1 AUTHENTICATION... 2 Step 1:Set up your LDAP server... 2 Step 2: Set up your username... 4 WRITEBACK REPORT... 8 Step 1: Table structures... 8 Step 2: Import Tables into BI Admin Step 3: Creating the custom Message Step 4: Create the writeback report Step 5: Clean up table Using the Write Back Report AUTHORIZATION: Setting the Group for each user Step 1: Create the Session Variable Step 2: Create the Data Source Step 3: Edit the Target Data Step 4: Execution Preference USING AUTHENTICATION... 28
2 This entry will discuss how to utilize OBIEE 10g capabilities to authorize and authenticate your users. Authentication will be administered by an external LDAP solution, while authorization will be controlled in the datawarehouse and administered using writeback capability. AUTHENTICATION Step 1:Set up your LDAP server. In the admin too go to Admin Security Action New LDAP Server Enter all the appropriate information in the General Tab.
3 On the Advanced tab, if you are using MS AD, then the default UserName attribute should be samaccountname. Otherwise, check with your LDAP Admin.
4 Step 2: Set up your username Manage Variables Go into Session Initialization Block. There should be an init block called Authentication. Open this. If this does not exist, create it.
5 Click Edit Data Source to open the data source window. From the data source drop down, select LDAP. Click Browse. This will show all of the LDAP servers that you have set up. Select the appropriate one.
6 Once the Data Source is set, click the Edit Data Target Button. This will open the Variable Target Window. Click New. Here, you want to create a new variable, called USER. This is a special variable in OBI Admin. Once the variable name is entered, Click OK, to get back to the Variable Target Screen.
7 Here you want to enter the LDAP username variable. In our case it is samaccountname. Click OK. Your user authentication is now being administered by the LDAP server.
8 WRITEBACK REPORT Step 1: Table structures Nothing really needs to be done to the admin tool, aside from making sure the tables you need are imported. I created 2 tables. One was a dimension table, in case we want to store user information (full name, , etc) CREATE TABLE "OLAP_DW"."USER_AUTH_DIM" ("PRIMARY_KEY" VARCHAR2(200 BYTE), constraint user_auth_dim_pk Primary Key (PRIMARY_KEY)); insert into user_auth_dim values ('X'); For now, I populated this table with X and then populated the foreign key in the security table with X as well. In a real life scenario, the user auth dim table might have the username as a PK, then full name, , DOB, or other useful information. For this exercise, I just wanted to include a dimension table, s don t read too much into the contrived way that the tables are joined. If you were building this to solve a real authentication and authorization problem, it would look much cleaner. The other table was a table that stored security information: CREATE TABLE "OLAP_DW"."USER_AUTH" ( "USERNAME" VARCHAR2(200 BYTE), "USERNAME2" VARCHAR2(200 BYTE), "RESPONSIBILITY" VARCHAR2(200 BYTE), "FOREIGN_KEY" VARCHAR2(10 BYTE), constraint user_auth_pk Primary Key (USERNAME), constraint user_auth_fk Foreign Key (foreign_key) references user_auth_dim(primary_key)); This Table should be populated with your users, and their responsibilities. For example: insert into user_auth values ('MAKARBM', 'MAKARBM', 'GLUSER', 'X'); You will also need to add a null value record into the table. This is so entries can be added into to the write back report. insert into user_auth values ('USERNAME', NULL, NULL, 'X'); You ll see why the two username fields re necessary once we start to update this table through the application.
9 Step 2: Import Tables into BI Admin. Import the tables into the BI Admin tool. The primary key in the user_auth table is USERNAME, in the USER_AUTH_DIM table, it is PRIMARY_KEY. The FOREIGN_KEY in the user_auth table is a foreign Key. Then, create the physical joins in the BI Admin tool. The defaults for the connection pool should allow for write back as long as the username you are connecting with has write privileges to the tables you will be writing back to. Also, you should make all the tables that you are writing back to non-cacheable. Writing stale data back to a table is probably not the best idea.
10 Create a business model and the same joins. Finally, pull these objects into a presentation layer so they can be seen as a subject area.
