11g, 12c, 19c, admin, obiee, security, standard configuration

Many times I come across posts and emails asking for help on specific configuration changes or questions asking for help achieving certain things.

Long story short – you can over-complicate everything if you don’t look at what the standard gives you efore going off and hacking / scripting things in an uncontrolled fashion that will come back to haunt you when you patch or upgrade.

Case in point: Implementing new, custom links which should react to standard security privileges.

As in: Adding a link is documented by Oracle, but how can you make this link react to standard privileges which are tied to your Application Roles?

Oracle provides the out-of-the-box functionality of custom links since several years with all the usual bells and whistles. Problem is, that by far not all options are documented in detail with examples. Top tip here: guess what you will never have everything in the documentation, so the important thing is where to look for more information.

Enter the XSD! Every configuration XML comes with an accompagning XSD style sheet which maps all elements and attributes that the XML supports. Find that XSD and you have all the documentation you could ever want. Following the example of making links dependent on OOTB security privileges:


Here we see one of our administrators (prodney) logged in and seeing two custom links rendered. The “SampleApp V607 Index” and the “Custom Link” which is a link to the documentation. Now we don’t want non-admin users to be able to access the documentation link. So how do we go about this?

The customlinks.xml controls the rendering of custom links as described in the official documentation: https://docs.oracle.com/middleware/bi12214/biee/BIESG/GUID-FF6954BA-2DE0-4422-BA58-05F32936F4FF.htm#BIESG3738

That XML file itself is goverened by the customlinks.xsd file. In there we find the following information on the privilege usage:

<xs:attribute name="id" type="xs:string" use="required" />
<xs:attribute name="iconSmall" type="xs:string" use="optional" />
<xs:attribute name="privilege" type="xs:string" use="optional" />
<xs:attribute name="src" type="xs:string" use="optional" />

Now let’s look back at the documentation and an 

<link id="l1" name="OTN" description="OTN open in new window" src="http://www.oracle.com" target="blank" >
   <locations>
      <location name="header" />
   </locations>
</link>

My customlinks.xml says the following for the “Custom Link” one:

<link id="l2" name="Custom Link" description="Instructions on how to insert a custom URL on OBI EE headers" src="http://docs.oracle.com/cd/E23943_01/bi.1111/e10541/answersconfigset.htm#BIESG3738" target="blank" iconSmall="common/info_ena.png">
    <locations>
        <location name="header" insertBefore="home"/>
    </locations>
</link>

Nice. Now let’s add 1 and 1.

“id” and “source” are both attributed of “link” just like privileges which gives us the necessary indication of how to use it.

<link id="l1" name="SampleApp OTN Page"  [skipped...] privilege=" hmm what goes here=?! ">

For the content of the “privilege” attribute we simply refer back to the documentation again:

<link id="l1" name="SampleApp OTN Page"  [skipped...] privilege="privileges.Access['Global Admin']">

Which puts the whole entry in the customlinks.xml to this:

<link id="l2" name="Custom Link" description="Instructions on how to insert a custom URL on OBI EE headers" src="http://docs.oracle.com/cd/E23943_01/bi.1111/e10541/answersconfigset.htm#BIESG3738" target="blank" iconSmall="common/info_ena.png" privilege="privileges.Access['Global Admin']>
    <locations>
        <location name="header" insertBefore="home"/>
    </locations>
</link>

Restarting things will now give me the same resutl for my administrative user “prodney”:

And the correctly secured result for my non-admin user “testuser01”:

Piece of cake.

Uncategorized

If you’re into cloud, analytics, data and everything around then join us for the second Oracle Analytics meetup which we’ll be hosting on the 20th of September 2018 in Geneva, Switzerland.

Click here to register!

1) Graph Databases and Graph Analytics: the new weapon of Business Analytics

Graphs are around for ages, for many it’s a bunch of mathematical theories, for others some kind of highly specialized engines. In reality almost any kind of information can easily be represented as a graph, and a graph can have various advantages over a relational approach to data and analysis.

2) Oracle Analytics Cloud New Features

What has changed, what is new in Oracle Analytics Cloud? We will look at the major changes in the 5th big release of OAC – 18.3.3. Main areas cover data flows, data preparation, visualization, sources, BI Publisher and Essbase.

