Securing Your Oracle Reports Environment Through Oracle Portal 2.2 -- A Walkthrough Release 6i An Oracle Technical White Paper
OVERVIEW Once you have installed Oracle Reports and Oracle Portal release 2.2, you can begin setting up users and deploying your reports. The examples that follow take you through setting up a user and deploying a report through Oracle Portal. GENERAL ASSUMPTIONS The following assumptions are made for this document: An Oracle Reports Server, REP60_REPORTS-PM5 has already been installed and configured for Web reporting. You can access this server at the following URL: http://reports-pm5.us.oracle.com/dev60cgi/rwcgi60.exe An Oracle Portal site called MYSITE already exists. When the MYSITE site was installed it created three schemas: MYSITE, MYSITE_ADMIN, and MYSITE_PUBLIC. The Authentication Cookie Domain has been set in the server section of the Oracle Portal Listener configuration file (%ORACLE_HOME%\listener\websvr.cfg on Windows NT or $ORACLE_HOME/listener/websvr.cfg on UNIX). For example:... [SERVER] ORCookieDomain=mycompany.domain.com... The SECURITYTNSNAME=< tnsname alias > parameter has been added to the Oracle Reports configuration file. The tnsname alias references the instance where Oracle Portal is installed. EXAMPLE OF ENABLING A USER TO ADMINISTER SECURITY This step needs to be performed once for any user that will be registering reports, servers, or printers, and authorizing or granting users access to these objects. Overview This example covers giving a user the ability to administer Oracle Reports security by granting BUILD IN privileges, assigning the DBA role, and assigning the RW_ADMINISTRATOR role. Release 6i 1
Assumptions For this example, the following assumptions are made: A report administrator by the user name of REPDEV has just been created (with no privileges other than CONNECT) and is the one who will have to set up and manage reports security. The Oracle Portal administrator brings up Oracle Portal using the appropriate URL. For example: http://mymachine.domain.com:83 The Oracle Portal administrator logs in. Enabling User REPDEV To Administer Security Perform the following steps: 1. Log on as the Oracle Portal administrator. 2. From the Oracle WebDB home page, click Administer. 3. From the Administer page, click User Manager. 4. From this screen you fill out the Find an Existing User section. For example: Release 6i 2
5. When the name has been filled in, click Find. The following screen appears for user REPDEV: 6. Click on the Build Privileges tab. Release 6i 3
7. On the screen that appears, highlight REPDEV under Available Privileges, then click the Add button. Your screen now looks like the following: 8. Click Apply. When granting build privileges, the user (in this case, REPDEV) is also given browse privileges. This can be confirmed by clicking on the Browse Privileges tab. The following screen is displayed: Release 6i 4
9. Select the Roles tab. The following screen appears: 10. In the Role field, enter DBA and then click Add. 11. In the Role field, enter RW_ADMINISTRATOR and then click Add. Release 6i 5
12. Click Apply. REPDEV now has the DBA and RW_ADMINISTRATOR roles, which is confirmed in the following screen: 13. You now need to log off so that you can log on as REPDEV and administer reports security. If you do not log off, then the cookie for the session continues to exist, and the session resumes as the Oracle Portal administrator. REPDEV can now administer security for Oracle Reports. EXAMPLE OF REGISTERING A REPORT Now that REPDEV has been created with the ability to administer security, he can do the following: Secure reports. Secure servers. Secure printers. Define availability calendars. Authorize other users to run and access reports, servers, and printers. Overview This example will walk you through the following: Registering a server. Creating Report Definition File access. Release 6i 6
Assumptions For this example, the following assumptions have been made: You bring up Oracle Portal using the appropriate URL for your portal installation. For example: http://mymachine.domain.com:83 You log into Oracle Portal as REPDEV. You are registering a report called accounting.rdf and you are authorizing users SCOTT and BJ to run the report. Registering a Server Do the following to define server access: 1. Log on to Oracle Portal as REPDEV. 2. When the Oracle WebDB home page appears, click on Administer. 3. Click on Oracle Reports Security. 4. Click on Server Access. 5. Click on Create from the Add a Server Access as in the following: Release 6i 7
The following screen appears: 6. In the Server Name field enter MYSERVER. 7. In the Reports Server TNS Name field enter REP60_REPORTS-PM5. 8. In the Description field enter Local report server. 9. In the Oracle Reports Web Gateway URL enter the following: http://reports-pm5.us.oracle.com/dev60cgi/rwcgi60.exe This is the location of the Oracle Reports CGI or servlet. 10. Leave Run Only Registered Report Definition Files and Printers blank. They are not created for this example. If you put a check mark in the Run Only Registered Report Definitions Files, then you are telling the report server not to run any reports that have not been secured within the portal. If you had secured printers within the portal, then you could associate one or more printers for this RDF file; however, in this example, we have not registered printers and this RDF can be printed on any printer. Release 6i 8
