BPC_MS ver 10 security integration with BusinessObjects BIP

We have a client that has both BPC for MS ver 10 and BIP 4.1. They want to use the BIP tools such as Web Intelligence to report against the BPC data. They also only want the user running the report to see the data they are allowed to see based on the data access profiles in BPC. How can this be done without maintaining security in both BPC and BIP separately?

Hi Francois & José Jaimes,
BPC for MS is not integrated in Netweaver platform that's why you didn't find any documentation about real estate.
There aren't relations just with BI you can use Xcelsius dashboard or ODBC to read the cubes but I don't think you will found the files to connect with RE (for BI connections see please 1731626 - Data source connectivity options between BusinessObjects BI tools and BPC).
If you need to insert data in BPC from RE you need to export this data in a flat file and after to Import in BPC through the standard import package using transformation and conversion files, to transfer data from BPC to RE use the standard export package.
Regards
     Roberto

Similar Messages

  • EBS Security Integration with BI Publisher

    Hi All,
    I have few questions regarding integration of EBS Security with BIP. I went through the following document Oracle Fusion Middleware Administrator's Guide for Oracle Business Intelligence Publisher.
    and have following questions.
    -- Upon on logging on into BIP after integration with EBS should I assign the three roles of BI i.e. BI Administrator, BI Author and BI Conusmer to all EBS roles for catalog permission set up.
    Below is my requirement. EBS user logging into BIP
    a) Set of Users should have to build reports , publish on dashboard etc.
    b)Set of users need only view reports i.e. read only.
    c) One User should have Admin privileges.
    How do I associated above with EBS roles. Should I assign BI roles to EBS roles in EM and give catalog permissions? Any thoughts will be really appreciated.
    Thanks
    SYK

    have you got a response for this? We are having the same issue after following everything as well.

  • Oracle ADF security integration with Oracle E-Business Suite SDK JAAS

    I have an Oracle ADF 11.1.2.2 application that is using ADF security for authentication and authorization.
    When we deploy this application to our JDeveloper integrated weblogic server, we utilize the security setting of "Custom" and use weblogic users and roles to map to the ADF application roles. In that environment our security is working properly.
    I have a Weblogic 10.3.5 standalone server that has the ADF runtime installed as well as the Oracle E-Business Suite SDK JAAS implementation installed.
    When I deploy the Oracle ADF application to the standalone weblogic server, I am directed to the JAAS login page when I attempt to access any JSF page (including those that I have granted View access through the anonymous-role. Does the Oracle ADF anonymous-role work (allow for anonymous page access) when JAAS security is handled by the Oracle E-Business Suite SDK JAAS implementation?
    Per the SDK instructions, when we install the Oracle ADF deployment on Weblogic we have selected "DD only" for our security setting. We have defined enterprise roles in the Oracle ADF security setup (jazn-data.xml) that are assigned the appropriate application roles. Those enterprise roles have the same name (i.e. UMX|YOURROLE) as the E-Business Suite roles that are assigned to our test users. When we login with an E-Business Suite user / password we are receiving an error:
    Error 401--Unauthorized
    From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
    10.4.2 401 Unauthorized
    Any thoughts on why that would be?
    Thanks
    Dan

    Thanks Juan.
    With the debugging options enabled it appears the issue is not an issue with the user / role credentials - it seems like the resource grants from jazn-data.xml are not being reviewed in my standalone weblogic instance EAR deployment:
    [JpsAuth] Check Permission
    PolicyContext: [TestApp]
    Resource/Target: [untitled1PageDef]
    Action: [view]
    Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
    Result: [FAILED]
    Evaluator: [ACC]
    Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
    CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
    Principals=total 2 of principals(
    1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
    2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
    When I access the same page from my integrated weblogic server I see:
    [JpsAuth] Check Permission
    PolicyContext: [TestApp]
    Resource/Target: [untitled1PageDef]
    Action: [view]
    Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
    Result: [FAILED]
    Evaluator: [ACC]
    Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
    CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
    Principals=total 2 of principals(
    1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
    2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
    When I review my EAR - I do see jazn-data.xml at:
    /META-INF/jazn-data.xml
    I will review the system-jazn-data.xml to see if the policy information has been migrated properly as part of the EAR deployment.
    Thanks.
    -Dan

