OBIEE 11g Security Policy

There are combinations of different stores (Identity Store,Policy Store,Credential Store) which take active role defining OBIEE 11g security including both Authentication and Authorisation . The below diagram mostly describes the process flow and the integrated components. Description for the flow (with the components) will be available in the same thread updated … keep watching my space 🙂

Identity Store: It is directory server to perform the authentication. It contains user name , password and groups membership information .When a user name and password combination is entered at log in, the authentication provider searches the identity store to verify the credentials provided.

Policy Store: Contains the definition of Application Roles, Application Policies, and the mapping between them.A policy store can be file-based or LDAP-based.Oracle Business Intelligence permissions are granted by mapping users and groups from the identity store to Application Roles and permission grants located in the policy store.

Credential Store: It is responsible for securely storing and providing access to credentials required by Oracle Business Intelligence Applications components internally.For e.g, SSL Certificates stored here.

Two way the authentication can be done . Oracle Weblogic Administrator Console used to manage Embedded directory server (LDAP) to authenticate Users and Groups.Sometimes Oracle Internet Directory is used as authentication provider and OID console is used to manage user and groups.

After the authentication done , the authorisation will be done across Policy store and Credential store where application role and group mapping will be executed .

Application and System related security credential will be store inside the Credential Store (oracle wallet) .