obiee architecher

7/29/2019 obiee architecher

1/8

A quick review of OBIEE11g Architecture &SecurityRate this item

1

2

3

4

5

(11 votes)

OBIEE 11g Architecture & Security
http://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.html


2/8

Domains in OBIEE Web Logic Server Domain

J2EE App Server used across the board for all 11g BI applications

Contains :

Managed Server: Set of J2EE Applications used for functioning

the BIEE system

Admin Server: Set of J2EE Applications used for administering

of BI EE system

Oracle Process Manager and Notification Server (OPMN) domain Used to start/Stop system components (BI Svr, BI Pres Svr,

BI Schdlr, BI ClustrCntrl)

Can be accessed from CMD or from EM page(GUI)

Admin Server Components WLS Admin Console

Admin GUI for WLS,Security and J2EE

Components

Fusion Middleware-EM Control (FMW EM) Admin GUI to Manage the BI Domain

JMX Beans

Java components that provide programmatic

access for managing a BI domain.

Managed Server Components BI Plugin : Sends web http requests to BI Presentation Services

BI Security :Integrates BI Server and FMW sec platform(using webservice calls)

BI Action Services: Dedicated web services for Action framework

BI Web Service SOA: Provides Web services for objects in the BIEEPresentation Catalog, to invoke analysis, agents, and conditions.


3/8

BI Office: Provides the integration between Oracle Business Intelligence andMicrosoft Office products

BIEE Domain System Components

BI Server Provides capabilities to query and access data as well as services for

accessing and managing the RPD file (BIEE Metadata).

BI Presentation Services Provides the framework and interface for the presentation of business

intelligence data to Web clients. It maintains an Oracle BI Presentation

Catalog service on the file system for the customization of this

presentation framework.

BI Scheduler Provides framework for scheduling and delivering reports to users

(used by delivers)

BI Javahost Enables BI Presentation Services to support various components: Java

tasks for BI Scheduler, BI Publisher, and Graph generation.

BI Cluster Controller Used for distributing requests to BI server and ensure load balancing

Files Repository file (e.g. SampleSales.rpd)

Config Files (nQconfig.ini,instanceconfig.xml,)

Log Files (nqserver.log,nqquery.log, nqscheduler.log, sawlog0.log etc)

Presentation

catalog(\OracleBIPresentationServicesComponent\cor

eapplication_obips1\catalog)

OBIEE 11G SecurityWhats Security ? Authenticationchecking passwords and other tokens against user lists, to

authenticate a user and check that they are who they say they are

Authorizationonce we know who they are, what are we going to authorize them to

do on our system. (Object Security and data Security, both done from rpd)

Administrationhow do we administer these lists of users, groups and permissions(app

policy), plus connections to external directories and applications


4/8


5/8

Security Providers Authentication provider

o OBIEE delegates authentication to the first authentication provider configured for

the domain.

o Defined and managed from WLS Console

Policy store provider

o Provides access to :

Application Roles (to create functional group)

Application Policies (to define Oracle BI Server, BIP and RTD

functionality permissions)


6/8

o Forms a core part of security policy ,used for Object security and Data security

o Defined and managed from FMW Enterprise Manager

o Policy stored in system-jazn-data.xml file

Credential store provider

o Responsible for securely storing /providing access to credentials reqd. by OBIEE

components internallyo Credentials are stored in the file cwallet.sso file

Tools for security Management (In a nutshell) Users and Groups are managed in Oracle WLS Admin console (by default). If WLS is

integrated with other LDAP products, then Users and Groups needs to managed using the

interface provide by the respective LDAP vendor New in OBIEE 11g

Application Roles and Application Policies are managed in Oracle Enterprise Manager -

Fusion Middleware Control New in OBIEE 11g

RPD object permissions are managed in OBIEE Admin tool Same as 10g but the

assignment is to Application Roles instead of Groups

Webcat Permissions and Privileges are managed in OBI Application administration page - Same

as 10g but the assignment is to Application Roles instead of groups


7/8

Directory StructureMW_HOME : MiddleWare directory e.g. D:\OBIEE11G

WL_HOME : MW_HOME\wlserver_10.3\

DOMAIN_HOME: MW_HOME\user_projects\domains\bifoundation_domain\

ORACLE_INSTANCE : MW_HOME\instance\instance1


8/8

obiee architecher

Documents