In previous versions of Oracle BI, migrating all components of security and other Oracle BI artifacts took place simply by moving the RPD and/or Web Catalog from the source to target server until Fusion Middleware was introduced. Oracle BI is much broader in scope and does not come with such a luxury. This section takes a glance at the files that comprise FMW Security within the System Management tools, leveraging the WebLogic security import/export utility to aid in simplifying security migration.
Please note that this section mainly discussed the users and groups in the WLS Embedded LDAP security provider. Application Roles are migrated mainly by the BAR file concept you learned earlier.
In order for Oracle BI 12c to store system-specific metadata and security information that requires some level of encryption to communicate between the many interoperable areas of Fusion Middleware, it uses (OPSSOracle Platform Security Services (OPSS). Security policy information and audit information are stored so that they can be easily retrieved by the Oracle BI system and its components.
Basically, all of the Application Roles, Application Policies, and assignments of users and groups you conducted in Enterprise Manager are stored in the OPSS.
In Oracle BI 11g, the OPSS file was primarily file-system based. And, if you needed to migrate the security from one environment to another, you could use the process of copying files and executing some logic on the target environment that incorporated the source security.
In Oracle BI 12c, Oracle recommends using the BAR file process to handle any migration of Application Role or Application Policy migrations from a development/source to the target system. It is good to know where and why these files exist, purely from a technical administration perspective.
To view where the OPSS is configured or to view the database schema and the security stores associated with the OPSS for your installation, follow these steps:
- Log in to EM.
- Click the menu for WebLogic Domain and expand Security > Security Provider Configuration.
- Expand Security Stores.
Note how the Store Type value states a database, that the Location is based on a jdbc/OpssDataSource connection, and there is a Database URL configured, which is the same database connection information you provided during the configuration of Oracle BI 12c. Also note that the jdbc/OpssDataSource is a reference to the WLS Data Sources configuration you can view by opening WebLogic Server Admin Console:
To see for certain that the OPSS schema is storing the application roles information:
- Log into your favorite SQL IDE, such as SQL Server Management Studio (or SQL Developer if using an Oracle DBMS).
- Submit the following query to the OPSS schema on your database as indicated by the Database URL from the previous steps:
SELECT * FROM JPS_DN WHERE RDN LIKE '%ADVWORKS%' - View the record for the application role you created previously:
