Oracle BI Publisher 11.1.1.3 is used to build the reports for ’s OIM environment. Primary schemas that are used for gathering data are Dev_IAU (audit DB) and Dev_OIM. Audit DB data collection steps will be captured in a separate post. Reports are developed using Oracle BI Publisher plugin for MS Word. Oracle OIM 11.1.1.3 software provides several out-of-the-box reports, these reports are built for Oracle BI Publisher 10.1.3 environment. After running an upgrade utility some reports appear to work, but overall the upgraded reports and the underlying XML documents (xdms, xdos) are corrupt. Reports that are mentioned in this post have been re-created using the same underlying data model and associated queries.
| Reports Name | Description |
User Reports | |
User Authentication Summary | User Login, Logout Information |
User Summary | Key elements of a user account profile (first name, last name etc) |
Users Deleted | User detail that is deleted by date |
Users Disabled | User detail that is disabled by date |
Users Unlocked | User detail that is unlocked by date |
Password Reports | |
Password Expiration Summary | User account password expiration summary |
Password Reset Summary | User account password resets summary |
Role and Organization Reports | |
Organization Details | Organization name, creation date |
Role Membership History | Role membership information |
Role Membership Profile | Role membership information |
Role Membership | Role membership information |
User Membership History | Users grouped by role information |
BI Weblogic Admin Server’s Security Realm Configuration
1. Take a copy of config.xml in /share/orabi/admin/BIDomain/aserver/bifoundation_domain/config folder
2. Login using BI weblogic console as weblogic user (or with similar privileges).
3. Navigate to security realms -> my realm -> Providers tab
4. Create and order the providers (OAMIdentityAsserter, OVDAuthenticator, DefaultAuthenticator, DefaultIdentityAsserter) as shown in the graphic above. (note: creation of the security providers is out-of-scope for this document).
1. Login to OIM as xelsysadm user. -> click Administration -> click Create User Icon and create a BISystemUser as shown in the graphic below:
2. Logout as xelsysadm and login as the user that was just created to reset the first password and answer security challenge questions.
2. Login to qa-oim1 linux box as orabi, cd to /home/orabi/oracle/middleware/wlserver_10.3/common/bin
3. Run ‘wlst.sh’ program
4. Enter the following at the shell prompt - connect ('weblogic', 'iamq$1', 't3://<hostname.domain>:7031')
5. Run the following commands (replace password below with the most recent password set above):
a. listCred(map="oracle.bi.system",key="system.user")
b. deleteCred(map="oracle.bi.system",key="system.user")
c. createCred(map="oracle.bi.system",key="system.user", user="BISystemUser", password="Welcome_2")
Adding users to BI Consumer Role in Weblogic EM
2. Navigate to ‘Weblogic Domain’ -> bifoundation_domain
3. Right mouse click on bifoundation_domain and select security -> Application Roles
4. Under Search subsection -> Select application Stripe to Search radio buttong and select obi from the drop-down selection list as shown in the graphic below:
1. Click Search beside the Role Name and select BIConsumer
1. Click Add User and search for users for whom you would like give report read access to. For example in the screen above, RT2@abc.com (another OIM user in the MPR repository) is added to the BIConsumer role.
Creation of Data Sources in BI Weblogic Servers
1. Login to http://<hostname.domain>:9714/xmlpserver/ as weblogic -> click administration as shown below:
1. Click jdbc -> data sources -> Add Data source and create a data source call oimReportsDS as shown below
1. Repeat the same and create OIM JDBC data source
Adding Data Sources to BI Consumer Role
1. Navigate to Administration -> Security Center -> Roles and Permissions
1. Click BIConsumer -> Add OIM JDBC and oimReportsDS role from available data sources to Allowed data sources and click Apply.
Uploading of Reports
1. Login to qa-oim1 and FTP all the reports (xdo and xdm folders) to the following directory (/home/orabi/admin/BIDomain/aserver/bifoundation_domain/config/bipublisher/repository/Reports)
2. The folder location can be found using steps below:
Click Administration -> Server configuration -> check the ‘Path’ value under Catalog
Adding Permissions for Reports and Relevant Data Models
2. Click Catalog and select report folders in the left menu
3. Select each folder and do the following for each:
a. Select more under each report and click permissions
b. Click + sign to add BIConsumer roleand select read, wirte, Run Report Online, View report online checkboxes and click ok
c. Perform the same for relevant data model element and select the options as above.
d. Login as user with BIConsumer roles and you should be able to access reports.
