Reg:rpd security vs ldap

Similar Messages

• Reg:rpd security

  hi,
  i have merged two repositories where one is using LDAP server for authentication,initialization block for autorization and portalpath and the second one using rpd security only.now after i merged i will be implementing LDAP authentication and authorization for the new merged rpd.
  now, my doubt is that the second rpd using the rpd security has declared some filters for some groups in the permissions in security.so,if i implement ldap server authentication and authorization where the group of an user,portalpath are authorized,the filter in permissions on the group would work normally or should i use authorization init block to get the filters?
  thanks

  i have used below link for setting authorization
  http://obieeblog.wordpress.com/
  thanks

• Data level security in ldap

  Hi Experts,
  I am new to obiee
  can you any one explain how to give data level security if we use LDAP authentication
  it would be great help for me.
  thanks in advance.
  reg,
  jell

  Hi,
  Security LDAP.
  For Authentication purpose we can use LDAP.
  For Data level security purpose you can use external table.
  Ex: user's comming from LDAP for Authentication purpose
  Please refer the below link.
  http://satyaobieesolutions.blogspot.com/2012/06/dataobjectcolumn-level-security-in.html
  http://satyaobieesolutions.blogspot.com/2012/06/external-table-authentication-and-row.html --- External Table.
  Hope this help's
  Thanks
  Satya

• RPD Security and Migrations

  We have a Subject Area where up to 25 columns in the Presentation Layer have security applied. They are denied to the System-level Everyone group and access is provided to Group1.
  The way our migrations to the environments work is the Developer provides the RPD and we do a 3-way merge. The issue is the security does not get merged correctly. So if Group1 exists in the Master RPD when we do a 3-way merge groing from the Developer's RPD to the Master it creates another security group called Group#1.
  I thought I could use UDML generation to apply the security but UDML does not generate the system-level EVERYONE group so when applying the UDML (nqudmlexec) to the Master the columns have the EVERYONE group defaulted back to Read access.
  I am working with Oracle on their best practice for migrating RPD security but I'd like to see how those on the forum handle the migration of RPD level security. So any permissions applied to Presentation Layer catalogs, tables, columns, Phycial connection pools, etc.
  How do you maintain that security going from a DEV to a Test to a Prod environment?
  Love to hear how others are doing this

  Yeah..... In 11g you have separater password for RPD which is not releated to any user. Unless you share the RPD password with user they can not open it in the offline mode. But still this problem persists if a ProjectA user log in and still he could see the project B details.
  You are looking at object level security on the Tables. I guess you can implement for the presentation layer.

• Secure External LDAP with local user provisioning in a org.

  To all:
  I'm working with 05Q1 or as some say v3. I was able to successfully set up user authentication with external ldap and dynamic creation of users with in local org and ldap and map over attributes for storage into local ldap. Now I need to try and make it a secure external ldap authentication. Without disturbing any of the other orgs with in the local system.
  Is it possible without turning on security for all? Where would the certs be stored for the secure external LDAP that I am authenticating against?
  Help would be appreciated.
  If anyone is trying to do the same thing let me know if your having trouble. I sure did, just getting to the point that I am right now.
  Thanks,
  - Milo

  Hi,
  Check following forum thread.
  Re: custome role maper example
  Regards,
  Kal

• HOW TO DO: J2EE declaritive Security without LDAP????

  My client doesn't want to store stuff in LDAP, and we already have existing authoriztion infrastruction stored in a DB. How can I my existing security infrastructure in conjuction with J2EE declarative security and iAS (6sp3, Solaris, oracle db, web clients)?

  <i>Q: HOW TO DO: J2EE declaritive Security without LDAP?</i>
  A: It can't be done with iAS. iAS 6.x expects security information to be in LDAP.
  Your only option if they want to use a relational database is either to use some sort of meta directory (replication) to move the data from the relational database, or so sort of LDAP to RDBMS gateway.
  David
  http://www.amazon.com/exec/obidos/ASIN/076454909X/

• Security using both rpd users and ldap

  Hi,
  I need 5 dummy users in rpd. I dont want to give them adminstrator previleges because they are not allowed to see everything in my dashboards. My authentication works using an LDAP server, is there any way I can let these dummy users login along with those in the LDAP server??

  I dont think it is possible to use both BI server default authentication and LDAP. You can always have multiple LDAP servers to authenticate. You can request for 5 service accounts to be created in the LDAP for OBIEE, and assign the privileges accordingly so they will see only required dashboards.
  Please award points if helpful,
  Thanks,
  -Amith.

