module owb security

All information Copyright Bayon Technologies, Inc.

OWB Security

Non-OWB, schema-schema, design, runtime, external


Need for Security

Some OWB accounts can gain access as “oracle” to OS

AuditingThink Sarbanes-OxleyWho changed the ETL that defines “profit”?

Data Warehouse is the complete, distilled enterprise


Non-OWB specific

Good Passwords Network Restrictions

Listener RestrictionsFirewall

Oracle Security FeaturesFine Grained AuditingVirtual Private Database (marts)


Straight Forward OWB-specific

RECOMMENDATIONS

Administrator should register locations Registered source systems should get

“limited” access to source systems


Design Repository

Use users instead of repository account

WBSecurityHelper.registerOWBUser (’username’)


Runtime Security

The following accounts are granted “EXECUTE ANY PROCEDURE”OWB Runtime Repository OwnerOWF Target

Target to Target permissions should be defined at the object levelExercise on this


Provided Security Frameworks

Frozen Project Framework Implements a framework for freezing projects

by a lookup table Development Cycle

Administrators All PermissionsDevelopers, QA, Sustaining AdministratorsUses the “unused” Development Status


OWB PL/SQL Security Framework

Replace “DUMMY” PL/SQL package Implement PL/SQL procedures defined

isSecurityServiceCustomized, securityCheckForCreation, securityCheck, securityCheckForService

Blank Check


Runtime Security (External)

run_my_owb_stuffGrant execute on …WB_R_ and WB_U_ roles granted

wrap run_my_owb_stuffOnly users X,Y,Z can execute

run_my_owb_stuff(‘MAPPING1’)-OR- function run_owb_mapping1


Questions for Discussion

You need to run mappings from Tivoli across a network that is untrusted. How would you accomplish this?

T/F: You can implement whatever security you desire.

module owb security

Economy & Finance