Categories
- All Categories
- Oracle Analytics Learning Hub
- 19 Oracle Analytics Sharing Center
- 18 Oracle Analytics Lounge
- 232 Oracle Analytics News
- 44 Oracle Analytics Videos
- 15.9K Oracle Analytics Forums
- 6.2K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 86 Oracle Analytics Trainings
- 15 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture
Request for Resource Principal Authentication Support in OAC BI Publisher Object Storage Delivery Pr
User784791-Oracle
Rank 1 - Community Starter
Currently, Oracle Analytics Cloud (OAC) BI Publisher (BIP) delivery profiles require static OCI user credentials (user OCID and private key) to connect to OCI Object Storage. This approach poses significant security and operational concerns, especially as our OAC footprint grows.
Challenges with Current Approach:
- Security Risks of Credential Sharing:
Requiring manual input and management of shared user credentials increases the risk of exposure or accidental leakage. This does not align with Oracle or industry best practices for cloud security. - Operational Overhead of Credential Rotation:
Our organization uses service accounts to configure Object Storage delivery profiles. The credentials for these accounts are rotated every 3 days to maintain compliance. With an expected scale of over 6,000+ OAC instances, this process is becoming increasingly unmanageable and introduces risks of failed deliveries during rotations.
Proposed Solution:
- Enable Resource Principal (RP) Authentication:
Leveraging OCI Resource Principal authentication would address these issues by:- Eliminating the need to manually manage or share static credentials.
- Automatically handling identity and access via OCI service identity and dynamic groups.
- Aligning with Oracle’s recommended best practices for service-to-service authentication in a cloud-native environment.
- Reducing security exposure and substantially lowering operational burden for our team.
Request:
We request support for OCI Resource Principal authentication in OAC BI Publisher Object Storage delivery profiles. This feature is critical to support secure, scalable, and compliant operations as our cloud analytics environment expands.
Next Steps:
- Please advise on any available roadmap information for this feature.
- If not already planned, we request this be prioritized as an enhancement.
- We are prepared to provide further details or business impact statements if needed.
Thank you for your consideration.
0
Answers
-
And that's what ideas are for (or your own internal channels inside Oracle):
0
