Oracle Analytics Cloud and Server

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

OAS Access Provisioning

Accepted answer
34
Views
4
Comments

I am new to OAS had have been asked to evaluate the product in terms of User security and Access provisioning I had few questions on what is a good approach

  1. Can we create Provider group with the Organizations LDAP (not the WL embedded one) and then use a group from LDAP to control the access ie roles in doing so , we dont have to manage anything in Weblogic ie assigning the user a role or group?
  2. Or use WLT command line to manage the groups /roles within Weblogic and not use LDAP
  3. Any Other way

Best Answers

  • Ram-Oracle
    Ram-Oracle Rank 6 - Analytics Lead
    Answer ✓

    @User_AAYSI

    Welcome to the Oracle Analytics Community

    Yes.we can configure Orgnization LDAP in OAS wls console.Please refer below documentation related to OID and Microsoft LDAP as external ldap providers.

    https://docs.oracle.com/en/middleware/bi/analytics-server/security-oas/configue-oracle-analytics-server-use-alternative-authentication-providers.html#GUID-3F6BCB38-B1CC-4F95-88FF-25BA2E4FFB18

    Thank you For posting query in Oracle Analytics Forum.

  • Ram-Oracle
    Ram-Oracle Rank 6 - Analytics Lead
    Answer ✓

    Please create a group as an example , financeanalyst in external ldap

    Add required users in ldap to the group financeanalyst

    in oas ,map financeanalyst to roles such as biauthor

    All members of the group automatically get biauthor permissions.

  • As said earlier by Ram, you can use your LDAP groups in OAS. But you still need to make a mapping job in OAS itself (Fusion Middleware EM, or via WLST scripts). Because the security in OAS is based on application roles, therefore you still need to map your LDAP groups to application roles at some point.

    What you can do is to make that step "transparent". You define all the application roles you need to configure your security model. You create a group in your LDAP for each one of these application roles, and you do the mapping of your LDAP groups as members of the application roles (a 1-to-1 mapping).

    From there you can then work only in your LDAP, adding users or groups as members of the groups that are a 1-to-1 representation of the application roles. If you don't want to work too much in FMW EM or WSLT scripts, this kind of solution is the best deal because you don't have to do much in there: a simple 1-to-1 mapping with a LDAP group representing the application role. And from there you control memberships to those app roles (which have an equivalent group) in your LDAP. And at the same time you have these application roles in OAS to be used to define security as you need.

Answers

  • User_AAYSI
    User_AAYSI Rank 1 - Community Starter

    Thanks, but my question was more on Groups ie create a security group in MS LDAP and then use that to control the roles in OAS ?