After filling in all of the fields, the screen now looks like the following: Release 6i 9
11. Click on in the upper-right hand corner to continue. The following screen appears: 12. Select SCOTT, BJ, and REPDEV. Click on the button to move them to the right-hand column. SCOTT and BJ are the users you wish to give access to run the report you are registering. For testing purposes, you also need to give yourself access to the server. Note: You can select more than one object by holding the Ctrl key down and clicking on your choices. Your screen should now look like the following: Release 6i 10
13. Click on in the upper-right hand corner to continue. The following screen appears. Leave this screen blank for this example. Note: If you want to restrict the days or times this server is available for Web reporting, then you would create an availability calendar and specify it here. 14. Click on in the upper-right hand corner to continue. The following screen appears: 15. Click OK. You have now registered a reports server. Now you need to register a report. Release 6i 11
Registering a Report You do the following to register your report: 1. Return to the Oracle Reports Security screen. 2. Click on Reports Definition File Access. The following screen appears: 3. Click Create. 4. When the Report Name and Schema screen appears, the Owner Name, Report Name, and Reports Server fields are already filled in for you. 5. You need to change the Report Name field to say Finance. 6. Select MYSERVER in the Reports Server field. If you have only one Oracle Reports Server, you must still select it to continue. You can also highlight more than one server by holding down the Ctrl button and clicking on each server you want to use 7. In the Oracle Reports File Name field enter accounting.rdf. It is assumed that the RDF can be found along the REPORTS60_PATH; however, you can hardcode the full path to it if you wish. Release 6i 12
8. The Description field is optional. In this example, Financial statement has been entered. Your screen now looks like the following: 9. Click on in the upper-right hand corner to continue. 10. When the next screen appears, you want to select SCOTT, BJ, and REPDEV. Then click on the button to move them to the right-hand column. SCOTT, BJ, and REPDEV are the users you want to authorize to run your report. Note: You select more than one object by holding the Ctrl key down and clicking on your choices. Release 6i 13
Your screen should now look like the following: 11. Click on in the upper-right hand corner to continue. 12. Since we do not wish to specify availability, you leave the next screen blank: 13. Click on in the upper-right hand corner to continue. Release 6i 14
14. The next screen lets you select the Destination information. These are Types, Formats, Printers, and a Parameter Form Template. For this example, you select Cache for Types, and HTMLCSS and PDF for Formats. Leave the Parameter Form Template as is. Note: You select more than one object by holding the Ctrl key down and clicking on your choices. 15. Click on in the upper-right hand corner to continue. 16. For this example, you are going to further restrict access by restricting the department number passed to the report. The report has a parameter of P_DEPTNO already defined in it. Release 6i 15
17. Click on in the upper-right hand corner to continue. The following screen appears: A validation trigger is used to create conditional restrictions that cannot be defined on either the Required Parameters page or the Optional Parameters page. Validation triggers are PL/SQL functions. A validation trigger is run when users accept the Runtime Parameter Form. 18. Change the information in the Validation Trigger screen so that it looks like the following screen. SCOTT can only run this report for department 10. There is no such restriction for other users. Release 6i 16
19. Click OK when the following screen appears: EXAMPLES OF GRANTING PRIVILEGES AND DEPLOYING A REPORT You must grant EXECUTE privileges for a report object before you can deploy it. Overview This example walks you through the following: Granting privileges to appropriate users. Deploying a report in an Oracle Portal site. Assumptions For this example, the following assumptions have been made: You bring up Oracle Portal using the appropriate URL for your portal installation. For example: http://mymachine.domain.com:83 You log into Oracle Portal as REPDEV. Granting a User the EXECUTE Privilege You are now ready to grant users SCOTT, BJ, MYSITE_ADMIN, and MYSITE_PUBLIC the EXECUTE privilege. MYSITE_ADMIN and MYSITE_PUBLIC must be selected so that you can have FINANCE deployed on the MYSITE portal site. MYSITE_ADMIN and MYSITE_PUBLIC are created automatically when the site MYSITE is created. Release 6i 17
Grant the EXECUTE privilege by doing the following: 1. In the previous section, when you clicked OK, the following screen appeared. From here you click Privileges. 2. Enter SCOTT in the User/Role field. Click Grant Execute Privilege. Repeat this step for BJ, MYSITE_ADMIN, and MYSITE_PUBLIC. Release 6i 18
3. You receive confirmation in the Existing Grants screen: 4. Click on, which brings up the following screen: 5. Click on Parameters. Release 6i 19
6. From this screen under the check boxes for Visible to user, select Desformat and P_DEPTNO. In the P_DEPTNO field enter 10. Your screen now looks like the following: 7. Click Save Parameters. You must do this to save the changes you have made. 8. Click Run Report. The following screen appears: Release 6i 20
