Discoverer Security

Similar Messages

• Discoverer Security with eBusiness Suite

  Is there any document that explains how discoverer security is integrated with Oracle APPS 11i or 12i security.

  Hi,
  I am not aware of any complete document covering eBS security. You can look at John Abel's book Oracle E-Busines Suite Security which covers many aspects including some on Discoverer.
  Discoverer integration with eBS menus is covered in the Metalink notes 471303.1 and 278095.1. Connection security is covered in the Discoverer documentation (http://download.oracle.com/docs/html/B13918_03/apps.htm#i1006413).
  Different apps modules use different mechanism for data security. These are covered in various metalink notes, for example note 290291.1 covers GL security.
  Rod West

• Discoverer security limitations

  Hi all,
  Does Discoverer allow security to be implemented down to specific items? If I had a workbook and several users had access to it, would there be a way for me to define which user could drill down into which item? Also, if I had a report for sales figure per region, could I implement security so that one could only
  see the details for one's region?
  Any help in this regard would be appreciated.
  Thanks,
  Gillian

  Gillian,
  For such security requirements, you might want to define different custom folders on top of the exiting and apply security settings to them. e.g create a custom folder which contains all items required for the sales report, but put a mandatory condition of region=<one particular region> on that folder and give access to users for that region...
  Cheers
  Deepak
  Hi all,
  Does Discoverer allow security to be implemented down to specific items? If I had a workbook and several users had access to it, would there be a way for me to define which user could drill down into which item? Also, if I had a report for sales figure per region, could I implement security so that one could only
  see the details for one's region?
  Any help in this regard would be appreciated.
  Thanks,
  Gillian

• Customozing Oracle Discoverer Security

  Hi,
  Please help me in following scenario. I am having security service as web service which maintain all tokens about users. When any user from a system try to connect to disoverer it should use this token id and send to discoverer. And the Discoverer should talk to this security service using this token id. After authenticating with security service it should allow that user to view reports.
  Could you please let me know how this is possible? Can I make some customization in Discoverer so that it should talk to security web service?

  Hi,
  I am not aware of any complete document covering eBS security. You can look at John Abel's book Oracle E-Busines Suite Security which covers many aspects including some on Discoverer.
  Discoverer integration with eBS menus is covered in the Metalink notes 471303.1 and 278095.1. Connection security is covered in the Discoverer documentation (http://download.oracle.com/docs/html/B13918_03/apps.htm#i1006413).
  Different apps modules use different mechanism for data security. These are covered in various metalink notes, for example note 290291.1 covers GL security.
  Rod West

• Discoverer Security Certificate not Recognized on MS IE

  On some PCs, when entering the Discoverer web site using microsoft explorer, the first certificate window appears, but the certificate is not recognized.
  What could be the cause ?

  The exact error message is:
  An error occurred while accessing online revocation server

• Discoverer Security through Portal

  We use Portal for displaying discoverer worksheets. In portal we select the "display to user using Publishers connection". However, when users click analyze on the report it prompts them for a password. Is there any way around this. We don't want users to have there own discoverer logins. We just want them to analyze the reports we setup in portal for them to view.
  Thanks in advance on any help with this issue.

  Take a look at the steps to integrate discoverer with single sign on (SSO). Then once a user has authenticated in Portal, they will be authenticated in Discoverer too.

• EBS 11.5.10.2 + Discoverer 10g

  Hi
  I am trying to install Discoverer 10g.
  OS - HP-UX PA-RISC
  DB - 10.2.0.4
  EBS - 11.5.10.2
  Successfully installed BI Server 10.1.2.0.2 on the same machine.
  I copied tnsnames.ora file from iAS oracle_home to new discoverer oracle_home at the location.
  I copied dbc file from $FND_SECURE to new discoverer oracle home /discoverer/secure.
  Now trying to apply Patch 5983622.
  I have tried 3 times till now. I failed.
  At the end it says "OPMN Configuration Assistant" failed.
  Couldn't find anything in the logs.
  I created a new user 'disuser' to install BI Server 10.1.2.0.2
  1 more thing..it says interpreter "/usr/bin/perl" not found. We have perl 5.6.1 in */opt/perl/bin* and this is in PATH
  Regards
  SK

