Oracle BICS and Identity Management – A New Security Architecture

 by Shiva Molabanti

Oracle Business Intelligence Cloud Service (BICS) is a part of Platform as a Service (PaaS), which offers a highly scalable, multi-tenant Oracle BI environment integrated with Oracle Cloud store. Oracle BICS features presentation services to create analyses and dashboards, Oracle Database Cloud Service integration, self-service web-client Data Loader and Data Modeler, simple administration, and integrated Identity Management for Security (Authentication & Authorization) Services.

Before a user can subscribe to the Oracle BICS service, they have to be registered on the Oracle Public Cloud at cloud.oracle.com.  The Oracle Public Cloud is built on Oracle’s Identity Management platform.  The Identity Management is a part of the Common Services layer and secures Oracle Public Cloud.

Out of the gate, the identity management services of the Oracle Public Cloud consist of an LDAP based identity store and a Single Sign-On (SSO) access management service.  When you subscribe to any one of the Oracle’s Public Cloud services (i.e. BI Cloud Service or a DB service), it is automatically added to your Tenant Services Group.  All the applications in the services group are integrated.  SSO with identity management can help you get automatically loged into Service Group apps seamlessly. 

Oracle BICS Architecture:

Oracle BICS and Identity Management – A New Security Architecture Shiva Molabanti resized 600

In the Oracle Public cloud, credentials of a registered user are stored in the Oracle Internet Directory.  When a user has access to several services across the Oracle Public Cloud, the single sign-on process is handled by Oracle Access Manager.  When a user account is disabled, all active services under that account become disabled.

 

Info Sheet: Accelerate Oracle BI Cloud Services

 

Oracle Identity Management Platform consists of three functional pillars and underlying platform services, as shown in the following figure:

Oracle BICS and Identity Management – A New Security Architecture Shiva Molabanti 2 resized 600

 

BICS and IDM:

In Oracle BI Cloud Services, the Authentication and Authorization features have been configured and maintained in Oracle Identity Management (IDM).  All Oracle BI Cloud Service user accounts and associated role definitions are maintained in the integrated IDM.

Oracle BI Cloud Service – Security: simpler View:

Oracle BICS and Identity Management – A New Security Architecture Shiva Molabanti 3 resized 600

 

Only Identity Management administrators can manage users for Oracle BI Cloud Service.  These users are managed in the Oracle Cloud Portal, by managing identity domains. The identity domain contains users and roles that provide authentication to multiple Oracle Cloud services.

Oracle BICS and Identity Management – A New Security Architecture Shiva Molabanti 4 resized 600

Security features of the Oracle BI Cloud Service, apart from the authentication integration, are same as that of OBIEE 11g.  Oracle BICS enables service administrators to put across a provision for the identity domain users to use specific functionality in their Oracle BI Cloud Service instance by assigning application roles.  An application role controls access to functionality available in Oracle BI Cloud Service.

Oracle BICS and Identity Management – A New Security Architecture Shiva Molabanti 5.png resized 600

 

Just for a quick reference, here is the hierarchy of predefined application Roles in BICS:

Oracle BICS and Identity Management – A New Security Architecture Shiva Molabanti 6 resized 600

 


molabantishiva 128

Shiva Molabanti is a Director of Technology at KPI Partners.  He is a business intelligence enthusiast who likes blogging about acquisitions in the BI space, technical workings of BI tools, and Oracle Business Intelligence. Visit Shiva at his personal blog or check out Shiva’s blog at KPIPartners.com.


原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/290711.html

(0)
上一篇 2022年10月7日
下一篇 2022年10月7日

相关推荐

发表回复

登录后才能评论