OBIEE BI-APPS Security
Hi,
I want to implement secuirty in OBIEE BI-APPS. If some one create reports which they don't want to share with others. I want to integrate with SSO , is there any other product available apart from Oracle Single signone?
Thanks
Business Intelligence Applications
Similar Messages
-
OBIEE BI Apps data level security involving multiple PeopleSoft Segments
Has anyone implemented OBIEE BI Apps data level security involving multiple PeopleSoft Segments and can provide some tips?
Our PeopleSoft security grants access by 2 segment combinations:
All Segment 3 (Department) and any Segment 6 (Project)
Specific Segment 6
Specific combinations of Segment 3 and Segment 6
In addition, there is a flag to indicate if the user also has access to payroll data. Payroll access is a subset of the general finance access.
We've got a security init blocks running successfully for general finance and payroll access. We've created Data filters on the Segments for general finance access and GL Account for payroll access. We designed dashboards to use Dept and Project from the Segments on the general finance dashboards and pull Dept and Project from GL Account for the payroll dashboards.
The problem is both data filters are being applied to the general finance dashboards since the joins behind the scenes on the general finance dashboards use GL Account.
Does anyone have a suggestion?Business Intelligence Applications
-
In OBIEE mobile apps designer there is no option for multi select prompts?The navigation page gives option only for single select?Is there a work around for this?
Nic, for me the iTunes window looks like this, when I connect my iPad 3:
I select the iPad in the "devices" section of the Sidebar (use: "View > Show Sidebar" if the sidebar is hidden).
Click the "Apps" tab in the "Devices" pane.
Scroll all the way down in the Devices pane to "File Sharing" "Apps" section.
Then do I click "GarageBand" to select the documents in the right panel.
Which part is different for you? Perhaps you could post a screenshot?
Regards
Léonie -
OBIEE-EBS data security integration
Hi all,
I am trying to implement the HR-Org based data security in EBS-OBIEE integration.
After creating the initialization blocks EBS Single Sign-on Integration,Get Oracle EBS Security Context,Group-EBS Responsibility I have created a new initialization block HR Organizations to populate the session variable "HR_ORG" and I am using the following the query.
Even though the session variables GROUP and USER are getting their values correctly and integration works fine, the variable HR_ORG says "has no value definition".
[nQSError: 10058] A general error has occurred. [nQSError: 23006] The session variable, NQ_SESSION.HR_ORG, has no value definition. (HY000)
SQL Issued: SELECT "Per Business Groups"."Business Group Id", VALUEOF(NQ_SESSION.HR_ORG) FROM HR
Please help me for implementing the data security after the EBS-OBIEE integration..
For populating HR_ORG variable by row wise initialization:
SELECT DISTINCT 'HR_ORG',TO_CHAR(SEC_DET.ORGANIZATION_ID)
FROM
SELECT
'HR_ORG', ASG.ORGANIZATION_ID
FROM
FND_USER_RESP_GROUPS URP
,FND_USER USR
,PER_SECURITY_PROFILES PSEC
,PER_PERSON_LIST PER
,PER_ALL_ASSIGNMENTS_F ASG
WHERE
URP.START_DATE < TRUNC(SYSDATE)
AND (CASE WHEN URP.END_DATE IS NULL THEN TRUNC(SYSDATE) ELSE TO_DATE(URP.END_DATE) END) >= TRUNC(SYSDATE)
AND USR.USER_NAME = ':USER'
AND USR.USER_ID = URP.USER_ID
AND TRUNC(SYSDATE)
BETWEEN URP.START_DATE AND NVL(URP.END_DATE, HR_GENERAL.END_OF_TIME)
AND PSEC.SECURITY_PROFILE_ID = FND_PROFILE.VALUE_SPECIFIC('PER_SECURITY_PROFILE_ID', URP.USER_ID, URP.RESPONSIBILITY_ID, URP.RESPONSIBILITY_APPLICATION_ID)
AND PER.SECURITY_PROFILE_ID = PSEC.SECURITY_PROFILE_ID
AND PER.PERSON_ID = ASG.PERSON_ID
AND TRUNC(SYSDATE) BETWEEN ASG.EFFECTIVE_START_DATE AND ASG.EFFECTIVE_END_DATE
AND URP.RESPONSIBILITY_ID = DECODE(FND_GLOBAL.RESP_ID,
-1, URP.RESPONSIBILITY_ID,
NULL, URP.RESPONSIBILITY_ID,
FND_GLOBAL.RESP_ID)
UNION
SELECT DISTINCT 'HR_ORG',
ORGANIZATION_ID
FROM PER_ALL_ASSIGNMENTS_F ASG,
FND_USER USR
WHERE ASG.PERSON_ID = USR.EMPLOYEE_ID
AND USR.USER_NAME = ':USER'
AND TRUNC(SYSDATE) BETWEEN ASG.EFFECTIVE_START_DATE AND ASG.EFFECTIVE_END_DATE
AND ASG.PRIMARY_FLAG = 'Y'
) SEC_DET
