Authentication and Authorization

Authentication and Authorization:

Authentication means validating the user while logging in the OBIEE application. When a user logs in the OBIEE application a request is sent to the BI Server asking that whether this user is a valid user or not. When BI Server validates the user, then only the user is able to login in the application.

Authorization means a user is authorized to view what all objects. Example, User A might be authorized to view only particular set of reports and dashboards based on the security applied.

1. Object Level Security

As the name states, Object level security refers to restricting access to OBIEE objects between different users and groups. The access to following objects can be restricted using object level security: Presentation tables, Presentation table columns, Subject Areas, Reports, Dashboards, and Project Specific shared folders.

Object-level security controls the visibility to business logical objects based on a user’s role.

Repository level: In Presentation layer of Administration Tool, we can set Repository level security by giving permission or deny permission to users/groups to see particular table or column.

Web level: This provides security for objects stored in the Presentation Catalog, such as dashboards, dashboards pages, folder and reports. You can only view the objects for which you are authorized. For example, a mid level manager may not be granted access to a dashboard containing summary information for an entire department.

2. Data Level Security

Data Level Security is basically securing the data. Users belonging to particular group should see a certain set a data whereas users outside that groups shouldn’t see that data. Example: Users belonging to Asia group should see only the data for Asia region whereas users belonging to US region should see data for US region.

Data-level security controls the visibility of data (content rendered in subject areas, dashboards, Oracle BI Answers, and so on) based on the user’s association to data in the transactional system.

This controls the type and amount of data that you can see in a report. When multiple users run the same report, the results that are returned to each depend on their access rights and roles in the organization. For example, a sales vice president sees results for all regions, while a sales representative for a particular region sees only data for that region. 

3. User Authentication in OBIEE

The goal of the authentication configuration is to get a confirmation of the identity of a user based on the credentials provided.

In OBIEE, the credentials provided are hold in this two variables:

1.      USER 

2.      PASSWORD

The authentication process in OBIEE is managed by the BI Server.

Types of Authentication:

OBIEE Support four types of Authentication

1.      LDAP Authentication: Users are authenticated based on credentials stored in LDAP. This is the BEST method to do authentication in OBIEE and it Supports Company’s Single Sign On (SSO) philosophy as well.

2.      External Table Authentication: You can maintain lists of users and their passwords in an external database table and use this table for authentication purposes.

3.      Database Authentication: The Oracle BI Server can authenticate user based on database logins. If a user has read permission on a specific database. Oracle BI Presentation Services authenticates those users.

4.      Oracle BI Server User Authentication: You can maintain lists of users and their passwords in the Oracle BI repository using the Administration Tool. The Oracle BI Server will attempt to authenticate users against this list when they log on.