• Datalevel security in Ldap

  Hi Experts,
  I have one doubt
  when we are using LDAP Security how should we give Data level security for a single user.
  Can you please explain this in details with example.
  thanks in advance
  Regards,
  Jel

  Hi,
  once LDAP got working then u can able to see AD users in RPD (identity user list) here u can just apply data level security.
  ley say userA is the AD users, once its shows in RPD
  Steps to set up data filters to apply row-level authorization rules for queries:
  1)
  Go to your repository in the Administration Tool--->
  Select Manage, then select Identity.--->
  In the Identity Manager dialog, in the tree pane, select BI Repository.-->
  In the right pane, select the Users tab , then double-click the anyof one AD user for which you want to set data filters.
  (if u r not able to find the AD user just set online filter and put it * then it will shows up)
  2) In the Application Role dialog, click Permissions.
  In the User Role Permissions dialog, click the Data Filters tab.
  To create filters, you first add objects on which you want to apply the filters. Then, you provide the filter expression information for the individual objects.
  For example,
  a filter like "Sample Sales"."D2 Market"."M00 Mkt Key" > 5 to restrict results based on a range of values for another column in the table.
  You can also use repository and session variables in filter definitions. Use Expression Builder to include these variables to ensure the correct syntax.
  Note: my suggestion beeter to set application role wise security (if u go with user level data security strange in feature case maintanance)
  Kindly refer the below (similar way for AD users)
  http://gerardnico.com/wiki/dat/obiee/security_level#data
  http://obieeblog.wordpress.com/category/obiee/obiee-security/
  http://www.rittmanmead.com/2012/03/obiee-11g-security-week-row-level-security
  http://oraclebizint.wordpress.com/2008/06/30/oracle-bi-ee-1013332-row-level-security-and-row-wise-intialized-session-variables/
  Thanks
  Deva

• ADF security : JAZN-LDAP

  Hi,
  We are working on the development of an application with Oracle ADF (JDev 10.1.3).
  We implemented security with lightweight XML provider and it's working perfectly.
  Next month we will deploy our application and so we will use a LDAP server.
  Is it easy to jump from XML to LDAP?
  Do we just have to select LDAP prodiver in the security wizard and then to map application groups to LDAP groups in the orion-application.xml file?
  With this solution, is it still possible to edit authorizations at design time for pages, iterators, etc ?
  Thanks in advance for your help!

  Hi,
  you didn't read the documentation, do you ? Anyway, the LDAP upload is a bit difference from how you imagine it
  - ADF Security permissions are written to the workspaces' \.adf\META-INF\app-jazn-data.xml file. So in fact you don't change the security settings for your project in JDeveloper. This means it remains for future addition
  - You use a migration utility provided by OC4J Security to create an XLIFF file out of \.adf\META-INF\app-jazn-data.xml
  http://download.oracle.com/docs/cd/B32110_01/web.1013/b28957/configxml.htm#CIHIFGBJ
  - Then you upload this to OID
  Frank

• Security - using LDAP groups

  I want to protect my EJB using LDAP groups. WLS is recognizing WLS users but unable
  to recogniz groups. Here is my weblogic-ejb-jar.xml
  <security-role-assignment>
  <role-name>channel-role</role-name>
  <principal-name>system</principal-name>
  <principal-name>mygroup</principal-name>
  <principal-name>cn=mygroup,ou=groups,o=mycompany</principal-name>
  </security-role-assignment>
  It recognizes user system but not the group. LDAP group is cn=mygroup,ou=groups,o=mycompany.
  When I pass the credentials from the client of a uniquemember, WLS generates a
  security exception. It won't recognise mygroups or cn=mygroup,ou=groups,o=mycompany
  either.
  Any suggestions?
  Thanks
  -Surya

  Yes, It has impact. You create groups in the Repository & Answers and assign the object level permissions.
  You Populate Group Variable during authentication via LDAP server. Once you login with X name you see the authorized groups in the my account.
  For dashboard A - For group Executive - User X - You have given full access.
  Now you have changed the Group name to AD_Executive. When You Login variable values would be
  User - X
  Group - Ad_Executive
  Dashboard A - No permissions.
  If you have a scenario of changing the group names then get Groups from database using Init block after authorization.

• Declarative ADF Security with LDAP provider other than OID possible  ?

