs that begin with '5' and User B can only see POs that begin with '6'.
  Any help with how the integration between UMX and the core apps would help.
  Thanks!

  948210 wrote:
  Hi,
  I am trying to set up UMX (including function and data security) for Purchasing. Oracle Support states that Purchasing has not adopted data security in their UIs. Is there a way to create my own own objects and instance sets? For example, User A can only see POs that begin with '5' and User B can only see POs that begin with '6'.
  Any help with how the integration between UMX and the core apps would help.
  Thanks!Have you checked "Oracle E-Business Suite System Administrator's Guide - Security" manual?
  R12 -- http://docs.oracle.com/cd/E18727_01/doc.121/e12843/toc.htm
  11i -- http://docs.oracle.com/cd/B25516_18/current/acrobat/115sasg.pdf
  Thanks,
  Hussein

• KPI - Disable Data Security

  Hi,
  We have enabled data security for our OBIEE environment. This security is based on Organization of an user. We now want to do an analysis of Resolution Time. We want to do this using KPIs feature in 11g. Now, for the Target Value, we want the average resolution time across all the organizations in the system. That is, we want to compare this user's organization against the performance of all the organizations in the system.
  How can this be done in OBIEE 11g?
  Prat

  Best Solution for data security, file security, Outsourced data security at Seclore.
  Seclore Technology develops innovative solutions in the area of information usage control. Seclore is an Information Rights management company which recognizes the importance of intellectual property protection and has achieved industry leadership in the area of information usage control, information rights management, enterprise DRM. Seclore provides world class document rights management solutions that allow controlling the usage of confidential information, regardless of where the information is physically present or how it is distributed. Seclore offers information security solutions for data contained in Files, Folders or provided to a vendor for outsourced processes.

• Refresh System Data in Integration Directory PI 7.11

  Hey,
  I have setup a new technical system and a business system in SLD, but now I still can't find it in Integration Directory.
  I knew from the later PI Version, that there was an option to transfer SLD data to integration directory, but now I can't find it
  anymore.
  Can anybody help?
  Thanks!
  Michael

  I have setup a new technical system and a business system in SLD, but now I still can't find it in Integration Directory.
  I knew from the later PI Version, that there was an option to transfer SLD data to integration directory, but now I can't find it
  Tools (or right-click in ID) --> Assign Business System --> follow the wizard...it will assign the business system from SLD to ID

• Data security for multiple data sources

  Dear BO guru's,
  I am struggling with a brainbraker on authorizations on Universes since quite some time.
  I am not a BO guru so hopefully someone can help me with this.
  I (more or less) know the concept of data security in BO: users can be restricted on data level in (mainly) two ways:
  1) with roles in CMC and with restrictions in Universe Designer.
  OR
  2) with a DB table that contains all authorized values per user and per field (i.e. John can see data for country UK)
  The first is easy to set up, but hard to maintain.
  The second is difficult to set up, but very flexible.
  Now here is the problem...
  Supporse your BO server is connected to different source systems (i.e. an SQL server, an Oracle server...) and you want only one universe to get data from all systems at the same time and display it in one report.
  If I am not mistaken, this means we need a data federator.
  ...My questions:
  1) Is there a possibility to do this without a data federator (but still have one universe to build my report or dashboard on)?
  2) Where do I keep the table with authorizations for the users? Is that a database of the BO Enterprise server, a seperate data base, or in a table of one of the source systems (SQL, Oracle...)?
  As this questions keeps me busy since long time, I would be very grateful to have your help.
  It seems hard to find information on this.
  Thanks a lot in advance!
  UniverseDummy

  1) Is there a possibility to do this without a data federator (but still have one universe to build my report or dashboard on)?
  Apart from the Data Federator, you can either use an ETL tool to load your data into a single Datawarehouse or wait until XI 4.0
  2) Where do I keep the table with authorizations for the users? Is that a database of the BO Enterprise server, a seperate data base, or in a table of one of the source systems (SQL, Oracle...)?
  If you are going to use the Data Federator then you can create the table in one of your source systems and add it as a data source in your DF project.
  Regards,
  Stratos

• Problems with HowTo "Creation of BI Master Data in Integrated Planning...)

  Hi,
  one of our customers need a planning application in which he can create master data for different attributes, insert some key figures for this attributes and changes already planned key figured.
  For the last two point I've already found a working solution, the first point (creating of masterdata in web template) is still a problem. After a little search, I found a howto-guide "Creation of BI Master Data in Integrated Planning (IP) through Web Layouts", in which the necessary steps are described, how to do this (please see following link: http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/607193d5-cdd5-2b10-c699-8ff04c3124f6)
  Does anyone of you know this guide and was able to build a working solution?
  I have different questions, maybe you could help me:
  - what kind of variable is he using?
  - do I need a DataProvider in Web Template?
  - how do I get the connection to the used variable in the button group?
  Thanks for your help.
  Regards
  Tim

  Hi Timo,
  you require two howtos to implement the solution.
  First, please take a look at the first document:
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/10d2b273-0e12-2c10-fab3-a34bde559f92?QuickLink=index&…
  In chapter 3 you see the prerequisites (note 1101726 and notes 1384495, 1387004 and 136772). By this, you change the system behaviour, not to check if the new inserted master data is valid (it can't be valid, because the entries are new!)
  And after this please implement the solution from the how to.
  Furthermore you can take a look at this how to, which might help you too:
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/607193d5-cdd5-2b10-c699-8ff04c3124f6?QuickLink=index&…
  Even if my first post is a bit old, my customer still uses this solution, at the moment we are on 7.3 sp06, so it is working in newer releases too.
  Hope this helps.
  Regards
  Tim

• Using Data Security under Functional Developer / User Manager

  Has anyone succesfully carried out any Data Security policies in Oracle Apps. I would like to get details on this.
  Thanks in advance.

  Actually the other scripts on the http://www.petefinnigan.com/tools.htm site seem to do the trick where you can check for who has DBA and who has SELECT ANY TABLE.
  The next questions is .... what other privs should I be concerned with? Just want to make sure I am checking for all possibilities of access to a particular object.