OWB Security Non-OWB, schema-schema, design, runtime, external
Need for Security <ul><li>Some  OWB accounts can gain access as “oracle” to OS </li></ul><ul><li>Auditing </li></ul><ul><u...
Non-OWB specific <ul><li>Good Passwords </li></ul><ul><li>Network Restrictions </li></ul><ul><ul><li>Listener Restrictions...
Straight Forward OWB-specific <ul><li>RECOMMENDATIONS </li></ul><ul><li>Administrator should register locations </li></ul>...
Design Repository <ul><li>Use users instead of repository account </li></ul><ul><li>WBSecurityHelper.registerOWBUser (’use...
Runtime Security <ul><li>The following accounts are granted “EXECUTE ANY PROCEDURE” </li></ul><ul><ul><li>OWB Runtime Repo...
Provided Security Frameworks <ul><li>Frozen Project Framework </li></ul><ul><ul><li>Implements a framework for freezing pr...
OWB PL/SQL Security Framework <ul><li>Replace “DUMMY” PL/SQL package </li></ul><ul><li>Implement PL/SQL procedures defined...
Runtime Security (External) <ul><li>run_my_owb_stuff </li></ul><ul><ul><li>Grant execute on … </li></ul></ul><ul><ul><li>W...
Questions for Discussion <ul><li>You need to run mappings from Tivoli across a network that is untrusted.  How would you a...
Upcoming SlideShare
Loading in …5
×

Module Owb Security

1,584 views

Published on

Published in: Economy & Finance, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,584
On SlideShare
0
From Embeds
0
Number of Embeds
18
Actions
Shares
0
Downloads
49
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Module Owb Security

    1. 1. OWB Security Non-OWB, schema-schema, design, runtime, external
    2. 2. Need for Security <ul><li>Some OWB accounts can gain access as “oracle” to OS </li></ul><ul><li>Auditing </li></ul><ul><ul><li>Think Sarbanes-Oxley </li></ul></ul><ul><ul><li>Who changed the ETL that defines “profit”? </li></ul></ul><ul><li>Data Warehouse is the complete, distilled enterprise </li></ul>
    3. 3. Non-OWB specific <ul><li>Good Passwords </li></ul><ul><li>Network Restrictions </li></ul><ul><ul><li>Listener Restrictions </li></ul></ul><ul><ul><li>Firewall </li></ul></ul><ul><li>Oracle Security Features </li></ul><ul><ul><li>Fine Grained Auditing </li></ul></ul><ul><ul><li>Virtual Private Database (marts) </li></ul></ul>
    4. 4. Straight Forward OWB-specific <ul><li>RECOMMENDATIONS </li></ul><ul><li>Administrator should register locations </li></ul><ul><li>Registered source systems should get “limited” access to source systems </li></ul>
    5. 5. Design Repository <ul><li>Use users instead of repository account </li></ul><ul><li>WBSecurityHelper.registerOWBUser (’username’) </li></ul>
    6. 6. Runtime Security <ul><li>The following accounts are granted “EXECUTE ANY PROCEDURE” </li></ul><ul><ul><li>OWB Runtime Repository Owner </li></ul></ul><ul><ul><li>OWF Target </li></ul></ul><ul><li>Target to Target permissions should be defined at the object level </li></ul><ul><ul><li>Exercise on this </li></ul></ul>
    7. 7. Provided Security Frameworks <ul><li>Frozen Project Framework </li></ul><ul><ul><li>Implements a framework for freezing projects by a lookup table </li></ul></ul><ul><li>Development Cycle </li></ul><ul><ul><li>Administrators  All Permissions </li></ul></ul><ul><ul><li>Developers, QA, Sustaining Administrators </li></ul></ul><ul><ul><li>Uses the “unused” Development Status </li></ul></ul>
    8. 8. OWB PL/SQL Security Framework <ul><li>Replace “DUMMY” PL/SQL package </li></ul><ul><li>Implement PL/SQL procedures defined </li></ul><ul><ul><li>isSecurityServiceCustomized, securityCheckForCreation, securityCheck, securityCheckForService </li></ul></ul><ul><li>Blank Check </li></ul>
    9. 9. Runtime Security (External) <ul><li>run_my_owb_stuff </li></ul><ul><ul><li>Grant execute on … </li></ul></ul><ul><ul><li>WB_R_ and WB_U_ roles granted </li></ul></ul><ul><li>wrap run_my_owb_stuff </li></ul><ul><ul><li>Only users X,Y,Z can execute run_my_owb_stuff(‘MAPPING1’) </li></ul></ul><ul><ul><li>-OR- </li></ul></ul><ul><ul><li>function run_owb_mapping1 </li></ul></ul>
    10. 10. Questions for Discussion <ul><li>You need to run mappings from Tivoli across a network that is untrusted. How would you accomplish this? </li></ul><ul><li>T/F: You can implement whatever security you desire. </li></ul>

    ×