Working with Users


User accounts can be defined explicitly in an Oracle BI repository or in an external source (such as a database table or an LDAP server). However user accounts are defined, users need to be authenticated by the Oracle BI Server for a session to take place.
Users defined explicitly in a repository can access business models in that repository, but they cannot span repositories.
The Oracle BI Administrator user account is created automatically when a repository is created and cannot be deleted. For more information about the Oracle BI Administrator user account, refer to About the Oracle BI Administrator Account.
This section includes the following topics:

Adding a New User to a Repository

Use this procedure to add a new user to a repository.
To add a new user to a repository
  1. Open a repository in the Administration Tool.
  2. Display the security manager by selecting Manage > Security.
  3. Select Action > New > User to open the User dialog box.
  4. Type a name and password for the user.
  5. If you want to log queries for this user in the query log, change the query logging level to 1 or 2.
    For more information about query logging, refer to Setting a Logging Level.
  6. Click OK.
    This creates a new user with default rights granted to it. In the NQSConfig.INI file, the default rights are specified by the entry DEFAULT_PRIVILEGES.
  7. To modify the user's permissions, open the User dialog by double-clicking on the user icon you want to modify. If you click Permissions, you can change permissions for multiple columns.
  8. Specify the password expiration option.
    • If the user's password should never expire, select the option Password Never Expires.
    • If you want the user's password to expire, use the Days drop-down list to select the number of days to elapse before the user's password will expire. The maximum interval is 365 days.
      When the specified number of days passes after the password is created or changed, the password expires and must be changed.
  9. You can grant rights to the user individually, through groups, or a combination of the two. To grant membership in a group, check as many groups as you want the user to be a part of in the Group Membership portion of the dialog box.
  10. To specify specific database logon IDs for one or more databases, type the appropriate user IDs and passwords for the user in the Logons tab of the User dialog box.
    NOTE:  If a user specifies database-specific logon IDs in the DSN used to connect to the Oracle BI Server, the logon IDs in the DSN are used if the Oracle BI Administrator has configured a connection pool with no default database-specific logon ID and password. For information about configuring the connection pools to support database-specific logon IDs, refer to Creating or Changing Connection Pools.
  11. Set up any query permissions for the user. For information, refer to Managing Query Execution Privileges.

About the Oracle BI Administrator Account

The Oracle BI Administrator account (user ID of Administrator) is a default user account in every Oracle BI repository. This is a permanent account. It cannot be deleted or modified other than to change the password and logging level. It is designed to perform all administrative tasks in a repository, such as importing physical schemas, creating business models, and creating users and groups.
NOTE:  The Oracle BI Administrator account is not the same as the Windows NT and Windows 2000 Administrator account. The administrative privileges granted to this account function only within the Oracle BI Server environment.
When you create a new repository, the Oracle BI Administrator account is created automatically and has no password assigned to it. You should assign a password for the Oracle BI Administrator account as soon as you create the repository. The Oracle BI Administrator account created during the installation of the Oracle BI repository, that is, the repository shipped with Oracle BI, has the default password SADMIN.
The Oracle BI Administrator account belongs to the Administrators group by default and cannot be deleted from it. The person logged on using the Oracle BI Administrator user ID or any member of the Oracle BI Administrators group has permissions to change anything in the repository. Any query issued from the Oracle BI Administrator account has complete access to the data; no restrictions apply to any objects.
NOTE:  You can set the minimum length for passwords in the NQSConfig.INI file using the MINIMUM_PASSWORD_LENGTH setting.

No comments:

Post a Comment

Popular Posts