  Hi
  I am stuck at Step no. 6 in the Doc ID 313418.1
  sh adupdeul.sh connect=sysadmin/mash1234@MASH resp="System Administrator" gwyuid=APPLSYSPUB/PUB fndnam=APPS secgroup="Standard" topdir=/owd/MASH/mashappl/au/11.5.0/discover language=US eulprefix=EUL eultype=OLTP mode=complete iashome=/owd/bi logfile=/owd/bi/import_complete_eul.log
  You are running adupdeul, version 115.17
  Start of adupdeul session
  Date/time is Sun Jan 17 16:45:44 uae 2010
  Log file is /owd/bi/import_complete_eul.log
  Command line arguments are
  "connect=sysadmin/mash1234@MASH"
  "resp=System Administrator"
  "gwyuid=APPLSYSPUB/PUB"
  "fndnam=APPS"
  "secgroup=Standard"
  "topdir=/owd/MASH/mashappl/au/11.5.0/discover"
  "language=US"
  "eulprefix=EUL"
  "eultype=OLTP"
  "mode=complete"
  "iashome=/owd/bi"
  "logfile=/owd/bi/import_complete_eul.log"
  Processing files for US language ...
  Searching /owd/MASH/mashappl/au/11.5.0/discover/US directory for files to import ...
  adupdeul.sh[728]: /owd/MASH/mashappl/au/11.5.0/discover/tmpfile8938.lst: Cannot create the specified file.
  wc: cannot open /owd/MASH/mashappl/au/11.5.0/discover/tmpfile8938.lst
  adupdeul.sh[735]: test: Specify a parameter with this command.
  Number of files to process for US language :
  adupdeul.sh[757]: /owd/MASH/mashappl/au/11.5.0/discover/cmdfile8938.tmp: Cannot create the specified file.
  cat: Cannot open /owd/MASH/mashappl/au/11.5.0/discover/tmpfile8938.lst: No such file or directory
  Determining the character set for the import session ...
  The following encoding schemes have been found
  sort: Cannot open /owd/MASH/mashappl/au/11.5.0/discover/cset8938.tmp
  ERROR: adupdeul - unknow encoding unknown
  adupdeul is exiting with status 1
  End of adupdeul session
  Kindly help.
  Regards
  SK

• Security Issues with workbook

  Hello All,
  When I log into discoverer with some responsiblity "a" i am able to see the output of the particular workbook.
  But when the same work book ran by other user with differnet responsbility "b" and with with same parameters , he is geting the message as "'The query caused no data to be returned" .
  There seems to be some security issues. Can any one kindly explain the process why the user is not able to view the output. In order to overcome this what are the actions i need to do.
  Thanks for your support.
  Best Regards,
  Kumar.

  Hi,
  I assume that you are using Oracle Applications and that the user is connecting with a different apps responsibility.
  In Discoverer, security can be applied at 4 levels; in the workbook, in the EUL, in views and using VPD. Application 11i security is mostly applied through views.
  Now, the security applied depends on the Apps module. GL, AP/AR, PO and FA all have different mechanisms for applying security. Mostly the security applied will be determined by security profiles set up for the responsibilities. But for example, GL, also uses row based (procedural) security based on the flexfield security rules in some of the GL views. If you are using a custom responsibility you will need to ensure that all the security profiles are set up for this responsibility.
  So your first step is to look at what view(s) are used in the report. Then determine which security profiles are checked by this view. So if it is a GL view you need to check the 'GL Set of Books Name' profile is defined for that responsibility.
  Without knowing which modules you are using, which version of Oracle Applications or whether you have custom or seeded responsibilities it is difficult to know why your report does not return data for the responsibility.
  Rod West

• Using Discoverer with 4i

  Hi All,
  I want to use the discoverer which comes along with the E-Business suite 11i. Can you suggest how can i configure the discoverer client.
  Thanks,
  Prashanth.

