Security

Security:

1. In how many ways security in OBIEE 11G can be divided?

A) Security in OBIEE 11G can be divided into two ways:

1. Authentication.

2. Authorization.

2. What is meant by Authentication?

A) Authentication is a process by which a system verifies (with a userID and password) that a user has necessary permissions and authorization to log on and access the data.

a. In simple words it is nothing but validating username and password which is called as authentication.

E.g.: Analytics application Username and password.

3. Which server authenticates each connection request it receives?

A) Oracle BI server authenticates each connection request it receives.

4. How many types’ authentications are available?

A) Authentications are two types:

1. LDAP

2. EXTERNAL TABLE

5. What is LDAP?

A) It is called as Lightweight Directory Access Protocol.

a. It is a integrated part of OBIEE11G.

b. Can be accessed using console.

6. What is external table authentication?

A) Validating username and password against external table is called External table authentication.

a. In any project first priority goes to LDAP authentication. If customer rejects LDAP then we will go to External table.

7. Do we need a dedicated connection pool while defining session initialization block?

A)Yes, we need a dedicated connection pool while defining session initialization block as one connection pool cannot sustain more tasks.

8. What is required for authentication option usage?

A) If we need to pass external table initialization block then just enable it.By doing which LDAP users will not get authorized to log in into the analytics page or any web based pages.

9. What is Edit Execution Precedence?

A) To maintain session initialization blocks execution order we will use it.

10. How can we create user in web catalog group?

A) LDAP user will automatically appear in web catalog.

a. External Table user will be created when ever user first time login into analytics application.

11. What is the use of creating catalog groups?

A) The catalog group is useful if we want to provide permissions to ‘n’ no of users.

a. we can map ‘n’ no of users to group and we can provide the permissions instead of each individual user.

b. Catalog group name and console group name should be same(It is the best practice).

c. Catalog groups are also useful to group ‘n’ no of users.

12. What is authorization?

A) Once a user login into the application, what can he access controlled by authorization.

13. How many types of authorization is present in OBIEE11G?

A)  Mainly two types of authorization is present in OBIEE11G

They are:

1. Object level

2. Data level or row level

14. Into how many types object level security is divided?

A) Object level security is divided into two types:

1. RPD level objects

2. Presentation catalog or web catalog objects

15. What are RPD level objects?

A) We can control below objects from presentation layer of RPD

a. Subject area

b. Presentation table

c. Presentation column

d. Hierarchy object

16. What are presentation catalog or web catalog objects?

A) We can control below objects of web catalog

a. Folder

b. Dashboard

c. Dashboard page

d. Section

e. Report

f. Saved filter

g. KPI

h. KPI watchlist

i. Score card …etc

17. How many types of permissions are there in OBIEE11G?

A) In OBIEE11G we have six types of permissions.

They are:

1. No access

2. Traverse

3. Open(Read+Traverse)

4. Modify(Read+Delete+Write+Rename+Traverse)

5. Full control(Modify+Permission)

6. Custom(New in OBIEE11G)

18. How can we provide section level permissions?

A) Open any dashboard then Click on section properties then Click on permissions.

19. What is meant by traverse?

A) This option will disable the navigation which is done with the help of action links.

20. What is meant by a privilege?

A) It can control inbuilt options of OBIEE tool using privileges.

Ex:Denying analysis option to BxxxDDR user.

21. Is it possible to set query limits in OBIEE11G?

A) Yes, it is possible to set a query limit to any defined number.

It can be done by following these steps:

a.    Open RPD in online mode.

Then go to manage then Identity manager.

a.    Double click on BxxxDDR user.

b. Click the permissions tab and then click on query limits.

22. Can we restrict the time period for which users can access specified repository resources?

A) Yes, We can restrict any user from accessing the specified repository in any specified period of time.

23. What is the difference between Data Level Security and Object Level Security?

A) Data level security controls the type and amount of data that you can see in a report. Object level security provides security for objects stored in the OBIEE web catalog like dashboards, dashboards pages, folder and reports.

24. How do you implement security using External Tables and LDAP?

A) Instead of storing user IDs and passwords in a OBIEE Server repository, you can maintain lists of users and their passwords in an external database table and use this table for authentication purposes. The external database table contains user IDs and passwords, and could contain other information, including group membership and display names used for Siebel Analytics Web users.

      Instead of storing user IDs and passwords in a OBIEE Server repository, you can have the OBIEE Server pass the user ID and password entered by the user to an LDAP(Lightweight Directory Access Protocol ) server for authentication. The server uses clear text passwords in LDAP authentication. Make sure your LDAP servers are setup to allow this.

25. Login slowness concern. What needs to be done?

A) Do Configurational Changes (instanceconfig.xml) to solve the issue.

26. Where are passwords for userid, LDAP, external table authentication stored respectively?

A) Passwords for user id are in OBIEE server repository LDAP authentication in LDAP server external database in a table in external database.

27. Can you bypass OBIEE server security? if so how?

A) Yes you can bypass by setting authentication type in NQSCONFIG file in the security section as:authentication_type=bypass_nqs.instanceconfig.xml and nqsconfig.ini are the 2 places.

28. Does OBIEE has two level of security?

A) Yes, first at the RPD level and second at the presentation services level.

29. Why OBIEE security is different compared to other BI tools?

A) Because it’s very flexible and can integrate into any existing security architecture an organization has built and reduces the need for one more layer of administration.