3) Machine Learning Alleviates ‘Blank Canvas’ Syndrome

For an artist or a writer, a completely blank canvas might inspire the next Rembrandt masterpiece or Pulitzer Prize winner. For a business manager performing data analytics, a blank canvas might cause extreme terror. Discover how to use Oracle Analytics Cloud to avoid ‘Blank Canvas’ Syndrome with Machine Learning and find trends that will help you improve your decision-making.

installation, OBI, obiee, OTN, sampleapp

Every week between OTN, stackoverflow, and direct questions sent to my email accounts there are 2-4 occurrences of “How do I install OBI on Windows 7/8/10” or “I am having issues with installing OBI on Windows”.

In order to clear up this topic once and for all – here is the ultimate guide to running Oracle BI on your Windows desktop OS:

  1. Download VirtualBox

  2. Install VirtualBox on your machine

  3. Download all image files for the Oracle BI Sample Application
  4. Deploy the VM in your local VirtualBox installation according to the Deployment Guide
  5. Start your deplyoed SampleAppVM via your VirtualBox Manager

  6. Use the “Start” icon to start both the database and the full Oracle BI stack inside the VM

  7. Let the script run its course until all services are up and the leave that terminal window open

  8. Open Firefox inside the VM and click the “OBIEE Login” bookmark

  9. Log on using “weblogic” / “Admin123” (without the quotes)
  10. You’re in. You’re done. That’s it. You have a fully functioning OBI environment with about 5 gazillion more things compared to what you could ever come up with yourself.

Now it you haven’t stopped reading yet because you thought “Hey wait this isn’t a Windows installation” let me explain a couple of things:

Point #1: Oracle BI is a server tool. It isn’t your WhatsApp desktop, it isn’t your Chrome/Firefox/Safari. It’s actually a whole range of servers and as such not something you run on a desktop operating system. And because of that:

Point #2: It is NOT supported on Windows desktop operating systems!
If you go to the Fusion Middleware Supported System Configurations page and open the certification matrix for the current 12.2.1.2.0 version you will find that the only mention of anything “Windows” are 2012 and 2012R2:

No 10, no 8, no 7, no ME, no XP, no 98, no 3.1 … you get the point. No. Desktop. OSs.

Point #3: That means that Oracle will never bother to test things fully or help you out if you mess up things or can’t get something to run because you installed on a Windows desktop OS. You’re on your own.

Point #4: Even if you make it run or clamour “But I’ve seen tons of videos where” it works like someone recently did – I don’t care and neither will Oracle in terms of their product development or support. Sooner or later you will run into follow-up issues and scratch you head and go mad because things just don’t work or not as expected / in a weird fashion.

People this is how technology works. An Android app is an Android app and not usable on iPhone unless the company making it actually releases an iPhone app. Ask any iPhone user and gamer how they felt between the Android release of Pokemon GO and the iPhone release last year.

To use another example: You shouldn’t fill up a diesel-engined car with petrol just because you always took petrol from the pump or whatever unvalid reason you can conjure up. Well you can but don’t complain afterwards that your engine is busted

Got it now? Thanks!

oracleace, OTN

If you’re following me on twitter you’ll know that I’ve been travelling and conferencing quite a bit this year. Someone I kept running into was Ms @oracleace herself: Jennifer Nicholson. For those of you who don’t know her – she’s our ACE mom ๐Ÿ™‚ Translation: she runs the ACE program. She organizes the ACED travels. She actually reads all our endless reply-all email chains to the different ACE lists (seriously guys – STOP IT!) and replies in no time flat. She handles nominations/applications. As I said – she’s our mom.

To give you an idea of how much she supports us all around the globe and not just administratively: while I rocked up at DOAG in November after a central european trip through 4 countries she came there after a multi-week continent-hopping convering China and India amongst other places. Still she did the DOAG and after just two weeks back in the US flew over to Europe again for UKOUG. Respect.
Having her on site is always a rallying point for the ACEs participating in these events as well as a point of contact for other people interested in it.


Another thing I’d like to say out loud on here for once – and only once I will not get into this discussion again – is that I want to congratulate her on and thank her for the calm and professional way she has managed the recent restructuring of the ACE program and the ensuing nigh-revolt thunderstorm!

Thank you, Jennifer!