  Before install, assure you have an Oracle client installed
  Install:
  1) Download "Oracle Business Intelligence Tools 10g (10.1.2.0.2) for Microsoft Windows" from here
  2) Execute setup.exe
  3) Remember the %ORACLE_HOME% used (ussually C:\oracle\BIToolsHome_1)
  Configuration:
  1) Databases must appear in the %TNS_ADMIN%\tnsnames.ora
  If you are trying to connect through an Applications database, also:
  2) Create a directory secure under %ORACLE_HOME%\discoverer
  3) Copy there the .dbc files of each Applications environment
  4) Define a system environment variable FND_SECURE=%ORACLE_HOME%\discoverer\secure
  5) Add to the regedit, in HKEY_CURRENT_USER\Software\Oracle\Discoverer 10\Database, the following entries:
  a) EnableTriggers, type DWORD, value 1
  b) DefaultPreserveDisplayPropertyForRefresh, type DWORD, value 1
  6) Open Discoverer Administrator, go to Tools -> Options, and check "both" in the connect options
  7) Set the values of GWYUID and FNDNAM for Applications. These values are in the .dbc files, but ussually are: GWYUID=APPLSYSPUB/PUB and FNDNAM=APPS
  Helpfull?
  Alfonso

• Discovere acess problem in data base 10g

  create user for discovere Data base access for one user.Now he is facing log in problem it shows
  A connection error has occurred.
  - Failed to connect to database - ORA-12154: TNS:could not resolve the connect identifier specified
  can anybody please help me.
  Thanks,
  Dave

  1.On client machine intall discoverer desktop
  2.copy the tnsname.ora file in %BI_HOME%/network/admin Directory
  3.copy the applicaitons .dbc file in %BI_HOME%/discoverer/secure directory. If the directory doesn't exist then create it.
  4.Create an evironment parameter FND_SECURE with value pointing to the %BI_HOME%/discoverer/secure path.
  5.In discoverer desktop change connection options to Oracle applciations and then provide username/password/sid and check the Oracle applications checkbox and connect to database.
  Sami Malik
  [email protected]

• Disco Viewer/+/Admin/Desktop errors out with Invalid Username and Password

  Hi All,
  We have set up a demo environment at work to upgrade to R12 with Vision database. Discoverer Admin is patched to this level: 10.1.2.2 (Path#4960210) with EBS patch 5985072. The iAS on linux box which is running Discoverer server is patched with same 10.1.2.2 as well. So client and server are at the same level. I followed Note 373634.1 - Using Discoverer 10.1.2 with Oracle E-Business Suite Release 12 to integrate Discoverer 10.1.2 with E-Business Suite Release 12 and copied over vis.dbc file to the client (C:\oracle\BIToolHome_01\secure) and also copied the same file to $BI_ORACLE_HOME/discoverer/secure folders. So far so good. I can connect to disco plus/admin/desktop using sysadmin or any other users shipped out of box with R12 VIS instance. A default apps EUL_US exist with some business area and workbooks. I can run them without any issues.
  My problem is any FND users that I create cannot login via Plus/desktop/admin. I get the error username/password is invalid. I can login with this newly created user to apps no problem. I can see this user in discoverer when logged in as SYSADMIN and I granted all the privileges(admin as well) necessary. Also, any user shipped in VIS instance if updated (password changed or responsibility added) stops working and throws the same error.
  What could be going wrong ?
  I did look at this thread and have done all that is suggested by Michael and Rod west.
  Discoverer Plus Login Failed
  Thanks
  Bismi

  Hi,
  Check whether there are any signon system profile options set. For example, case sensitive passwords set in the system profiles can cause a problem because Discoverer does not support them.
  Also try doing a connection trace on Discoverer Desktop to see how far the connection attempt progresses. Follow Metalink Note 329898.1 for instructions.
  Rod West

• 10g Admin/Desktop error :could not locate or parse the .dbc file error

  Hi there,
  can any one help me how to fix this error i get this while connecting to Discoverer Admin/Desktop edition 10g ver 10.1.2
  Unable to connect to: username@crp2
  Failed to connect to database - could not locate or parse the .dbc file
  c:\oracle\BIToolsHome_1\discoverer\secure\us-oracle3.dbc corresponding to the given Oracle Applications instance
  i had created the system environment variable FND_SECURE and i've placed the .dbc files in the folder (C:\oracle\BIToolsHome_1\discoverer\secure)
  but, i still get error
  Thanks,
  Max