11 Step 3: Creating the custom Message Create an XML file similar to the following: <?xml version="1.0" encoding="utf-8"?> <WebMessageTables xmlns:sawm="com.siebel.analytics.web/message/v1"> <WebMessageTable lang="en-us" system="writeback" table="messages"> <WebMessage name="userauth"> <XML> <writeback connectionpool="connection Pool Olap"> <insert>insert INTO USER_AUTH 'X')</insert> <update>update USER_AUTH SET WHERE <postupdate> commit </postupdate> </writeback> </XML> </WebMessage> </WebMessageTable> </WebMessageTables> Everything Highlighted above can be changed to match your individual report. Everything else should stay the same. <WebMessage name="userauth"> You can set UserAuth to anything. It does NOT need to match system name or the report name. You will use this later to let the report know how it should write back to the tables. <writeback connectionpool="connection Pool Olap"> Connection Pool OLAP is the name of my Connection Pool in the BI Admin tool. Make sure the name of your connection pool is unique within your Physical Layer. <insert>insert INTO USER_AUTH 'X')</insert> The insert attribute should hold the SQL for your insert statement. This will fire when the where clause of your update statement finds a null value (which is why we need 2 username fields in our auth table). The values it will insert refer to the values of the report. We will find these when we create the report, then come back to this file later. <update>update USER_AUTH SET WHERE This is how the report will update a specific field. **If either INSERT or UPDATE needs to be left blank, make sure to put a space between the tags, as in <update> </update>, NOT <update></update>
12 <postupdate> commit </postupdate> If your system down not auto commit after an update, this line will cause the system to perform an explicit commit. Save this file as anything.xml in the OracleBI\web\msgdb\customMessages directory
13 Step 4: Create the writeback report Log into OBIEE with a username that has access to the Subject Area created for user authentication. Click Answers, then select the Subject Area you just created Create a report using the USERNAME2 and RESPONSIBILITY fields
14 Go to the results page, and click on the write back button The write back box will open. Click the enable write back check box. Template Name will be the name you entered before in the custom message file. In our file above we used: <WebMessage name="userauth">, so in this case, UserAuth. Once write back is enabled on a report, the results view changes.
15 There is now a C0 and C1 in the upper left hand side of each column. Go back into your custom message file, and enter these in the update and insert commands. In the custom message file above, they are already correct. Make sure to enclose the variable in single tick marks if it is a string (ex: c0 ). For example, our update clause should be: UPDATE USER_AUTH SET WHERE
16 The last thing you need to do before saving your report is to enable both fields to be write back fields. Click on the edit column format for each field and change the Value Interaction to write back in the column format tab. Finally, the users that need write back capability should be granted the privilege. Go into settings Administration Manage Privileges At the very bottom of the page, grant the appropriate access, Write Back to Database, to anyone who needs it.
17 Step 5: Clean up table For clean up purposes, add this to the table CREATE OR REPLACE TRIGGER USER_AUTH_DELETE AFTER UPDATE ON USER_AUTH REFERENCING OLD AS old NEW AS new BEGIN DELETE from USER_AUTH where responsibility is null and username2 is not null; END; Now, when the Responsibility is deleted, the entire row will be deleted on update.
18 Using the Write Back Report To create a user, just enter the name in the null field along with the responsibility and hit update.
19 To modify a user, just change the responsibility field and hit the update button
20 To delete a user, we can make the responsibility field null. Because of the trigger we set on the user_auth table, this deletes the record. Once the field is deleted, hit the update button to see the results.
21 AUTHORIZATION: Setting the Group for each user So far, we have users being authenticated by LDAP, and we have a report that will let Administrators control what group users belong to. We need to make sure a few things are complete before that is possible 1) Usernames that will be controlled by LDAP need to be removed from the Admin security manager. 2) Roles need to be created in the Admin tool, and groups need to be created in the presentation layer. 3) The Responsibility and Usernames should be entered into the user_auth table. The responsibilities entered in the table need to match the Role created in the Admin tool AND the group created in the presentation layer. Step 1: Create the Session Variable In the Admin tool, go into Manage Variables. There should be an authorization block already available from the pre-built. If there is not, create a new init block, and call it Authorization.