  • OBIA 7.9.6.3 security integration with EBS R12.1.2

    Hi Experts,
    We are implementing OBI Apps 7.9.6.3 with EBS R12.1.2 as source.We need to integrate Active Directory with OBIEE and implement security of BI Apps with EBS R12.1.2. Need help on this.
    How to map EBS Responsibilities into Application Role and Groups? Whether we need to create one Application Role and Group for each responsibility ? Then provide permissions in rpd for each of them? The user should have similar permission in BI as they have in EBS - like people can see only US Finance data in EBS should see only US Finance data in BI also.
    Regards,
    mvsst

    You can go through obia security guide which explains step by step procedure with screenshot on how to implement ebs authentication and role based access.
    here is the link.
    http://docs.oracle.com/cd/E21043_01/bi.1111/e16364/ebs_actions.htm
    Regards,
    RAM
    Edited by: RAM CH on May 20, 2012 1:34 PM

  • ADF Security integration with Web Logic Security using SQL authenticator

    Hi,
    I was trying to find a suitable way of handling the following requirements:
    1. Administrators should be able to create the roles, groups, users and assign users to roles.
    2. User, Roles, Groups should be stored in DB and Users need to be authenticated accordingly.
    3. I need to be able to map roles with security permissions on Taskflows, JSF Pages, on UI level using groovy expressions and even at Entities level.
    I performed the following tasks:
    1. I created back end Security tables, created SQL authenticator as provider and defined the queries in it then I created ADF Application and used JMX APIs to call the SQL authenticator to perform its operations.
    2. I defined the roles and respective resource permissions in ADF i.e. Jazn xml file because my requirement no 3 would not be achievable without using ADF security.
    Now in this scenario how I can login a user in ADF context and assign roles programmatically that I authenticated from JMX APIs? Or is there any other suitable way to handle these requirements?
    Thanks.
    -Moeen

    Hi Charu,
    Thanks for your reply.
    Can we programmatically add a user in adfsecuritycontext as a currently logged in user, a user which is not present in jazn.xml file? If yes then can we programmatically assign the roles which are defined in jazn.xml to that specific user?
    Moeen

  • Problem about BIEE Integration with LDAP

    Hello,
    I have a problem in OBIEE11.1.1.6
    I do BI EE 11g Security Integration with OPENLDAP follow below link,
    http://www.rittmanmead.com/2010/11/oracle-bi-ee-11g-security-integration-with-microsoft-active-directory/
    It works well using user that store in OPENLDAP ,
    now I want to realize this function,
    that user roles store in external db table,then get roles by init block,
    but I faced a problem, If I use session system variable 'WEBGROUPS' to get some value in db,when user login BIEE,it can get values of 'WEBGROUPS'
    but If I use session system variable 'ROLES' ,when user login BIEE,it can't get values of 'ROLES' that store in db,
    the value will always show 'BIConsume;Authenticated User',It is default value in OBIEE11.1.1.6,
    so I doubt way I can't user variable 'ROLES' to get value???
    init block lik follow,
    SQL: select T.att1,T.att2 FROM USER_ACCESS T
    T.att1 is for variable 'WEBGROUPS'
    T.att2 is for variable 'ROLES'
    the value of 'WEBGROUPS' is correct.
    but 'ROLES' not got the values that stored in db.
    anyone know???
    thank you in advance!