  Hi Russ
  Here's some additional info from my own library:
  1. Set or check the following registry settings on your Admin PC:
  HKEY_CURRENT_USER\Software\Oracle\Discoverer 10\Database\EnableTriggers should be DWORD with a value of 1
  HKEY_CURRENT_USER\Software\Oracle\Discoverer 10\Database\DefaultPreserveDisplayPropertyForRefresh should be a DWORD with a value of 1
  2. You need to create for yourself a folder called SECURE under your ORACLE folder:
  e.g. mkdir c:\oracle\secure
  3. Copy the DBC File from the E-Business Suite database and place it in the secure directory. It will be located in the TOP directory in the database.
  4. Create a Windows System Variable FND_SECURE with the value as in step 2 above: e.g. c:\oracle\secure
  5. Update your %ORACLE_HOME%/network/admin/tnsnames.ora to include an entry for the E-Business Suite database. The database name must match the two_task entry in the dbc file.
  6. You may have to rename the dbc file so that it matches the name by which you are referring to that database in your TNS Names file
  Does this help?
  Best wishes
  Michael

• Unable to Connect to: sysadmin@ my_Database

  Hello all,
  I am new to Oracle and for the past several days I have been trying to login to an Oracle apps database (11.5.10) through Discover desktop. I get the following error when trying to login as an application user
  Unable to Connect to: sysadmin@<my_Database>
  Failed to connect to database - Unable to connect to Oracle Applications database: invalid username/password.
  I successfully installed Discoverer Administrator and Desktop clients (9.0.4). I also was able to login to Discoverer Administrator and successfully created an EUL with the "grant access to public" and "New EUL is for use by Oracle Applications users ONLY" options selected. I added a simple business area and granted the appropriate Security and Privileges to SYSADMIN.
  I have looked all over and havent found anything that has helped.
  Thank in advance
  Maro

  Hi Russ
  Actually, in Discoverer 10.1.2 this setting is only required for Desktop and only if Apps is running in secure mode, HTTPS, which is quite common. For the web versions, Plus and Viewer, this setting is picked up from the OPMN.XML file which is located here:
  On UNIX: <ORACLE_HOME>/opmn/conf/opmn.xml
  On Windows: <ORACLE_HOME>\opmn\conf\opmn.xml
  By default, in OPMN.XML there should be a setting called FND_SECURE which should point to the folder referred to by Magesh:
  "C:\oracle\BIToolsHome_1\discoverer\secure"
  In fact the line should look like this:
  <variable id="FND_SECURE" value="C:\oracle\BIToolsHome_1\discoverer\secure"/>
  where the $ORACLE_HOME for where the Discoverer server is installed being embedded like this: C:\oracle\BIToolsHome_1
  However, we still have to make sure that the secure files, those ending in DBC, are in fact located here. As Mugesh points out these can be found on the E-Business Suite server here:
  $FND_TOP/secure
  Discoverer will first attempt to find a secure DBC file with the filename <database name>.dbc. If not found, Discoverer will then attempt to use a file with the filename <host name>_<SID>.dbc.
  By the way, if there is nothing defined for FND_SECURE, Discoverer will attempt to use the value specified by FND_TOP, which is the setting used by previous versions of Discoverer. In those installs, the DBS files would be located in the $ORACLE_HOME\Discoverer folder itself, not in a separate folder called secure.
  By the way, the service name in tnsnames.ora and dbc file name should be same <service name>.dbc
  You might find this link to be of use:
  http://download-east.oracle.com/docs/cd/B14099_19/bi.1012/b13918/con_files.htm
  Best wishes
  Michael

• How to implement row-level security in Discoverer?