23 Step 2: Create the Data Source Click on Edit Data Source. From the Data Source type dropdown, select Database, and enter the query seen below in the Default initialization string text box.
24 Next to Connection Pool, click Browse. From the pane on the left, select the correct connection pool to user for the query.
25 Once complete, the init block data source should look like this: You will not be able to test this query, since it relies on a run time variable. If there is a concern that this is not working correctly, hard code :USER to a specific value (in our case MAKARBM, and test. This will ensure that your connection information, table, and field names are all correct. If this is tested, the query should return two fields. The first is variable name. The second is the correct value. This query returns the value GROUP, and the value found in the responsibility field. Click OK.
26 Step 3: Edit the Target Data This brings us back to the Init Block Screen. We need to Edit the target data so that it is set to row_wise initialization. Row wise initialization takes the first field as a variable, and assigns the value found in the second field to that variable. Remember in the Authentication, we created a USER variable. Here, the GROUP variable is created on the fly. Another important point here is that the :USER and :PASSWORD variables are the only variables that can be reference this way. These refer to the USER and PASSWORD that the user entered upon login. Normally, variables are referred to as VALUEOF(NQ_SESSION.USER), where USER is the variable.
27 Step 4: Execution Preference Finally, we want to set the Execution Preference. Click the edit execution preference button, and add a new initialization block by clicking ADD. Then select an init block that should be executed before this one. In our case, we want the authentication block to be completed before the authorization block is complete..
28 USING AUTHENTICATION Now we can log into OBI. This is what the USER_AUTH table looks like. The GROUP Variable will take in all the groups listed, separated by a semicolon. Now when log in as MAKARBM, I see the the following listed in My Account
29 It picked up GLUSER, but not GLADMIN. That s because I never added GLADMIN as a group. If I update the User Auth Table: Then login again, I see both Groups are attributed to that username
CHAPTER 6 System Overview System Administration and Log Management Users must have sufficient access rights, or permission levels, to perform any operations on network elements (the devices, such as routers,
INTRODUCTION: You can extract data (i.e. the total cost report) directly from the Truck Tracker SQL Server database by using a 3 rd party data tools such as Excel or Crystal Reports. Basically any software
Gravity Forms: Creating a Form 1. To create a Gravity Form, you must be logged in as an Administrator. This is accomplished by going to http://your_url/wp- login.php. 2. On the login screen, enter your
User s Guide SoftwarePlanner Active Directory Authentication This document provides an explanation of using Active Directory with SoftwarePlanner. 1 Narrative In some situations, it may be preferable to
SETTING UP REMOTE ACCESS ON EYEMAX PC BASED DVR. 1. Setting up your network to allow incoming connections on ports used by Eyemax system. Default ports used by Eyemax system are: range of ports 9091~9115
How to Copy A SQL Database SQL Server Express (Making a History Company) These instructions are written for use with SQL Server Express. Check with your Network Administrator if you are not sure if you
SyAM Management Utilities and Non-Admin Domain Users Some features of SyAM Management Utilities, including Client Deployment and Third Party Software Deployment, require authentication credentials with
Application Version 3.7.5 Confidentiality This document contains confidential material that is proprietary WatchDox. The information and ideas herein may not be disclosed to any unauthorized individuals
Setting up a Scheduled task to upload pupil records to ParentPay To ensure that your setup goes ahead without any issues please first check that you are setting the scheduled task up on the SIMS server
How to Move an SAP BusinessObjects BI Platform System Database and Audit Database Technology Used SAP BI Platform 4.1 (this includes SAP BusinessObjects Enterprise 4.1, SAP BusinessObjects Edge 4.1 and
