1 Integrate 'Oracle Forms', 'Oracle Reports', 'Oracle Discoverer' with Oracle Single Sign On', 'Oracle Internet Directory' and 'Virtual Private Database' for the Luxembourg communities. How to make sure that a user can only use the products he is allowed to use and see only the data he is allowed to see using 1 username/password login.
2 Integrating it all at sigi Agenda Introduction VDS Computing Sigi Project Constraints Solution ORACLE-VDS Application structure overview Issues not covered with standard Oracle Example of a logon procedure Advantages of this solution
3 VDS Computing: History Since employees Turnover from million Euro International Focus VDS- Computing Luxembourg sàrl VDS- Computing UK Ltd. ISO 9001 certified
4 VDS Computing: Services Consulting Analysis Development Project Management Installation Training Support Outsourcing
5 VDS Computing: Products Software Financial and logistics Software on Oracle : Piton Business Intelligence Turn-key Development on Oracle Hardware Design Implementation Management
6 Presentation of SIGI
7 Project Constraints Centralised IT Infrastructure Secure network between Cities and the Datacenter Secure Data(Base) (account- and budget info) Intuitive and Open Applications Rich User Interface Cutting Edge Technology
8 Solution ORACLE-VDS Database ORACLE 9i Enterprise Edition (EE) Virtual Private Database Advanced Security Option (Enterprise Users) Application Server ORACLE 10g EE Single Sign On Oracle Internet Directory (LDAP) Thin Client: MS Internet Explorer Forms, Reports and Discoverer Services Oracle Portal XML-Interface RAD Development Tools Designer, Forms et Reports
9 Application Architecture Application Server IAS Database Data Filters by VPD Scheme: Read Scheme Upd. LDAP Directory Forms Reports Data PORTAL GESCOM Other Applications Discoverer Business Logic Authentification Read Access ASO
10 Application Architecture Oracle Portal Intra- or Internet website builder/publisher. No programming skills needed. Oracle Forms Build and run OLAP-applications Moved from character based via client/server Now 3-tier architecture
11 Application Architecture Oracle Reports Reporting tool. Run using a report server (with possibility to run in batch) Possibility to the result or retrieve it from a repository via the web. Oracle Discoverer Business Intelligence tool Design without DB-knowledge Design without extra programs using a java applet.
12 Application Architecture SSO : Single Sign On Authenticate once, then authenticate automatically for different products. OID : Oracle Internet Directory A standard (LDAP) way to hold security data. Virtual Private Database Limit user acces on record level. Allow a user only to see what he is allowed to see without extra programming.
13 Security issues NOT solved with standard Oracle Forms / reports menu Definition who can use which forms is maintained inside the application Definition who can run which report is maintained inside the application
14 Example of a Logon Procedure User : Marcel DUPONT of the city SEPTFONTAINES Log into portal Login : mdupont.septfontaines Password SSO : abcdefgh1 Result: User gets the portal pages he is allowed to see
23 Example of a Logon Procedure User clicks on the URL to start the forms application. Based on the SSO info, forms checks if the user is allowed to start the application The resource information is retrieved from the OID Resource information : Database logon information for forms.
24 Example of a Logon Procedure Resource: Login : mdupont.septfontaines Password : ##### (secret) Database : REC1 Forms application starts and logs onto the DB In the database mdupont.septfontaines is unkown as a schema user : ASO is activated.
25 Example of a Logon Procedure Advanced Security Option : The database asks the OID if the user mdupont.septfontaines is allowed to log into the DB with the password ##### The OID replies ok and map this user to the schema recdev The user is connected to the DB.
26 Example of a Logon Procedure The logon in the DB fires a logon trigger Using the ASO info (mdupont) the OID is interrogated to find his community (septfontaines). The context is set to activate the VPD. Virtual Private Database For Each select/insert/update/delete statement an additional where community= septfontaines is added
27 Example of a Logon Procedure The forms application is started User sees only info he is allowed to see User can start reports (also using ASO and VPD because the same logon-info is used) User can see the reports he has run with the results The user can only see his reports (Reports server is also SSO enabled.) The user can start a discoverer report
28 Example of a Logon Procedure Discoverer AS10G Rel2. Is started User logs into the database as the discoverer user SSO information is available during the DB logon Using the SSO info (mdupont) the OID is interrogated to find his community (septfontaines). The context is set to activate the VPD. The user can only interrogate info from his community.