Thx!Duplicate post see Re: obiee-ebs data security integration
-
OBIEE and Apps SSO implementation
Hi Gurus,
We are using apps 11i and OBIEE 10.1.3.4 . I would like to ask that is there any doc which could provide me steps of SSO implementation between both. Or if not in doc is there any body who incorporated the same. Here we dont have DAC and ETL as Informatica for etl we are using plsql. I want to make it work like when user types his id and password in Oracle E business , automatically he should be also directed to OBI also same user id and password could be used to the OBI. Please remember my OBI is not from apps package. It is EE and not OBI 7.9.6 So is it possible to implement SSO between OBIEE and apps 11i and how ?Hi Amol,
Check for this note 555254.1 in support.oracle.com. It contains the steps to implement SSO between EBS & OBIEE.
Regards, -
Hi,
I am working on an Inventory report in OBIEE/Oracle Apps. The report needs organization and set of books. I do not see these fields in the Inventory Subject Area. I am building this report from Inventory Transactions SA. How do I get these two fields into the Inventory transactions SA. I am very much confused on how to bring the missing fields into the SAs as I am working on OBIEE/Oracles Apps integration for the first time. Please advise.I would definitely need those in this SA..isn't it?Ya defiantely you would need those columns because itz crux of the matter.I meant check them in other subject areas also (other than inventory)
I dont have access here,but im sure i saw those columns defined....check them might be they have been mingled up with other subject areas because as those 2 fields are used with all modules in common.
If i recall the tables names start something like this Dim_W_INT_ORG_D or Dim_W_ORG_D_Account im not sure check out.
hope it has been answered
By,
KK -
Hi All,
I want to install the latest version of OBIEE & BI Apps on linux. I came to know that some components of OBIEE & BI Apps can't be installed on linux and is possible only on Windows. So can anybody let me know what are all components i can install on linux and what are all on Windows?
Thanks in advance.Hi,
With Oracle's Real-Time Decisions you'll get some kind of self learning decision server based on the j2ee platform. This sever contains some kind of data mining engine.
You should check Mark Rittman's blog:
http://www.rittmanmead.com/2007/04/19/a-first-look-at-oracle-real-time-decisions/
http://www.rittmanmead.com/2008/03/01/using-oracle-real-time-decisions-to-automate-business-decisions/
or Oracle:
http://www.oracle.com/applications/crm/siebel/business-analytics/real-time-decisions.html
http://www.oracle.com/technology/documentation/rtd.html
I have never used this product myself, so I hope this is enough information for you.
Cheers,
Daan Bakboord
Scamander Solutions -
IOS 7 mail app security concerns
I just witnessed something that made me very concerned about the iOS 7 Mail App security. I was changing my mail account password. (I am still stuck with a Hotmail account.) So after I changed my Hotmail account password in a desktop web browser, I was expecting to do the same on my iPhone. But, what I observed totally shocked me -- I was still able to receive and send emails from my iPhone using the Apple Mail App (that still had my old password!) for some time before the Mail app crashed and only when I restarted it, it then prompted me for a password.
Now picture a more dire situation. Someone steals my iPhone. I immediately log in to Hotmail and change my password. But the thief with my iPhone can still send and receive emails from my Hotmail account. I don't need to go any further with what this can lead to, right!TJBUSMC1973 wrote:
Den B. wrote:
I just witnessed something that made me very concerned about the iOS 7 Mail App security. I was changing my mail account password. (I am still stuck with a Hotmail account.) So after I changed my Hotmail account password in a desktop web browser, I was expecting to do the same on my iPhone. But, what I observed totally shocked me -- I was still able to receive and send emails from my iPhone using the Apple Mail App (that still had my old password!) for some time before the Mail app crashed and only when I restarted it, it then prompted me for a password.
