Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 18 Oracle Analytics Lounge
- 221 Oracle Analytics News
- 44 Oracle Analytics Videos
- 15.8K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 83 Oracle Analytics Trainings
- 15 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
OAS Access Provisioning

I am new to OAS had have been asked to evaluate the product in terms of User security and Access provisioning I had few questions on what is a good approach
- Can we create Provider group with the Organizations LDAP (not the WL embedded one) and then use a group from LDAP to control the access ie roles in doing so , we dont have to manage anything in Weblogic ie assigning the user a role or group?
- Or use WLT command line to manage the groups /roles within Weblogic and not use LDAP
- Any Other way
Best Answers
-
Welcome to the Oracle Analytics Community
Yes.we can configure Orgnization LDAP in OAS wls console.Please refer below documentation related to OID and Microsoft LDAP as external ldap providers.
Thank you For posting query in Oracle Analytics Forum.
0 -
Please create a group as an example , financeanalyst in external ldap
Add required users in ldap to the group financeanalyst
in oas ,map financeanalyst to roles such as biauthor
All members of the group automatically get biauthor permissions.
0 -
As said earlier by Ram, you can use your LDAP groups in OAS. But you still need to make a mapping job in OAS itself (Fusion Middleware EM, or via WLST scripts). Because the security in OAS is based on application roles, therefore you still need to map your LDAP groups to application roles at some point.
What you can do is to make that step "transparent". You define all the application roles you need to configure your security model. You create a group in your LDAP for each one of these application roles, and you do the mapping of your LDAP groups as members of the application roles (a 1-to-1 mapping).
From there you can then work only in your LDAP, adding users or groups as members of the groups that are a 1-to-1 representation of the application roles. If you don't want to work too much in FMW EM or WSLT scripts, this kind of solution is the best deal because you don't have to do much in there: a simple 1-to-1 mapping with a LDAP group representing the application role. And from there you control memberships to those app roles (which have an equivalent group) in your LDAP. And at the same time you have these application roles in OAS to be used to define security as you need.
1
Answers
-
Thanks, but my question was more on Groups ie create a security group in MS LDAP and then use that to control the roles in OAS ?
0