- ODI security is used to secure any action performed by authenticated users against the design-time and run-time artifacts and components of Oracle Data Integrator.
- Security is built around users and profiles, to which security administrators grant methods (edit, delete, and so forth) on objects types (projects, models, interfaces, and so forth) or on specific object instances (Data warehouse Project, ODS Project, and so forth).
- All the security information for Oracle Data Integrator is stored in the master repository.
- "Objects, Instances and Methods"
- "Profiles"
- "Users"
Objects, Instances and Methods:
An Object is a representation of a design-time or run-time artifact handled through Oracle Data Integrator.
For example, agents, models, datastores, scenarios, interfaces and even repositories are objects. Specific objects have a double name (Agent/Context, Profile/Method, and so forth). These objects represent links between objects. These links are also objects. For instance, Agent/Context corresponds to a physical/logical agent association made through the contexts. Privileges on this object enable to change this association in the topology.
An Instance is a particular occurrence of an object. For example, the Datawarehouse project is an instance of the Project object.
A Method is an action that can be performed on an object. Each object has a predefined set of methods.
Profiles
A Profile contains a set of privileges for working with Oracle Data Integrator. One or more profiles can be assigned to a user to grant the sum of these privileges to this user.
A Profile Method is an authorization granted to a profile on a method of an object type. Each granted method allows a user with this profile to perform an action (edit, delete, and so forth) on an instance of an object type (project, model, datastore, and so forth).
Methods granted to a profile appear under this profile in the Profiles accordion of the Security Navigator. When a method does not appear for a given profile, this profile does not have access to this method.
A method can be granted as a generic or non-generic privilege:
• A method granted as a generic privilege is granted by default on all the instances of this object.
• A method granted as a non-generic privilege is not granted by default on all object instances, but may be granted per instance.
Generic vs. Non-Generic profiles
Generic profiles have the Generic privilege option selected for all object methods. This implies that a user with such a profile is by default authorized for all methods of all instances of an object to which the profile is authorized.
Non-Generic profiles are not by default authorized for all methods on the instances since the Generic privilege option is not selected for all object methods. The administrator must grant the user the rights on the methods for each instance.
If the security administrator wants a user to have the rights on no instance by default, but wishes to grant the rights by instance, the user must be given a non-generic profile.
If the security administrator wants a user to have the rights on all instances of an object type by default, the user must be given a generic profile.
Built-In Profiles
Oracle Data Integrator has some built-in profiles that the security administrator can assign to the users he creates.
An Instance is a particular occurrence of an object. For example, the Datawarehouse project is an instance of the Project object.
A Method is an action that can be performed on an object. Each object has a predefined set of methods.
Profiles
A Profile contains a set of privileges for working with Oracle Data Integrator. One or more profiles can be assigned to a user to grant the sum of these privileges to this user.
A Profile Method is an authorization granted to a profile on a method of an object type. Each granted method allows a user with this profile to perform an action (edit, delete, and so forth) on an instance of an object type (project, model, datastore, and so forth).
Methods granted to a profile appear under this profile in the Profiles accordion of the Security Navigator. When a method does not appear for a given profile, this profile does not have access to this method.
A method can be granted as a generic or non-generic privilege:
• A method granted as a generic privilege is granted by default on all the instances of this object.
• A method granted as a non-generic privilege is not granted by default on all object instances, but may be granted per instance.
Generic vs. Non-Generic profiles
Generic profiles have the Generic privilege option selected for all object methods. This implies that a user with such a profile is by default authorized for all methods of all instances of an object to which the profile is authorized.
Non-Generic profiles are not by default authorized for all methods on the instances since the Generic privilege option is not selected for all object methods. The administrator must grant the user the rights on the methods for each instance.
If the security administrator wants a user to have the rights on no instance by default, but wishes to grant the rights by instance, the user must be given a non-generic profile.
If the security administrator wants a user to have the rights on all instances of an object type by default, the user must be given a generic profile.
Built-In Profiles
Oracle Data Integrator has some built-in profiles that the security administrator can assign to the users he creates.
CONNECT - Profile granted with the basic privileges to connect Oracle Data Integrator. It should be granted with another profile.
DESIGNER - Profile granted with privileges to perform development operations. Use this profile for users who will work mainly on projects.
NG_DESIGNER - Non-generic version of the DESIGNER profile.
METADATA_ADMIN - Profile granted with privileges to manage metadata. Use this profile for users that will work mainly on models.
NG_METADATA_ADMIN - Non-generic version of the METATADA_ADMIN profile.
OPERATOR - Profile granted with privileges to manage run-time objects. Use this profile for production users.
REPOSITORY_EXPLORER - Profile granted with privileges to view objects. Use this profile for users who do not need to modify objects.
NG_REPOSITORY_EXPLORER - Non-generic version of the REPOSITORY_EXPLORER profile.
SECURITY_ADMIN - Profile granted with privileges to edit security. Use this profile for security administrators.
TOPOLOGY_ADMIN - Profile granted with privileges to edit the Topology. Use this profile for system or Oracle Data Integrator administrators.
VERSION_ADMIN - Profile granted with privileges to create, restore and edit versions and solutions. Use this profile for project managers, or developers who are entitled to perform version management operations.
NG_VERSION_ADMIN - Non-generic version of the VERSION_ADMIN profile.
DESIGNER - Profile granted with privileges to perform development operations. Use this profile for users who will work mainly on projects.
NG_DESIGNER - Non-generic version of the DESIGNER profile.
METADATA_ADMIN - Profile granted with privileges to manage metadata. Use this profile for users that will work mainly on models.
NG_METADATA_ADMIN - Non-generic version of the METATADA_ADMIN profile.
OPERATOR - Profile granted with privileges to manage run-time objects. Use this profile for production users.
REPOSITORY_EXPLORER - Profile granted with privileges to view objects. Use this profile for users who do not need to modify objects.
NG_REPOSITORY_EXPLORER - Non-generic version of the REPOSITORY_EXPLORER profile.
SECURITY_ADMIN - Profile granted with privileges to edit security. Use this profile for security administrators.
TOPOLOGY_ADMIN - Profile granted with privileges to edit the Topology. Use this profile for system or Oracle Data Integrator administrators.
VERSION_ADMIN - Profile granted with privileges to create, restore and edit versions and solutions. Use this profile for project managers, or developers who are entitled to perform version management operations.
NG_VERSION_ADMIN - Non-generic version of the VERSION_ADMIN profile.
Users:
A User is an Oracle Data Integrator user, and corresponds to the login name used to connect to a repository.
A user inherits the following privileges:
• All the privileges granted to its various profiles
• Privileges on objects and/or instances given to this user
A user inherits the following privileges:
• All the privileges granted to its various profiles
• Privileges on objects and/or instances given to this user
To create the user:
Step1: In security navigator, expand users accordian and click new user.
No comments:
Post a Comment