  All samples I found regarding declarative security in ADF are done with an .xml repository or mention the possible use of OID as such repository.
  Thing is that client will not have OID but other LDAP v3 compilant provider.
  In this scenario is it possible to use the ADF Declarative Security or should we have to implement a custom module for the interaction ?
  Thanks,
  Claudio.

  You are right, in this article:
  http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
  says:
  In Oracle Containers for J2EE 10.1.3, users can also be defined in 3rd party LDAP servers.
  However it doesn't give any concrete sample.
  Question is: can I say the client that we can develop based on .xml or OID and then change to other 3rd party LDAP server without changing code ?
  Thanks,
  Claudio.

• INTEGRATING PUBLISHER WITH OBI EE SECURITY USING LDAP

  Hi !
  Just learned about how integrating BI Publisher with OBI EE Security had to be set. (SA SYSTEM blah blah blah)
  My question is : what if my OBI EE security is already based on LDAP server ? How do I manually insert user logon in SA_USER as I'm supposed to do ? No way...any turnaround ? Should I base my BI PUB security on the LDAP server ?
  Thanks in advance
  Yannis

  Hi,
  I too have the same question.
  Could you please let us know whether using "Oracle BI server" security model in BIP would address the SSO between Oracle BI and BI Publisher when BI uses LDAP authentication?
  Also I am facing some issues in setting up BI security in BIP.
  The issue is that, when logged into BIP as Administartor, Roles and Permissions tab of Admin displays only two roles namely "Administrator" and "XMLP_TEMPLATE_ONLINE".
  SA subject area is also set.
  Could you please let me know your thoughts on the same?
  Thanks in Advance.

• Security Issue - LDAP Authentication and supply of empty passwords

  Security Issue with OC4J and JAZN LDAP Realm
  Product Versions:
  OC4J 9.0.3
  Infrastructure 9.0.2.1
  When using form based authentication or basic authentication in a WebApp, OC4J authenticates any existing user that as a password defined with an empty password.
  Example: If you have a user with the username "user" and password "password". In the login of the WebApp if you supply only the username, OC4J authenticates the user.
  Notes:
  - If we supply a wrong password we are not authenticated
  - If we supply the correct password we are authenticated.
  To reproduce the problem, I have used Oracle callerInfo jazdemo, configured to used the JAZN LDAP Realm named sample_subrealm, that is installed with 9ias infrastructure
  Notes: If I use JAZN XML Realm everything works as expected.
  Bruno Antunes
  Java Software Engineer

  Jeremy - You'd have to use database authentication to achieve that. Create a DAD without specifying a username/password and change the app's current authentication scheme to DATABASE. Then users can login using their database account credentials. LDAP won't be used when you do this so you'll have to keep the database account passwords in sync with LDAP somehow if that's important.
  Scott

• A third-party directory servers/security provider (LDAP)

  Here is a scenario. If a security provider is a third-party directory servers that supports LDAP, is there a way to define roles in my schema table but LDAP be my authentication security provider? Sounds like a double security provider! (Looks like I had asked something similar long time ago)
  Or does the LDAP server needs to be a real provider (authentication and authorization and handle roles as well and not leave anything for me except permissions) while I set up permissions in system-jazn-data.xml and define roles in web.xml that matches the roles in ldap?
  Since the third party security provider throws in a login dialog, I may not have to use custom login module. But, I want to set up permissions. Hope I am making sense. Default realm jazn will now be replaced by something that says it is ldap. Is that assumption correct?
  If I make sense, please point to a doc about the above scenario.
  Thanks

  Hi,
  Here is a scenario. If a security provider is a third-party directory servers that supports LDAP, is there a way to define roles in my schema table but LDAP be my authentication security provider? Sounds like a double security provider! (Looks like I had asked something similar long time ago
  You can use this scenario assuming you have a LoginModule that gets the authenticated user from LDAP and then queries the database for the security roles. This however doe not work with any of the LoginModules that are published on OTN or contained in OC4J
  Frank

• Reg: file security in PI

  Hi guys,
  I want to deliver files from PI securely.  which one is the right one and please justify the option.......
  secure file transfer protocol
  or
  file transfer protocol w/ssl.
  Thanks,
  MS

  Hi
  Use SSL security.look How to use Client Authentication with SOAP Adapter
  http://help.sap.com/saphelp_nw04/helpdata/en/86/0222417c22f323e10000000a155106/content.htm