29 Advantages of this solution Central standard security maintenance. Security is independent from development (developer doesn t have to think about security) Application security is maintained in the OID, not in Forms/reports. Data security is maintained in the DB using VPD Data security setup is done automatically
30 Advantages of this solution Integration with other front-ends with guaranteed security. MS office integration possible : ODBC connection to get info from the DB (with VPD active).net integration possible MS Active Directory integration possible
31 Le progiciel de GEStion COMmunale du Luxembourg
32 Historique du projet Situation de départ : 100 sites délocalisés Développement de GESCOM autour de la plate-forme propriétaire HP3000 Novembre 2001 : annonce par HP de l arrêt du HP3000 programmé au 31 décembre 2006 Nouveau projet GESCOM : 2002 : pilotes architecture et développement 2003 et 2004 : réécriture 2005 : finalisation et début de la migration
33 Organisation de GESCOM Une architecture applicative sécurisée Gestion des utilisateurs au travers un LDAP Sécurité d accès aux données confiée à la DB Applications avec un point d entrée unique Portail applicatif avec SSO Des solutions de Reporting performantes Déploiement facilité (Browser, Acrobat Reader)
34 Bilans Bilan technique Démarches imposées par les SSO et VPD Bénéfices immédiats grâce aux SSO et VPD Bilan utilisateurs SSO avec Modules intégrés Sécurité rassurante et transparente Bilan financier Charge importante pour la mise au point de l architecture Largement récupéré lors du développement et de la maintenance
WHITE PAPER CRYSTAL REPORTS SERVER XI Functional Overview CONTENTS 1 Executive Summary 2 Functional Overview 13 Functional Architecture 14 User Interaction Tier 17 Web and Application Services 19 Management
Cumulus 8.1 Administrator Guide Copyright 2010, Canto GmbH. All rights reserved. Canto, the Canto logo, the Cumulus logo, and Cumulus are registered trademarks of Canto, registered in the U.S. and other
User manual for Knowledge Center (Portal for Distributors) Page 1 USER MANUAL FOR KNOWLEDGE CENTER - PORTAL FOR DISTRIBUTORS VERSION 3.1 PREPARED BY IVAN TAGILTSEV (IT CONSULTANT) GIVEN IMAGING LTD 02-02-12
Oracle Data Integrator Best Practices for a Data Warehouse Oracle Best Practices March 2008 Oracle Data Integrator Best Practices for a Data Warehouse PREFACE... 7 PURPOSE... 7 AUDIENCE... 7 ADDITIONAL
Microsoft IT Academy E-Learning Central Getting Started Guide This guide provides an overview of the Microsoft IT Academy E-Learning Central site for Administrators, Instructors and Students 1 Table of
Getting Started Guide StarTeam Borland Software Corporation 100 Enterprise Way Scotts Valley, California 95066-3249 www.borland.com Borland Software Corporation may have patents and/or pending patent applications
MULTI LICENSES The information in this document is subject to change without notice and does not represent a commitment on the part of Propellerhead Software AB. The software described herein is subject
ImageNow Administrator Getting Started Guide Version: 6.6.x Written by: Product Documentation, R&D Date: June 2011 ImageNow and CaptureNow are registered trademarks of Perceptive Software, Inc. All other
Siebel Email Administration Guide Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013 Copyright 2005, 2013 Oracle and/or its affiliates. All rights reserved. This software and related documentation
GE Measurement & Control Remote Comms System Installation and User Reference Guide Contents BENEFITS OF REMOTE COMMS SYSTEM... 1 HOW THE REMOTE COMMS SYSTEM WORKS... 3 COMPONENTS OF REMOTE COMMS SYSTEM...
TeamViewer 7 Manual Remote Control TeamViewer GmbH Kuhnbergstraße 16 D-73037 Göppingen www.teamviewer.com Table of Contents 1 About TeamViewer... 5 1.1 About the software... 5 1.2 About the manual... 5
BMC Remedy Action Request System 7.0 Administering BMC Remedy Email Engine May 2006 Part No: 58475 Copyright 2006 BMC Software, Inc. All rights reserved. BMC, the BMC logo, all other BMC product or service
Siebel Security Guide Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013 Copyright 2005, 2013 Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided
SAP BusinessObjects Business Intelligence Suite Document Version: 4.0 Support Package 11 2015-02-19 Content 1 About this document....4 2 SAP BusinessObjects Business Intelligence Suite 4.0....5 2.1 Welcome
Must License Installation Guide HOPEX V1R2 EN Last updated: February 19, 2015 Created: January 20, 2005 Author: Jérôme HORBER CONTENTS Summary This article describes the technical configurations necessary
Copyright 2006-2013, 3CX Ltd. http://www.3cx.com E-mail: firstname.lastname@example.org Information in this document is subject to change without notice. Companies names and data used in examples herein are fictitious unless
IBM SPSS Modeler 15 User s Guide Note: Before using this information and the product it supports, read the general information under Notices on p. 249. This edition applies to IBM SPSS Modeler 15 and to
VoIP Solutions Guide Everything You Need to Know Simplify, Save, Scale VoIP: The Next Generation Phone Service Ready to Adopt VoIP? 10 Things You Need to Know 1. What are my phone system options? Simplify,
Symantec Encryption Management Server Administrator's Guide 3.3 The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.
Use QNAP NAS for Backup BACKUP EXEC 12.5 WITH QNAP NAS Copyright 2010. QNAP Systems, Inc. All Rights Reserved. V1.0 Document revision history: Date Version Changes Apr 2010 1.0 Initial release Note: Information
An Oracle White Paper June 2009 New Features in Oracle Forms Server 11g Oracle White Paper Title of White Paper Here Disclaimer The following is intended to outline our general product direction. It is
ProfileUnity with FlexApp Technology Help Manual Introduction This guide has been authored by experts at Liquidware Labs in order to provide information and guidance concerning ProfileUnity with FlexApp.