    VITAS wrote:
    that user roles store in external db table,then get roles by init block,
    but I faced a problem, If I use session system variable 'WEBGROUPS' to get some value in db,when user login BIEE,it can get values of 'WEBGROUPS'
    but If I use session system variable 'ROLES' ,when user login BIEE,it can't get values of 'ROLES' that store in db,
    the value will always show 'BIConsume;Authenticated User',It is default value in OBIEE11.1.1.6,
    so I doubt way I can't user variable 'ROLES' to get value???
    init block lik follow,
    Go to Enterprise Manager and create the ROLES named the same as the one you named in DB values. Now you should see them magically appear when you click on My account > Roles and Catalog Groups. :)
    SQL: select T.att1,T.att2 FROM USER_ACCESS T
    T.att1 is for variable 'WEBGROUPS'
    T.att2 is for variable 'ROLES'
    the value of 'WEBGROUPS' is correct.
    but 'ROLES' not got the values that stored in db.Hope you did you enable Row Wise Init here ?
    Let us know. Mark if helps.!
    Thanks,
    SVS

  • OBIEE Installation doc's and integration with EBS 12.0.6.

    HI,
    I had installed OAS 10g with OSS and OID and integration with EBS R12.0.6.
    Now I want to install OBIEE(On Linux) and wants to iuntegrate with SSO.
    Please provide me the Master Doc for this and anyother private doc also if any.
    thx

    Hi,
    Check this might be helpful... http://gerardnico.com/wiki/dat/obiee/linux_installation
    http://onlineappsdba.com/index.php/2007/10/29/biee-installation-on-linux-business-intelligence-enterprise-edition/
    To integrate with EBS check these.....http://it.toolbox.com/blogs/eye-on-obi/oracle-bi-applications-obiee-security-integration-with-oracle-ebusiness-suite-17246
    http://obibb.wordpress.com/2010/07/30/integrating-oracle-ebs-and-oracle-bi-ee-part-i/
    Thanks,
    Srikanth

  • User authentication when OBIEE is integrated with EBS

    Hello guys
    I have a conceptual question about how OBIEE authentication is performed in an integrated environment with EBS? If the goal is to have users access to OBIEE based on their roles given in EBS, what kind of authentication is it needed for such implementation?
    Do I import users and group from EBS database or LDAP server (if its available)? what kind of session variable and ini block is created if I want to do data level secuirty based on user groups?
    Please give some basic idea and guidelines on topic
    Thank you very much

    hi,
    the final solution must face and fill your needs....
    Bi suite has 3 ways of making-having user-groups...
    1.manual
    2.ldap
    3.from external database
    If the goal is to have users access to OBIEE based on their roles given in EBS, what kind of authentication is it needed for such implementation?
    -->match the roles from EBS to your liked in OBIEE
    check and this,
    http://it.toolbox.com/blogs/eye-on-obi/oracle-bi-applications-obiee-security-integration-with-oracle-ebusiness-suite-17246
    hope i helped....
    http://greekoraclebi.blogspot.com/
    ///////////////////////////////////////

  • Do we have OBIEE integrated with EBS

    Hi Experts,
    Do we have OBIEE integrated with EBS or we have to do it manullly..do we have any docs.
    Please suggest..
    S

    Hi,
    Never i have done this but i can show you the path.
    [http://it.toolbox.com/blogs/eye-on-obi/oracle-bi-applications-obiee-security-integration-with-oracle-ebusiness-suite-17246]
    OBIEE Integration  with EBS 11.5.10 or R12 Apps
    By,
    Kranthi.

