- Define security in the repository.
- External table authentication.
- LDAP authentication.
- Database authentication.
- Custom authentication.
LDAP Authentication: I have implemented LDAP (Lightweight Directory Access Protocol) server authentication in my recent project. We used ADSI (Active Directory Service Interface) in this project.
When asked about how LDAP is set up you can say that, in the security manager create an LDAP server. For this in security manager we go to Action> New> LDAP Server. This brings us to LDAP Server dialog box, where we fill in the parameters like Name, Host Name, Port No., LDAP Version (Default 3), Base DN, Bind DN in general settings. We also define settings in Advanced tab where we fill in Connection Time-Out, Domain Identifier, Enable/Disable SSL etc.
We then created an LDAP initialization block, which was associated with the LDAP Server. Here, we define USER as our system variable which is mapped to LDAP uid.
Note: We can also use LDAP server only to import user and group definitions. This is used when we don’t want external authentication by LDAP.
External Table Authentication: I have used External Table Authentication in my projects. To implement this we have to create a table in the database which will have columns to define users, password, and groups, log level, display name, etc. information to define security and privileges. To use this table for authentication in OBIEE we created a new connection pool in the physical layer to connect to this db/table. Then we created an initialization block using the newly defined connection pool for this table. We then defined the initialization string (e.g. select username, password, lognumber, groupname from auth_table where username = ‘:USER’ and password = ‘:PASSWORD’). We then defined the corresponding variables (e.g. USER, PASSWORD, LOGLEVEL, GROUP etc.). We have to make sure that the order of variables is same as the initialize.
Database Authentication: I have not used this type of authentication in my projects. We first make changes in our NQSConfig.ini file. In the security section, we specify our authentication database. Then we create users in the repository which are same as the users in our database. We assign these users privileges. We import this database in the physical layer of our repository using the DSN of that particular database. For this particular connection pool we set up a non shared logon. This connection pool will now be used to connect to the database. If you are able to connect, then you are authenticated successfully.
Custom Authentication: I never came across a custom authentication in my career. John has written an article on custom authentication here.
In this article I tried to briefly describe the security types in available in OBIEE, this is not to much in detail but good pointers for an interview. Actual implementation will need a lot more information and details; refer Oracle BI Administration Guide; the links below might be helpful.
Security in OBIEE 11g – Venkat’s article http://www.rittmanmead.com/2010/08/26/oracle-bi-ee-11g-authentication-authorization-weblogic-security/
Deepak