You are here: OBIEE A quick review of OBIEE11g Architecture & Security

A quick review of OBIEE11g Architecture & Security

Rate this item
(28 votes)


OBIEE 11g Architecture & Security


Domains in OBIEE

  • Web Logic Server Domain

      J2EE App Server used across the board for all 11g BI applications

      Contains :

       Managed Server : Set of J2EE Applications used for “functioning” the BIEE system

     Admin Server : Set of J2EE Applications used for “administering” of BI EE system

·         Oracle Process Manager and Notification Server (OPMN) domain

      Used to start/Stop system components (BI Svr, BI Pres Svr, BI Schdlr, BI ClustrCntrl)

      Can be accessed from CMD or from EM page(GUI)

 Admin Server Components

     WLS Admin Console

      Admin GUI for WLS,Security and J2EE Components

     Fusion Middleware-EM Control (FMW EM)

      Admin GUI to Manage the BI Domain

      JMX Beans

      Java components that provide programmatic access for managing a BI domain.

Managed Server Components

      BI Plugin : Sends web http requests to BI Presentation Services

      BI Security :Integrates BI Server and FMW sec platform(using webservice calls)

      BI Action Services: Dedicated web services for Action framework

      BI Web Service SOA: Provides Web services for objects in the BIEE Presentation Catalog, to invoke analysis, agents, and conditions.

      BI Office: Provides the integration between Oracle Business Intelligence and Microsoft Office products

BIEE Domain System Components


     BI Server

     Provides capabilities to query and access data as well as services for accessing and managing the RPD file (BIEE Metadata).

     BI Presentation Services

     Provides the framework and interface for the presentation of business intelligence data to Web clients. It maintains an Oracle BI Presentation Catalog service on the file system for the customization of this presentation framework.

     BI Scheduler     

      Provides framework for scheduling and delivering reports to users (used by delivers)

     BI Javahost

     Enables BI Presentation Services to support various components: Java tasks for BI Scheduler, BI Publisher, and Graph generation.

     BI Cluster Controller

     Used for distributing requests to BI server and ensure load balancing


     Repository file (e.g. SampleSales.rpd)

     Config Files (nQconfig.ini,instanceconfig.xml,)

     Log Files (nqserver.log,nqquery.log, nqscheduler.log, sawlog0.log etc)

     Presentation catalog (<MW_HOME>\OracleBIPresentationServicesComponent\coreapplication_obips1\catalog)

OBIEE 11G Security

What’s Security ?

      Authentication – checking passwords and other tokens against user lists, to “authenticate” a user and check that they are who they say they are

      Authorization – once we know who they are, what are we going to “authorize” them to do on our system. (Object Security and data Security, both done from rpd)

      Administration – how do we administer these lists of users, groups and permissions(app policy), plus connections to external directories and applications



Security Providers

      Authentication provider

o   OBIEE delegates authentication to the first authentication provider configured for the domain.

o   Defined and managed from WLS Console

      Policy store provider

o               Provides access to :

      Application Roles (to create functional group)

      Application Policies (to define Oracle BI Server, BIP and RTD functionality permissions)

o   Forms a core part of security policy ,used for Object security and Data security

o   Defined and managed from FMW Enterprise Manager

o   Policy stored in system-jazn-data.xml file

      Credential store provider

o   Responsible for securely storing /providing access to credentials reqd. by OBIEE components internally

o   Credentials are stored in the file cwallet.sso file

Tools for security Management (In a nutshell)

      Users and Groups are managed in Oracle WLS Admin console (by default). If WLS is integrated with other LDAP products, then Users and Groups needs to managed using the interface provide by the respective LDAP vendor – New in OBIEE 11g

      Application Roles and Application Policies are managed in Oracle Enterprise Manager - Fusion Middleware Control – New in OBIEE 11g

      RPD object permissions are managed in OBIEE Admin tool – Same as 10g but the assignment is to Application Roles instead of Groups

Webcat Permissions and Privileges are managed in OBI Application administration page - Same as 10g but the assignment is to Application Roles instead of groups


Directory Structure

MW_HOME    : MiddleWare directory e.g. D:\OBIEE11G

WL_HOME    : MW_HOME\wlserver_10.3\

DOMAIN_HOME: MW_HOME\user_projects\domains\bifoundation_domain\

ORACLE_INSTANCE : MW_HOME\instance\instance1



'If you found this article useful, please rate the same"

Read 12895 times