To all other ACEs out there: Please don’t be whining divas bordering or obnoxious bitchiness!

community, conference, oracleace, OTN, Uncategorized

Sitting at Birmingham after a great UKOUG Tech16 and for once using the time to update my much-neglected blog ๐Ÿ™‚

Hadย  a great time again this year both in terms of content and social interaction. Session highlights – in no specific order I’m not ranking here:

  • Query, Integrate & Visualise All Your Data Using Hadoop – Mark Rittman
  • Kafka’s Role in Implementing Oracle’s Big Data Reference Architecture on the Big Data Appliance – Robin Moffatt
  • Data Streaming From Oracle To Kafka – Chris Lawless
  • Source Control, Code Deployment & Concurrent Development for OBIEE 12c – Robin Moffatt
  • Advanced Visualizations With Oracle BICS & Data Visualization – Antony Heljula
  • A Post – Big Data Analytics Platform & Use Of Oracle Advanced Analytics – Brendan Tierney
  • Community Keynote Business Analytics: How to spot the signals that tell you what’s REALLY going on in your business – Philippe Lions and Duncan Fitter
  • Advanced Analytics in Oracle Data Visualization Desktop – Philippe Lions
  • Oracle BI Analytics – An Update From Product Management – Mike Durran
  • Reduce European Flight Delay – Real Time ODI, OBIEE and D3 – Jerome Francoisse
  • OBIEE 12c Upgrade Experience At Liberty Global Case Study – Francesco Tisiot

Phew that’s all. It was refreshing to see that we finally reached the post-hype – and hence post-marketing-sales-BS stage – for Big Data and generally the next evolution of Analytics with many very pertinent real-life talks. Room assignment to Business Analytics talks could have been a bit better though as several of us including myself for one talk were in rooms with 11 person capacity and people standing squeezed up against the wall, in the door or even outside in the hallway.

Personally I did two talks about BI Server Query Execution and OBI Security respectively. For the latter I was joined by Gianni Ceresa for the coveted slot of 08:50 on Monday morning. Very good audience presence for both talks and some good questions which shows that foundation / core topics are still very much in demand rather than being skipped.

Content aside it was an excellent chance to meet up with several people again whom I hadn’t seen in a while and to do some more things for the OTN and ACE networks – more on that in a separate post to come. Tuesday night I hosted a meetup for Analytics geeks which drew a nice crowd in spite of numerous conflicting parties. Probably since we didn’t just “beer & business” around as usual but – being geeks – also had good fun with some card games. h/t to Jerome for bringing along a nice new one I hadn’t tried yet. Definitely something I’l lkeep up

UKOUG completes this year’s conferences and what a year it has been. Be seeing you all in 2017 at one of the Oracle User Groups, independent conferences or the mothership fest that is OpenWorld!

OBI, OTN

Some 2 weeks back Tim Hall had the wonderful idea of getting together on a specific date and making our love for the Oracle Technology Network known to the world.

Continuing on Robin’s list of what OTN does for us I would like to add their conference tours across the different continents like the current one running in the EMEA nordics. Secondly – and obviously – the ACE program which is quite simply the most amazing community I was ever a part of.

Anyone who know me knows that I quite literally worship the power and flexibility of the core BI server which harks back to the end of the 1990 when a couple of extremely clever guys created a metadata engine which was so far ahead of its time that its core remains pretty much the same until today and serves as the basis for Oracle Business Intelligence (OBIEE, OBIA, OTBI, etc), Visual Analyzer, BI Cloud Services, Data Visualization and Data Visualization Desktop.

One of the key functionalities of the BI Server is its ability to read just about any source of data you can imagine or come up with:

obi_data_sources

 

Add to this list of natively supported source types the power of reading literally anything based on ODBC and it becomes almost problem to find something you can’t analyze with OBI and its children.

Databases, multidimensional cubes, flat files, Hyperion applications, XML are at your fingertips just like many of the new kids on the block. Hive, Impala and Spark that is…not these guys.

I raise my glass to OTN. Prost, Zum Wohl, Santรฉ, Cheers, Kampai, Na Zdrowie and Salute!

community, event

I’m currently sitting in yet another very good talk at the Polish User Group 2016 conference – first of it’s type ever to happen in Poland. Second-to-last of my conferences for this year according to current planning I have to really tip my hat to the team here for a very well organized conference with a brilliant line-up of speakers and topics. Especially if you’re considering that it’s their first one ever. Massive turnout in terms of participants as well! ……looking at you there SOUG. Learn from your peers guys.