Now picture a more dire situation. Someone steals my iPhone. I immediately log in to Hotmail and change my password. But the thief with my iPhone can still send and receive emails from my Hotmail account. I don't need to go any further with what this can lead to, right!
If a thief steals your phone, then hopefully you put a passcode lock on your phone, and are also using Find My iPhone.
Guys, don't lead it in the wrong direction. This is not about setting up the passcode. Obviously that is the way to protect your data. But as you probably heard from Apple themselves about half of people who use iOS devices don't have passlocks set up. At this point I'm concerned why the Mail App lets me send and receive emails with the old password? -
HT1937 I forger my app security questions what I have to do please ?
I forger my app security questions what I have to do please ?
You need to ask Apple to reset your security questions; ways of contacting them include clicking here and picking a method for your country, phoning AppleCare and asking for the Account Security team, and filling out and submitting this form.
(100820) -
Hi,
I am using WebLogic 8.1 platform. I am trying to create a very basic secure web
app.
I created an App and created a web project. In it, I deleted the controller, etc
and just have index. jsp. All the index.jsp does is: <%= request.getRemoteUser()
%>
In web.xml I have
<security-constraint>
<web-resource-collection>
<web-resource-name>Success</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
<security-role>
<role-name>*</role-name>
</security-role>
In weblogic.xml I have
<security-role-assignment>
<role-name>dealers</role-name>
<principal-name>dealer1</principal-name>
</security-role-assignment>
When I run the app, it just renders the JSP and does not challenge me to login.
Can you please help what is that I am doing wrong here?
Thanks,
John"john hryn" <[email protected]> wrote in message
news:3fce2551$[email protected]..
>
Hi,
I am using WebLogic 8.1 platform. I am trying to create a very basicsecure web
app.
I created an App and created a web project. In it, I deleted thecontroller, etc
and just have index. jsp. All the index.jsp does is: <%=request.getRemoteUser()
%>
In web.xml I have
<security-constraint>
<web-resource-collection>
<web-resource-name>Success</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>I think you should have dealers instead of *
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
<security-role>
<role-name>*</role-name>And here too.
</security-role>
In weblogic.xml I have
<security-role-assignment>
<role-name>dealers</role-name>
<principal-name>dealer1</principal-name>
</security-role-assignment> -
I'm working on the authentication/authorisation aspects of a fairly
large web application using WLS 6.0 (ie allowing users to login and
access resources based on role etc).
Its a standard JSP/Servlet/EJB type architecture and so far it seems
the FORM-based authentication will serve our needs well. However, I've
been instructed (by higher powers) to investigate JAAS authentication.
It looks far more complex to implement so my question is, does it
offer any significant advantages that justify the extra work?
Thanks for your time."john hryn" <[email protected]> wrote in message
news:3fce2551$[email protected]..
>
Hi,
I am using WebLogic 8.1 platform. I am trying to create a very basicsecure web
app.
I created an App and created a web project. In it, I deleted thecontroller, etc
and just have index. jsp. All the index.jsp does is: <%=request.getRemoteUser()
%>
In web.xml I have
<security-constraint>
<web-resource-collection>
<web-resource-name>Success</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>I think you should have dealers instead of *
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
<security-role>
<role-name>*</role-name>And here too.
</security-role>
In weblogic.xml I have
<security-role-assignment>
<role-name>dealers</role-name>
<principal-name>dealer1</principal-name>
</security-role-assignment> -
Hi,
I have a basic question about securing web applications. In our app, we have myRealm
pointing to an LDAP store. The store has (lets say) a group called 'dealers' and
it has a user 'dealer1'.
Now, in WEB-INF/weblogic.xml I have
<security-role-assignment>
<role-name>dealers</role-name>
<principal-name>dealer1</principal-name>
</security-role-assignment>
Does the role name in weblogic.xml map to the groups called dealers in LDAP? I
have no specific roles configured in myRealm.
Thanks,
John"John Hryn" <[email protected]> wrote in message
news:3fce2328$[email protected]..
>
Hi,
I have a basic question about securing web applications. In our app, wehave myRealm
pointing to an LDAP store. The store has (lets say) a group called'dealers' and
it has a user 'dealer1'.
Now, in WEB-INF/weblogic.xml I have
<security-role-assignment>
<role-name>dealers</role-name>
<principal-name>dealer1</principal-name>
</security-role-assignment>
Does the role name in weblogic.xml map to the groups called dealers inLDAP? I
have no specific roles configured in myRealm.