  Dear all,
  I have a scenario that I have 2 folders containing sales and inventory data stored by product lines.
  The 2 folders are constructed by 2 SQL statements.
  There exists a set of tables controlling which product line's sales and inventory data a person can read.
  A function is written previously that returns the WHERE clause based on user_id, employee_id and the other parameter.
  So, can you suggest how to integrate the 2 components in Discoverer?
  thanks
  George
  My blog: http://hktour.blogspot.com

  hi Rod,
  Thanks for your suggestions.
  I took your 1st option, ie.
  "You can use VPD at the database level to secure the tables."
  I have a view BUDGET_V with the following columns:
  PERIOD_YEAR
  PERIOD_MONTH
  PRODUCT_LINE
  BUDGET_AMOUNT
  Every salesman can only read the budget amount of certain product lines.
  I built the security function which will be binded to the view BUDGET_V (see below)
  FUNCTION security_policy_function( p_schema in varchar2, p_object in varchar2)
  return varchar2
  as
  begin
  if (user = p_schema) then
  return '';
  else
  return viewProductLine(FND_GLOBAL.USER_ID, FND_GLOBAL.EMPLOYEE_ID, 'BUDGET_V.PRODUCT_LINE');
  end if;
  end;
  The security function actually calls my own security function viewProductLine(FND_GLOBAL.USER_ID, FND_GLOBAL.EMPLOYEE_ID, 'BUDGET_V.PRODUCT_LINE') which take the user id and employee id of the apps user and returns the predicate.
  Then, I bind the security function security_policy_function() to the view BUDGET_V with
  begin
  dbms_rls.add_policy
  object_schema => 'APPS',
  object_name => 'BUDGET_V',
  policy_name => 'MY_POLICY',
  function_schema => 'APPS',
  policy_function => 'security_policy_function',
  statement_types => 'select',
  update_check => FALSE,
  enable => TRUE
  end;
  The problem now is that if I query the view in Discoverer as a Apps user (say "A"), it returns all the records in the view without any filtering (user "A" is supposed be able to read certain product lines).
  I try to verify whether the security function work or not. So, I hardcoded FND_GLOBAL.USER_ID and FND_GLOBAL.EMPLOYEE_ID as 1234 and 6789 which are the user_id and employee_id of user "A". (see below)
  FUNCTION security_policy_function( p_schema in varchar2, p_object in varchar2)
  return varchar2
  as
  begin
  if (user = p_schema) then
  return '';
  else
  return viewProductLine(1234, 6789, 'BUDGET_V.PRODUCT_LINE');
  end if;
  end;
  This time, Discoverer returns only the records with product lines visible to user "A".
  So, I guess there is problem in the function call in viewProductLine(FND_GLOBAL.USER_ID, FND_GLOBAL.EMPLOYEE_ID, 'BUDGET_V.PRODUCT_LINE');
  Can you give me some light on this issue?
  thanks
  George (HK)
  My blog at http://hktour.blogspot.com

• Discoverer 3.1 & Applications 11i Security

  I'm currently using Discoverer 3.1 in applications modewith 11i.
  I was under the impression that using an Applications username/responsibilty to log on would only allow the user to access the same data they could access in Applications. i.e The Applications security would be applied within Discoverer.
  I've since been told that this is not the case. Users will have access to ALL data within any tables they have permission to see within the business area.
  However I have also been told that the applications security may work if I base the business area on the apps views that already have the security built into them. I've tried attaching some of the apps views and the results seems to be the same as for the tables i.e users can see all the data within the view.
  Has anyone managed to build folders in Discoverer that inherit the security from applications? Or is it just a case of manually replicating all the apps security again in Discoverer?
  null

  James
  I had similar problems and the solution I found is..
  If you are trying to use the Hierarchy Security in HRMS then you should build your Business Area on views. Do not use the tables to retrieve the data. The HRFV_ , HRV_, views have the security built into them.
  If you are trying to apply the Flexfield Security rules to apply to discoverer then the business area should be created using the GLFG_ views. These views can be created from Oracle Applications using the "Business Views Setup" responsibility.
  You cannot look at the data in the above GL views if you are using SQL*PLUS or Toad. You need to launch discoverer user edition with the GL Responsibility to look at the data. Also make sure that the name of icon is "Dis31usr" if not it will not work.
  I have tested the above and they work fine.