I think Robin’s gesture here speaks for itself.

In terms of content I’ve managed to grab a number of sessions:

  • “DBA, Heal Thyself: Five Diseases of IT Organizations and How to Cure Them” – Jim Czuprynski: I really hope he uploads the slides so speakerdeck or slideshare. Basically he spent the hour denouncing management stupidity, procedural ridiculousness and political rubbish and why + how this destroys your project, your initiative and generally IT in general.
  • “Introduction to graph databases” – Hans Viehmann: Heard it several times already but it’s always nice to see how Hans makes a rather extra-normal topic in the Oracle family accessible and understandable as a concept to people who have never run into it.
  • “(Still) No Silver Bullets : OBIEE 12c Performance in the Real World” – Robin Moffatt: What can I say on this one. “I agree” or “+1”? Or basically: IF you don’t get this please leave the industry. NOW.
  • “Why has my plan changed” – Neil Chandler: Brilliant analysis of just how badly many things around the optimizer…many times…are gotten wrong, ignored etc. As I said on twitter: Something to give your DBA to ponder.
  • “Analyze This! Practical Examples of Oracle Analytical Functions” – Jim Czuprynski: Another great talk by Jim. I really think analytical functions – even when you’re just talking about PIVOT/UNPIVOT or windowing – are in many cases where a proper analytical environment doesn’t exist just underused. Let alone all the 12c stuff which has been added.
    And with him and his twitter handle “TheWhyGuy” it’s really all about what I constantly preach: WHY you should do things in what way is all that it’s about. Not brainless repetition of things someone said or you’ve read or heard.
  • “Tips on Bulk Data Processing with SQL and PL/SQL” – Martin Widlake: Currently ongoing but as it is with Martin: Very down-to-earth and to-the-point. No flamboyant rubbish or embellishment. Because this is just how things work. Couldn’t agree more.

All in all a very good conference. Very glad I invited one of my client teams to participate in these two days and introduce them to conferencing and the Oracle community! I really wish POUG all the best for the future. A new proud member in the family of Oracle User Group conferences.

Oh yeah. And the beers. Good grief. A place for Jeff Smith ๐Ÿ˜‰

12c, security

Following up on my last post it turns out that the conundrum is nothing but Enterprise Manager currently displaying things in a somewhat sub-optimal manner. The permissions etc are all there but they are just not being displayed under their respective permission class.

WLST confirms this when listing things with listResources(appStripe=”obi”)

So conundrum = just a hick-up ๐Ÿ™‚

11g, 12c, application policies, OBI, permissions, security

So we know that 12c made some small changes in the security area – the most well known being “BI Administrator” being renamed to “BI Service Administrator”.

This can cause some issues when importing 11g BAR files with old “BI Administrator” roles but set “security model=false” during import. Well this isn’t what this post is about but still something you may want to remember ๐Ÿ˜‰

What this post IS about is the little weirdness which is happening in Application Policies and the Permissions you can grant to a policy and its principals.

Let’s look at the permissions granted to “BI Service Administrator”. There’s two set of rights which look suspiciously similar:

Can you spell “redundant”?

Ok let’s turn this upside down and create a new application grant for a “close to Admin”-type set of rights:

Searching by “Permission Class” oracle.security.jps.ResourcePermission yields 14 results.

Funny enough we don’t find all four of the permissions in the screenshot above. Two catalog permissions are present – “oracle.bi.presentation.catalogmanager.manage” and “*” for the oracle.bi.catalog permission type. “*” for oracle.bi-repository isn’t there though. Hmmm. Let’s search by “Resource Type” and try to find the four in question one by one.

Why hello there. Not only do we find all four but also a nice little remark on the two known ones: Legacy Permission from BI 11g

So it seems that those two are about to get dropped and be replaced by the new “*” resources. But why is only one of the two new permissions visible when searching by “Resource Class” when it seems to actually HAVE the correct resource class assigned to it?

Smells like something needing a little fix. Most important though: going through permissions by resource type and checking the ones labeled as “Legacy 11g” is a good idea in order to not be relying on things on their way out of the product…