Friday, August 27, 2010

OBIEE interview- Security

One interview question that is always asked in an OBIEE Interview is regarding security. The question is asked in different manners e.g. Tell me how you implemented security in your recent project? Or Have you configured external table security in any project? Or In how many ways you can implement security in OBIEE? Or Have you configured an LDAP server for security in OBIEE? The answers below relate to OBIEE 10g.

Security is an important aspect of an OBIEE implementation project, and I have been involved in strategizing security in all the projects I worked on. There are various ways in which we can define security in OBIEE.
  1. Define security in the repository.
  2. External table authentication.
  3. LDAP authentication.
  4. Database authentication.
  5. Custom authentication.
Define security in the repository: In the Oracle BI Administration tool we can create users and groups to define permissions and authentication. We then grant permissions to users and groups.

Note: The privileges which are exclusively granted to a user have precedence over group’s privileges. Also, in case of a conflict the least restrictive privileges apply.

LDAP Authentication: I have implemented LDAP (Lightweight Directory Access Protocol) server authentication in my recent project. We used ADSI (Active Directory Service Interface) in this project.

When asked about how LDAP is set up you can say that, in the security manager create an LDAP server. For this in security manager we go to Action> New> LDAP Server. This brings us to LDAP Server dialog box, where we fill in the parameters like Name, Host Name, Port No., LDAP Version (Default 3), Base DN, Bind DN in general settings. We also define settings in Advanced tab where we fill in Connection Time-Out, Domain Identifier, Enable/Disable SSL etc.

We then created an LDAP initialization block, which was associated with the LDAP Server. Here, we define USER as our system variable which is mapped to LDAP uid.

Note: We can also use LDAP server only to import user and group definitions. This is used when we don’t want external authentication by LDAP.

External Table Authentication:  I have used External Table Authentication in my projects. To implement this we have to create a table in the database which will have columns to define users, password, and groups, log level, display name, etc. information to define security and privileges. To use this table for authentication in OBIEE we created a new connection pool in the physical layer to connect to this db/table. Then we created an initialization block using the newly defined connection pool for this table. We then defined the initialization string (e.g. select username, password, lognumber, groupname from auth_table where username = ‘:USER’ and password = ‘:PASSWORD’). We then defined the corresponding variables (e.g. USER, PASSWORD, LOGLEVEL, GROUP etc.). We have to make sure that the order of variables is same as the initialize.

Database Authentication: I have not used this type of authentication in my projects. We first make changes in our NQSConfig.ini file. In the security section, we specify our authentication database. Then we create users in the repository which are same as the users in our database. We assign these users privileges. We import this database in the physical layer of our repository using the DSN of that particular database. For this particular connection pool we set up a non shared logon.  This connection pool will now be used to connect to the database. If you are able to connect, then you are authenticated successfully.

Custom Authentication:  I never came across a custom authentication in my career. John has written an article on custom authentication here.

In this article I tried to briefly describe the security types in available in OBIEE, this is not to much in detail but good pointers for an interview. Actual implementation will need a lot more information and details; refer Oracle BI Administration Guide; the links below might be helpful.

Kumar has very impressive articles on security visit


Wednesday, August 25, 2010

How to get started with OBIEE

I always come across people who are interested in learning OBIEE, and they become curious to know about BI. They always ask me how to learn OBIEE.

My first answer is to get familiar with Data Warehousing concepts. A good understanding of the following is needed to succeed as an OBIEE Developer:

- Database/ Data Warehouse/ Data Mart
- Data Modeling
- OLTP & OLAP Systems
-  Star & Snowflake Schema
- Facts & Dimensions
- Slowly Changing Dimension
- Other DW concepts- Hierarchy, Confirmed Dimension, Bridge Table, Implicit Fact, Fact less Fact, Aggregate table and more

A lot can be learned from Wikipedia as well, some of the topics about BI and Data Warehousing are very well explained.

Read The Data Warehouse Toolkit: The Complete Guide to Dimensional Modeling to build an understanding of dimensional modeling.

Once you are through with all of the above start working on Oracle by Examples

Join OTN to gain from other’s experiences. Please follow Forum Etiquettes. I would suggest start reading the questions which have been answered in the forums.

And of course, there are so many blogs on OBIEE that can help you develop your OBIEE skills. So, join me in the journey of OBIEE.


Tuesday, August 24, 2010

Just another OBIEE Blog or more?

Hello Everyone!

After noticing a lot of people searching for hours to find answers to their queries on OBIEE, I thought of posting my experiences with OBIEE on this blog. I will cover important topics in OBIEE in my posts. I find newcomers to OBIEE especially concerned about the interviews, so I will try to discuss important interview questions on these areas as well. In the process I hope to meet new people and seek their ideas and comments. 

Thank you!