Yes. http://e-docs.bea.com/wls/docs70/webapp/weblogic_xml.html#1036790
You can specify groups or individual usernames. -
Web app security exception: Bad URLMatchMap
Can anyone help me diagnose an error? I am simply trying to place a security constraint
on a servlet within an ear-deployed web-application.
The exception occurs as the first POST comes to the servlet I am trying to protect:
<Apr 16, 2001 12:40:09 PM EDT> <Error> <Kernel> <ExecuteRequest failed
java.lang.IllegalArgumentException: bad URLMatchMap path: 'version="1.0"'
at weblogic.servlet.utils.URLMatchMap.get(URLMatchMap.java:196)
at weblogic.servlet.security.internal.WebAppSecurity.getConstraint(WebAp
pSecurity.java:135)
at weblogic.servlet.security.internal.SecurityModule.checkTransport(Secu
rityModule.java:177)
at weblogic.servlet.security.internal.BasicSecurityModule.checkA(BasicSe
curityModule.java:48)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess
(ServletSecurityManager.java:150)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppSe
rvletContext.java:1250)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestIm
pl.java:1622)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
>
<?xml version="1.0" ?>
<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN'
'http://java.sun.com/j2ee/dtds/web-app_2.2.dtd'>
<web-app>
<display-name>ANSWeb</display-name>
<description>no description</description>
<servlet>
<servlet-name>UPMessageServlet</servlet-name>
<display-name>UPMessageServlet</display-name>
<description>no description</description>
<servlet-class>com.aether.ans.gateway.up.UPMessageServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>ANSServlet</servlet-name>
<display-name>ANSServlet</display-name>
<description>no description</description>
<servlet-class>com.aether.ans.server.ANSServlet</servlet-class>
<load-on-startup />
</servlet>
<servlet>
<servlet-name>WCTPServlet</servlet-name>
<display-name>WCTPServlet</display-name>
<description>no description</description>
<servlet-class>com.aether.ans.gateway.wctp.WCTPServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>UPMessageServlet</servlet-name>
<url-pattern>/UPMessage</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ANSServlet</servlet-name>
<url-pattern>/Server</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>WCTPServlet</servlet-name>
<url-pattern>/WCTPCallback</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<resource-ref>
<description>no description</description>
<res-ref-name>url/ANS.dtd</res-ref-name>
<res-type>java.net.URL</res-type>
<res-auth>Container</res-auth>
</resource-ref>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Server</web-resource-name>
<url-pattern>/Server</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Client</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>Client</role-name>
</security-role>
<ejb-ref>
<description>no description</description>
<ejb-ref-name>ejb/ANSServer</ejb-ref-name>
<ejb-ref-type>Session</ejb-ref-type>
<home>com.aether.ans.server.ANSServerHome</home>
<remote>com.aether.ans.server.ANSServer</remote>
</ejb-ref>
<ejb-ref>
<description>no description</description>
<ejb-ref-name>ejb/Alert</ejb-ref-name>
<ejb-ref-type>Entity</ejb-ref-type>
<home>com.aether.ans.entity.AlertHome</home>
<remote>com.aether.ans.entity.Alert</remote>
</ejb-ref>
</web-app>
<?xml version="1.0" ?>
<!DOCTYPE weblogic-web-app PUBLIC '-//BEA Systems, Inc.//DTD Web Application 6.0//EN'
'http://www.beasys.com/servers/wls600/dtd/weblogic-web-jar.dtd'>
<weblogic-web-app>
<description>no description</description>
<security-role-assignment>
<role-name>Client</role-name>
<principal-name>Client</principal-name>
</security-role-assignment>
<reference-descriptor>
<resource-description>
<res-ref-name>url/ANS.dtd</res-ref-name>
<jndi-name>ans.url.dtd</jndi-name>
</resource-description>
<ejb-reference-description>
<ejb-ref-name>ejb/Alert</ejb-ref-name>
<jndi-name>ejb.Alert</jndi-name>
</ejb-reference-description>
<ejb-reference-description>
<ejb-ref-name>ejb/ANSServer</ejb-ref-name>
<jndi-name>ejb.ANSServer</jndi-name>
</ejb-reference-description>
</reference-descriptor>
</weblogic-web-app>Hi Andrew,
Even without moderation enabled, any submission made through the BC platform is filtered through our protection engine to prevent XSS. Any type of potentially malicious code is immediately stripped from the submission, and this is not done at a client-side level.