Introduction Microsoft SQL Server 2005 How to Create and Restore Database (GRANTH3) Manually To use the e-granthalaya Software for automation of your library, you need to install the database management
PRiSM Security Configuration and considerations Agenda Security overview Authentication Adding a User Security Groups Security Roles Asset Roles Security Overview Three Aspects of Security Authentication
Managing User Accounts This chapter includes the following sections: Active Directory, page 1 Configuring Local Users, page 3 Viewing User Sessions, page 5 Active Directory Active Directory is a technology
Page 1 Using the MLSClient Application April 20, 2008 Using the Medical Language Specialist Client Application April 20, 2008 Prepared by: WebChartMD P.O. Box 6154 Johnson City, TN 37602 877-302-9263 Page
w w w. e g n y t e. c o m Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS) To set up ADFS so that your employees can access Egnyte using their ADFS credentials,
Basic SQL Server operations KB number History 22/05/2008 V1.0 By Thomas De Smet CONTENTS CONTENTS... 1 DESCRIPTION... 1 SOLUTION... 1 REQUIREMENTS...13 REFERENCES...13 APPLIES TO...13 KEYWORDS...13 DESCRIPTION
SAP Business Objects Business Intelligence platform Document Version: 4.1 Support Package 7 2015-11-24 Data Federation Administration Tool Guide Content 1 What's new in the.... 5 2 Introduction to administration
C u s t o m e r S u p p o r t MSSQL quick start guide This guide will help you: Add a MS SQL database to your account. Find your database. Add additional users. Set your user permissions Upload your database
Specialized. Recognized. Preferred. The right partner makes all the difference. Oracle E-Business Suite - Oracle Business Intelligence Enterprise Edition 11g Integration By: Arun Chaturvedi, Business Intelligence
Chapter Thirteen (b): Using Active Directory Integration Summary of Chapter: How to add a User to your Net/Cache/SecurePilot that will match your Active Directory Security Group. How to set-up your Net/Cache/SecurePilot
Restoring Sage Data Sage 200 [SQL 2005] This document explains how to Restore backed up Sage data. Before you start Restoring data please make sure that everyone is out of Sage 200. To be able to restore
January 11, 2011 Author: Audience: SWAT Team Evaluator Product: Cymphonix Network Composer EX Series, XLi OS version 9 Active Directory Integration The following steps will guide you through the process
ECAT SWE Exchange Customer Administration Tool SWE - Exchange Customer Administration Tool (ECAT) Table of Contents About this Guide... 3 Audience and Purpose... 3 What is in this Guide?... 3 CA.mail Website...
Add in Guide for Microsoft Dynamics NAV May 2012 Microsoft Dynamics NAV 4 5 Addin Guide This document will guide you through configuration and basic use of Hipin s Microsoft Dynamics NAV addin. Microsoft
Information Guide 1 DocuSign Connect for Salesforce Guide 1 Copyright 2003-2013 DocuSign, Inc. All rights reserved. For information about DocuSign trademarks, copyrights and patents refer to the DocuSign
Gathering Software Installing Client Profiles 6.0 You will need to have the following software to perform the install (I will provide the URL s for you to download these if you need to). SQL 2000 Server
Introduction Microsoft SQL Server 2005 How to Create and Restore Database (GRANTH3) Manually To use the e-granthalaya Software for automation of your library, you need to install the database management
Managing Online and Offline Archives in Outlook Contents How to Enable the Online Archive Feature in Outlook... 1 For Outlook 2007:... 2 How to Set the AutoArchive Properties for a Folder in Outlook 2007:...
Tutorial: How to Use SQL Server Management Studio from Home Steps: 1. Assess the Environment 2. Set up the Environment 3. Download Microsoft SQL Server Express Edition 4. Install Microsoft SQL Server Express
ACR Triad Web Client Version 2.5 20 October 2008 User s Guide American College of Radiology 2007 All rights reserved. CONTENTS ABOUT TRIAD...3 USER INTERFACE...4 LOGIN...4 REGISTER REQUEST...5 PASSWORD
Managing User Accounts and User Groups Contents Managing User Accounts and User Groups...2 About User Accounts and User Groups... 2 Managing User Groups...3 Adding User Groups... 3 Managing Group Membership...