  • Get error while Integrating with Oracle's Enterprise User Security

    Hi,
    I am trying to create an Oracle Enterprise User integrating with OVD and MS Active Directory.
    I am following all the steps in Integrating with Oracle's Enterprise User Security.
    In the documentation section: "Configuring Oracle Virtual Directory for the Integration"
    I have applied the steps successfully until:
    Update and load the entries into the Local Store Adapters by performing the following steps:
    I have successfully extended the Oracle Virtual Directory schema with the loadOVD.ldif
    However I am getting errors in the next step: Update realmRoot.ldif to use your namespaces
    The next step states the following:
    Update realmRoot.ldif to use your namespaces, including the dn, dc, o, orclsubscriberfullname,
    and memberurl attributes in the file. If you have a DN mapping between Active Directory and
    Oracle Virtual Directory, use the DN that you see from Oracle Virtual Directory.
    The realmRoot.ldif file is located in ORACLE_VIRTUAL_DIRECTORY_HOME/eus,
    where ORACLE_VIRTUAL_DIRECTORY_HOME represents the location where Oracle Virtual Directory is installed.
    The realmRoot.ldif file contains core entries in the directory namespace that Enterprise User Security queries. The realmRoot.ldif file also contains the dynamic group that contains the registered Enterprise User Security databases to allow secured access to sensitive Enterprise User Security related attributes, like the user's Enterprise User Security hashed password attribute.
    Load your domain root information in the realmRoot.ldif file into Oracle Virtual Directory using the following command:
    ldapmodify -h Oracle_Virtual_Directory_Host –p OVD_Port -D cn=admin -w Admin_Password -v -a –f realmRoot.ldif
    When I run the ldapmodify command I get the following error:
    add dc:
    testldap
    add objectclass:
    top
    domain
    domainDNS
    adding new entry DC=testldap,DC=local
    ldap_add: Operations error
    ldap_add: additional info: LDAP Error 1 : null
    The actual realmRoot.ldif looks like this:
    # Please uncomment the following one line if you are importing this
    # LDIF file via OVD Manager or OVD Server's ldapmodify tool.
    #version: 1
    #dn: dc=com
    #dc: com
    #objectclass: domain
    dn: DC=testldap,DC=local
    changetype: add
    dc: testldap
    #o: subarashii
    objectclass: top
    objectclass: domain
    objectclass: domainDNS
    #objectclass: orclSubscriber
    #orclsubscriberfullname: subarashii
    #orclVersion: 90400
    # If your domain structure has more layers than dc=subarashii,dc=com,
    # for example, it's dc=us,dc=subarashii,dc=com, you will need to load
    # the following ldif entry/entries too.
    # Uncomment out the following, if required.
    #dn: dc=us,dc=subarashii,dc=com
    #orclversion: 90400
    #orclsubscriberfullname: us
    #objectclass: domain
    #objectclass: top
    #objectclass: orclSubscriber
    #dc: us
    # Adding EUSDBGroup entry
    # Modify the memberurl attribute and replace it with your own domain name
    #dn: cn=EUSDBGROUP,dc=subarashii,dc=com
    #cn: EUSDBGROUP
    #memberurl:ldap:///dc=subarashii,dc=com??sub?(&(objectclass=orclService)(objectclass=orclDBServer))
    #objectclass:groupofuniquenames
    #objectclass:groupofurls
    #objectclass:top

    Did you ever get your questions answered about the realmRoot.ldif file? Did you manage to configure a successful integration of OVD with EUS? I am battling with trying to get Oracle Virtual Directory integrated with Enterprise User Security, but every step I take in Chapter 7 of the OVD manual fails in some way, and the instructions are often vague. I am not sure how to modify the realmRoot.ldif file. Is there any improved documentation on this? I have logged a Service Request, but not getting any help. Any resources or documentation you know of that provides better guidance would be much appreciated. I am way behind my schedule now and this is a very frustrating exercise.
    Thanks.

  • Oracle Secure Enterprise Search integration with Hadoop

    Hello Guys,
    I am currently exploring Oracle SES for performing search across all enterprise information assets. One of my asset is a Hadoop system holding a huge dump of data.
    Does SES have out of box integration with Hadoop (hdfs) or is there any specific connector available that can be used to make the connection and search data.
    I am new to Oracle SES, appreciate if someone could answer this question.
    Thanks,
    Sooraj