Kind Regards,
Alex -
Web app security ... i don't get it
I do not get it how do one configure web.xml
I want every page to be protected against unlogged user and some pages only to some of them
From what I read it's only necessary to have only one root role that every user is part of and then any sub-role is recognized
My use case:
every page should be protected against unauthorized user
<security-constraint>
<display-name>Restrictie de vizualizare pe orice pagina jsf</display-name>
<web-resource-collection>
<web-resource-name>JSF Pages</web-resource-name>
<url-pattern>/faces/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>fullaccess</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>and I want that managers only to have access to /managers so I guess that a new </security-constraint> must be issued to allow the users that have managers role to access the resource.
<security-constraint>
<display-name>Restrictie de vizualizare pe orice pagina jsf</display-name>
<web-resource-collection>
<web-resource-name>JSF Pages</web-resource-name>
<url-pattern>/faces/manager/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>managers</role-name> ????
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint> What are the roles that must be declared in web.xml knowing that
<security-role-assignment>
<role-name>fullaccess</role-name>
<principal-name>public</principal-name>
</security-role-assignment>
</weblogic-web-app> and in the realm public group has a member 'managers' (that in my opp must not be mapped)?
..on the moment there is only
<security-role>
<description>acces pe toate paginile web</description>
<role-name>fullaccess</role-name>
</security-role>thanks, Florin POPHi guys.
A username and password info to connect to BC is the following:
Username - Your adobe ID email
Password - Your password.
To connect to SFTP its...
Server: Just the address (yoursite.businesscatalyst.com)
username - yoursite.businesscatalyst.com/[email protected]
Password - your password. -
I'm trying to get the security working for a web app. I'm using JAAS and the BASIC
authentication. I don't want to use FORM because the original Perl app (from which
my web app is derived) also used BASIC and I don't want the interface to change.
I've found that the security works great if I go directly to the weblogic server,
so it looks like the problem is with IIS (we're fowarding requests from IIS to
WebLogic). I think the problem lies in my web.xml. It has this in it:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>MLV Users Only</realm-name>
</login-config>
From what I can tell, weblogic just uses the realm-name as a label in the dialog
box that pops up, and for nothing else. My guess is that IIS is really trying
to use this as a security realm.
Am I on the right track? Anyone got any hints?
Gary"john hryn" <[email protected]> wrote in message
news:3fce2551$[email protected]..
>
Hi,
I am using WebLogic 8.1 platform. I am trying to create a very basicsecure web
app.
I created an App and created a web project. In it, I deleted thecontroller, etc
and just have index. jsp. All the index.jsp does is: <%=request.getRemoteUser()
%>
In web.xml I have
<security-constraint>
<web-resource-collection>
<web-resource-name>Success</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>I think you should have dealers instead of *
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
<security-role>
<role-name>*</role-name>And here too.
</security-role>
In weblogic.xml I have
<security-role-assignment>
<role-name>dealers</role-name>
<principal-name>dealer1</principal-name>
</security-role-assignment>
Maybe you are looking for
-
How to use cm_nodeName attribute of search tag in content queries ?
hello, i want to know about cm_nodeName,cm_path attributes of search tag.Actually i want to directly reterieve concerned node,so that content should be directly reterieved from that node and it should not search into all the present nodes in reposito
-
Manual Posting with Automatic Line Items
Hi Experts, Can any body explain me how to post manual JV with FS item which we maintain in Selected Items. Because my scenario is transfer Net Income value of a cons unit to MI P&L Account. When i tried it with reclassification having method layout
-
BPM-API and generic task completion
Hi experts, I want to write an application that allows you to work on different tasks. The problem is that these tasks could include various input and output data. How can I resolve this DataObjects generic and receive all relevant information such a
-
Can't see korean characters in flash 10
I have my language/local set to Korean; also, I.E 8 has encodings for utf-8 set. (Same problem when viewed in Firefox vs 2.0.0.12) It is an English version of Windows XP, SP2 (all the latest patches installed - excluding SP3) This problem exists with
-
Trash, Sent mail, and Junk mail folders do not work
I just switched from my entourage email to mac's mail, and I noticed some problems that I cannot seem to figure out. I amm using IMAP based email, and had none of these problems on entourage, but I like the format of mail better, so i hope to get thi