BEST PRACTICES EMAIL ARCHIVE in contentaccess version 2.5 Use case: Email Archive configuration for companies with up to 2,000 mailboxes This document gives you an overview how to configure email archive
Using LDAP Authentication in a PowerCenter Domain 2008 Informatica Corporation Overview LDAP user accounts can access PowerCenter applications. To provide LDAP user accounts access to the PowerCenter applications,
Bullet Proof: A Guide to Tableau Server Security PDF Guide Tableau Conference 2014 Bryan Naden & Ray Randall Tableau Server Security Hands On To begin the exercise we are going to start off fresh by restoring
Guidelines for Installing SQL Server and Client (SQL Server Management Studio) Installing process is pretty straightforward. Any Express version would be ok with writing SQL part of the course, but Stored
GoDaddy (CentriqHosting): Data driven Web Application Deployment Process Summary There a several steps to deploying an ASP.NET website that includes databases (for membership and/or for site content and
Security Development Tool for Microsoft Dynamics AX 2012 WHITEPAPER Junction Solutions documentation 2012 All material contained in this documentation is proprietary and confidential to Junction Solutions,
IIS, FTP Server and Windows The Objective: To setup, configure and test FTP server. Requirement: Any version of the Windows 2000 Server. FTP Windows s component. Internet Information Services, IIS. Steps:
econtrol 3.5 for Active Directory & Exchange Administrator Guide This Guide Welcome to the econtrol 3.5 for Active Directory and Exchange Administrator Guide. This guide is for system administrators and
Microsoft Word 2007 - Mail Merge Mail merge is a tool which allows you to create form letters, mailing labels and envelopes by linking a main document to a set of data or data source. It is the process
LDAP Authenticated Web Administration : MailScan 5.x is powered with LDAP Authenticated Web Administration. This gives security enhancement to authenticate users, to check their quarantined and ham emails.
1 JiJi AD Bulk Manager User Manual JiJi AD Bulk Manager - User Manual 2 JiJi AD Bulk Manager User Manual Table of Contents 1. Introduction...4 2. Benefits...4 2.1 Export Import Data...4 2.2 Random Generator
PRODUCT WHITE PAPER LABEL ARCHIVE Adding and Configuring Active Directory Users in LABEL ARCHIVE TEKLYNX International March 19, 2010 Introduction Now more than ever, businesses large and small alike are
Managing User Accounts This chapter includes the following sections: Configuring Local Users, page 1 Configuring Active Directory, page 2 Viewing User Sessions, page 4 Configuring Local Users Before You
HowTo Project: Description: Planning table online Installation Version: 1.0 Date: 04.09.2008 Short description: With this document you will get information how to install the online planning table on your
Content Filtering Client Policy & Reporting Administrator s Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION
Quick Start Guide DocuSign Retrieve 3.2.2 Published April 2015 Overview DocuSign Retrieve is a windows-based tool that "retrieves" envelopes, documents, and data from DocuSign for use in external systems.
Installing the ASP.NET VETtrak APIs onto IIS 5 or 6 2 Installing the ASP.NET VETtrak APIs onto IIS 5 or 6 3... 3 IIS 5 or 6 1 Step 1- Install/Check 6 Set Up and Configure VETtrak ASP.NET API 2 Step 2 -...
Case Study - Configuration between NXC2500 and LDAP Server 1 1. Scenario:... 3 2. Topology:... 4 3. Step-by-step Configurations:...4 a. Configure NXC2500:...4 b. Configure LDAP setting on NXC2500:...10
SchoolBooking SSO Integration Guide Before you start This guide has been written to help you configure SchoolBooking to operate with SSO (Single Sign on) Please treat this document as a reference guide,
SQL Server Setup for Assistant/Pro applications Compliance Information Systems The following document covers the process of setting up the SQL Server databases for the Assistant/PRO software products form
USING MYWEBSQL MyWebSQL is a database web administration tool that will be used during LIS 458 & CS 333. This document will provide the basic steps for you to become familiar with the application. 1. To
Online shopping store 1. Research projects: A physical shop can only serves the people locally. An online shopping store can resolve the geometrical boundary faced by the physical shop. It has other advantages,
Creating a new Birthday email in TribalDirect 2.0 1. Log into the StickyFish Admin at https://admin.tritondigital.com 2. Using the Administering dropdown, select the StickyFish site you ll be working with
Setting Up ALERE with Client/Server Data TIW Technology, Inc. November 2014 ALERE is a registered trademark of TIW Technology, Inc. The following are registered trademarks or trademarks: FoxPro, SQL Server,
Table of Contents SQL Server Option STEP 1 Install BPMS 1 STEP 2a New Customers with SQL Server Database 2 STEP 2b Restore SQL DB Upsized by BPMS Support 6 STEP 2c - Run the "Check Dates" Utility 7 STEP
Integrating LANGuardian with Active Directory 01 February 2012 This document describes how to integrate LANGuardian with Microsoft Windows Server and Active Directory. Overview With the optional Identity
SonicWALL CDP 5.0 Microsoft Exchange User Mailbox Backup and Restore Document Scope This solutions document describes how to configure and use the Microsoft Exchange User Mailbox Backup and Restore feature
Welcome to Collage (Draft v0.1) Table of Contents Welcome to Collage (Draft v0.1)... 1 Table of Contents... 1 Overview... 2 What is Collage?... 3 Getting started... 4 Searching for Images in Collage...