    It can be done but it's not easy.
    Federation is done through the Web Services API. To create a custom federation to a non-SES endpoint, you have to replicate most of the Web Services API. You can choose to do it selectively, for example you can choose to implement doOracleSearch but not doOracleAdvancedSearch or doOracleBrowseSearch (names from memory - could be wrong) which would give you the basic search capability but no advanced search or browse against the federated source.
    Then you've got the problem of merging results. When all federated sources are SES based, it's easy to merge them. You know that a document which scores 63 fron one source is more accurate than one that scores 62 from another, and so should appear higher in the hitlist. But if one of those sources is - say - Bling, then how do you that 63 as a score from Bling is comparable to 63 as a score from SES? They're probably not comparable.
    These are the reasons that mention of federation to external sources was removed from the 10.1.8.4 documentation, it was felt that it just wasn't practical for most users.
    A rather better alternative is to use the Suggested Content feature. This is MUCH easier to configure, and doesn't attempt to merge the results. From a user's point of view this may be less desirable than a merged result set, but given that any such merge probably won't work well, it's really better all round.

  • Is BOE 4.0 integrated with Data Services XI 4.0

    Hi,
    I have gone through some blogs and documentation on Data Services XI 4.0 and some where it is mentioned that BOE 4.0 is integrated with Data Services XI 4.0. Is it true? If it is true then i want to know how can we integrate BOE 3.1 SP2 with data services XI 4.0 because right now we are using BOE 3.1 SP2, BW 7.01 and want to install Data Services XI 4.0 unless there is no compatibility issue between them.
    I need this information immediately because we have to install data services if its compatible with BOE 3.1 SP2 and BW 7.01.

    Hi Aditya,
    From the XI 4.0 Data Services Upgrade Manual:
    2.1 Major changes in Data Services XI 4.0
    Unlike previous releases of Data Services and Data Integrator, SAP BusinessObjects Data Services
    XI 4.0 introduces central user management, which relies on SAP BusinessObjects Enterprise. Users
    are authenticated against the SAP BusinessObjects Enterprise security, and repositories are registered
    in SAP BusinessObjects Enterprise.
    You can use either an existing SAP BusinessObjects Enterprise XI 4.0 installation to manage Data
    Services users and repositories, or SAP BusinessObjects Information platform services, which is availabe
    to all Data Services customers and contains the required SAP BusinessObjects Enterprise services for
    user management.
    For information about installing SAP BusinessObjects Information platform services, see the SAP
    BusinessObjects Data Services Installation Guide.
    So it sounds like you can't use an exisiting BOE XI 3.1 CMC, but would need to upgrade it to XI 4.0 or use the SAP BusinessObjects Information platform services, which is included with XI 4.0 Data Services.

  • Bi Publisher integration with SSO when users are in separate containers

    Hi,
    We have bi publisher 10.1.3.4 installed and setup to run with oas 10.1.3.3. Bi publisher as such works fine.
    We need to get it integrated with sso and for that we have followed the steps in the bipub admin&ddeveloper guide, security model section:
    http://download.oracle.com/docs/cd/E12844_01/doc/bip.1013/e12188/T421739T475591.htm#T434695
    In our oid users are devided to 3 containers:
    l=emea,dc=oracle,dc=com
    l=amer,dc=oracle,dc=com
    l=apac,dc=oracle,dc=com
    If the "Distinguished Name for Users" in bi security configuration it set to e.g.
    l=emea,dc=oracle,dc=com
    and the admin user is created in the same container l=emea then login works fine for all users in l=emea container. They can login fine and they have the privileges defined in XMLP groups.
    However this means any user in l=apac or l=amer container cannot login.
    I've therefore created new admin user cn=bipadmin,dc=oracle,dc=com and change the user search base to be dc=oracle,dc=com. Now as the admin bipadmin user I can login fine and have the privileges as defined in XMLP groups.
    Actual end users are in the l=emea, l=amer,l=apac containers and with the end users I can still login but the privileges are missing. So e.g. I can login as cn=xx.yy,l=emea,dc=oracle,dc=com or cn=aa.bb,l=amer,dc=oracle,dc=com but even though I've granted those users admin privileges the admin tab is not visible.
    Distinguished name for groups has not changed. It has been the same all the time and the XMLP groups exists there:
    cn=cappbb,cn=aitsys,cn=Groups,dc=oracle,dc=com.
    But it seems if User search base is changed to higher level than where the users actually are the privileges are no longer found.
    Is Bi Publisher supposed to search for users only from the container which is defined in the "Distinguished Name for Users" (in this case dc=oracle,dc=com) or is bi publisher supposed to search the users from all the subgroups also under the "Distinguished Name for Users" path?
    If anyone has hit the same issue and has fond resolution please let me know.
    Thanks!
    Nina

