tailieunhanh - Applied Oracle Security: Developing Secure Database and Middleware Environments- P56

Applied Oracle Security: Developing Secure Database and Middleware Environments- P56:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 524 Part IV Applied Security for Oracle APEX and Oracle Business Intelligence Oracle BI Publisher Authorization As mentioned Oracle BI Publisher supports several security models. When Oracle BI Publisher is being used as an integrated component of Oracle BI it should be set up to use Oracle BI Server security. In this situation Oracle BI Publisher groups and group membership is inherited directly from the BI server groups. All BI server groups will show up automatically in Oracle BI Publisher and can be used to restrict access to reports and data sources. No management of groups in BI Publisher is required. All management of groups and group membership for BI Publisher is done wherever you are managing BI server groups and group memberships. Authorization Summary We have covered several methods of authorization which represents a crucial step in the process of creating a session for a user attempting to user Oracle BI. After authenticating the user and authorizing the user your final step would be to populate any other necessary session variables. In Chapter 14 we will populate session variables as a step in setting up row-level security. As you have seen the session creation process in Oracle BI is quite flexible. You can perform any number of steps to set up a user s session. Remember that each step in the session creation process is going to take time and you do not want the login process to take too long. For example in the Dynamic Group Membership Using LDAP Indirectly section to place a user in a group the BI server had to make a connection to the database and the database had to make a connection to the LDAP server. If you could find a way to replicate the group information from the LDAP server into a database you could speed up and greatly simplify the authorization process. Single Sign-On When Oracle BI is not protected by a SSO server the login screen is generated by the presentation server. The presentation server accepts the credentials and passes them