Council of Ontario Universities COFO Online Reporting System User Manual Updated September 2014 Page 1 Updated September 2014 Page 2 Table of Contents 1. Security... 5 Security Roles Defined in the Application...
This is a training module for Maximo Asset Management V7.1. It demonstrates how to use the E-Audit function. Page 1 of 14 This module covers these topics: - Enabling audit for a Maximo database table -
WINDOWS XP with Outlook 2003 or Outlook 2007 1. Click the Start button and select Control Panel: 2. If your control panel looks like this: Click Switch to Classic View. 3. Double click Mail. 4. Click show
Quick Start Guide for Installing OLicense-Server for use with SimDiff/SimMerge Contents Installing OLicense-Server... 1 Configuring OLicense-Server... 2 Setting the Port Number... 2 Running OLicense-Server
Basics Series-4006 Email Basics Version 9.0 Information in this document is subject to change without notice and does not represent a commitment on the part of Technical Difference, Inc. The software product
Matisse Installation Guide for MS Windows 10th Edition April 2004 Matisse Installation Guide for MS Windows Copyright 1992 2004 Matisse Software Inc. All Rights Reserved. Matisse Software Inc. 433 Airport
HDAccess Administrators User Manual Help Desk Authority 9.0 2011ScriptLogic Corporation ALL RIGHTS RESERVED. ScriptLogic, the ScriptLogic logo and Point,Click,Done! are trademarks and registered trademarks
An Email Newsletter Using ASP Smart Mailer and Advanced HTML Editor This tutorial is going to take you through creating a mailing list application to send out a newsletter for your site. We'll be using
Access(ing) A Database Project PRESENTED BY THE TECHNOLOGY TRAINERS OF THE MONROE COUNTY LIBRARY SYSTEM EMAIL: TRAININGLAB@MONROE.LIB.MI.US MONROE COUNTY LIBRARY SYSTEM 734-241-5770 1 840 SOUTH ROESSLER
Microsoft Dynamics CRM Clients A user can work with Microsoft Dynamics CRM in two ways: By accessing the Microsoft Dynamics CRM application using Microsoft Internet Explorer, Google Chrome, FireFox, and
Configuring Steel-Belted RADIUS Proxy to Send Group Attributes Copyright 2007 Sophos Group. All rights reserved. No part of this publication may be reproduced, stored in retrieval system, or transmitted,
Using MailStore to Archive MDaemon Email This guide details how to archive all inbound and outbound email using MailStore, as well as archiving any emails currently found in the users accounts in MDaemon.
SchoolBooking LDAP Integration Guide Before you start This guide has been written to help you configure SchoolBooking to connect to your LDAP server. Please treat this document as a reference guide, your
JOOMLA 2.5 MANUAL WEBSITEDESIGN.CO.ZA All information presented in the document has been acquired from http://docs.joomla.org to assist you with your website 1 JOOMLA 2.5 MANUAL WEBSITEDESIGN.CO.ZA BACK
How To Use Webmail Guiding you through the Universities online email Table of Contents LOGGING ON...2 VIEWING MESSAGES...2 SENDING A MESSAGE...3 Using the University s Address Book...3 To send a message
Active Directory Authentication Integration This document provides a detailed explanation of how to integrate Active Directory into the ipconfigure Installation of a Windows 2003 Server for network security.