    Hi Nina,
    User privileges will work fine even though the user search base is pointing at the higher level...
    In my application I have defined the User search base as,
    Distinguished Name for Users : O=ABC
    And my users are under, 1. ABC---> Users ---> US ---> and 2. ABC ---> Vendors...
    All users could you able to login along with their privileges...
    But in your case, i would want you to recheck,the users group/role mapping...
    Also check, if not admin role could you able to atleast import other groups/roles mapped to the user when you login...
    I mean any functional roles (other than XMLP*) mapped to the users are imported...
    thanks..
    regards,
    dmaze

  • Siebel new LDAP adapter integration with BI Publisher

    Hi All!!
    We have configured our Siebel (8.1.1.3) security adapter with LDAP. BI Publisher is using Siebel security model.
    We had to clone our AOM (fins_esn which is using the security adapter LDAP) to finsxx_esn because we are migrating the AD 2000 to 2008 (we are also changing the domain). The roll out will last 2 month, users will be migrated by branch, it wont be a big bang.
    We have to generate a new LDAP security adapter to authenticate users who are logging to finsxx_esn to the AD 2008 (AD 2008 is on a diferent domain than AD 2000. This is working for application autehtication, no problems found here)
    On a standalone environment report generation is working. But for a distributed environment (1 AOM, 1 NAOM, 1 Web Server) is not working.
    Does anyone knows how to integrate to BI Publisher when you have two LDAP security adapters on Siebel Application? Or is there any authentication method to use instead of "Siebel Security" so as to achieve this?
    Regards

    We actually ran into a similar problem where I work. I created a support web ticket for our issue and the response is that BIP 11G is not supported for integration with Siebel 8.1, or any other version for that matter. Oracle is currently working on a fix to integrated the latest version of Siebel with BIP.
    There advice to me was to downgrade to BIP 10G for the time being.

  • BI Publisher Performance integrated with OBIEE 11g

    Has anyone seen issues around the performance of rendering the BI Publisher frame when it is integrated with an OBIEE dashboard (11g)?
    If I create a simple BI Publisher off a simple data model (Select 1 from dual). I open the BIP report within the BI Publisher environment (XmlpServer) and it opens in seconds.
    When I open this same report within the OBIEE Web Catalog or place it on a dashboard page I have seen it take upwards of 40-50 seconds to render the frame then the report. The time seems to me more around rendering the frame.
    Usually when you initiate your first session you see the longest rendering time, subsequent runs of the report are lower but still higher then the few seconds it takes in the BIP environment.
    Has anyone else seen this issue, we opened a ticket with Oracle and it seems they are leaning toward creating a BUG around this. Just wanted to see what others were experiencing and if they identified the source of the issue. Thanks.

    Hi Dustin,
    The FMW security model in BI Publisher means it is integrated into OBIEE - I believe it's the default. If you're using authenticating and authorising via weblogic then I can't think of a good reason to use BI Server authentication in publisher, you should be using FMW security.
    In answer to your question tThere was no bug raised. The work around for us was using document 1338007.1. In your case that doesn't seem necessary since you're using OVD already.
    Edit - should just add that if your OVD authentication is set up in the repository then you need to shift that to the weblogic server security model and remove any authentication logic from the repository. After that the FMW security model for publisher should work.
    http://download.oracle.com/docs/cd/E21764_01/bi.1111/e10543/privileges.htm
    Regards,
    Robert
    Edited by: Robert Tooker on Nov 3, 2011 2:07 AM

Maybe you are looking for