9. Fill in the fields as follows and click Submit (the password is tiger): 10. The following screen appears and confirms that the report has run successfully: 11. Click the Back button twice to return to the Manage Component screen. 12. You need to log off so that you can log on as MYSITE_ADMIN and deploy the report to the MYSITE site. If you do not log off, then the cookie from the previous session continues to exist, and the session resumes as REPDEV. Release 6i 21
Deploying a Report To An Oracle Portal Site Do the following to deploy a report to an Oracle Portal site: 1. Bring up the Oracle Portal site, MYSITE. For example: http://mymachine.domain.com:83/mysite The following screen appears: 2. Click Log On from the left-hand column. Release 6i 22
3. Log in as MYSITE_ADMIN. The following screen appears: 4. Click the Edit button. The following screen appears: Release 6i 23
5. Click the Add Item button. The following screen appears: 6. Select WebDB Component from the Item Type drop down list. 7. Click Next. 8. Select REPDEV.FINANCE from the WebDB Component drop down list. 9. Enter Finance Report in the Title field. 10. Select General from the Category drop down list. 11. Enter Finance report for a department in the Description field. Release 6i 24
12. Select Permanent from the Expiration Period drop down list. Your screen should now look like the following: Release 6i 25
13. Click Next. The following screen appears: The first three fields (Perspectives, Image, and Basic Search Key) are optional. 14. You need to select one of the radio buttons. In this example, you select Display Parameter Form as in the above example. Note: You must select either Display in Frame, which automatically runs the report when the link is selected (but you do not see a parameter form before running the report), or Display Parameter Form. The other options do nothing. 15. Click Finish. Release 6i 26
16. You are returned to the Welcome screen. 17. Scroll through this screen until you find the General heading, as shown in the following: 18. You need to log off so that you can log on as BJ and run the report. If you do not log off, then the cookie from the previous session continues to exist, and the session resumes as MYSITE_ADMIN. Your report, FINANCE has now been successfully deployed to the MYSITE portal site. Release 6i 27
EXAMPLE OF RUNNING A REPORT Now that REPDEV has registered a report, given SCOTT and BJ permission to run the report, and deployed the report to the MYSITE Oracle Portal site, the report is ready to run. Note: MYSITE cannot run this report because no access privileges to run the report were given to MYSITE. Only SCOTT, BJ, and REPEV can run the report. Overview This example will walk you through the following: Finding the report. Running the report. Assumptions For this example, the following assumptions have been made: You bring up Oracle Portal site, MYSITE, using the appropriate URL for your site. For example: http://mymachine.domain.com:83/mysite You log on as BJ. You are running a report called FINANCE. Running a Report To run your report do the following: 1. Bring up the Oracle Portal site, MYSITE. For example: http://mymachine.domain.com:83/mysite 2. Log in as BJ. 3. Scroll through the following screen until you find the General heading. 4. Click on Finance Report. Release 6i 28
5. The following screen appears: You could change the parameters on this screen. If you were to click on the Run Report button, then the Database Authentication dialog screen appears. You would fill this out, click Submit, and you would then see the results of the report. However, for our example, we wish to schedule the report. 6. Click on Schedule tab. The following screen appears. For this example, the following has been selected: Start: The report is scheduled to run immediately. Repeat: The report runs every hour. Destination: Site: The site is MYSITE. Log File Folder: The log folder is called LogFolder. This folder contains information related to the actual running of the report. Result Title: The result title is Financial Information. Result Folder: This folder is called ResultFolder. The report output is pushed to this folder. Expiration: The results are kept permanently. Overwrite Previous Result: By clicking on this, the previous results are overwritten; otherwise, they would be saved. Release 6i 29
7. Click on the Submit button. 8. This brings up the Database Authentication dialog. Fill this in and click the Submit button. The following confirmation appears: 9. Click OK. 10. When you return to the home screen, you will see that the result folder has been created. Each time you click on this folder, you will see the results of the report each time you click on the link. CONCLUSION This document has shown you how to successfully give a user Oracle Reports security administration privileges. You can now create a server and grant access to that server. You can also register a report, deploy a report, and have the report run. Release 6i 30
Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: +1.650.506.7000 Fax +1.650.506.7200 http://www.oracle.com/ Copyright Oracle Corporation 2000 All Rights Reserved This document is provided for informational purposes only, and the information herein is subject to change without notice. Please report any errors herein to Oracle Corporation. Oracle Corporation does not provide any warranties covering and specifically disclaims any liability in connection with this document. Oracle is a registered trademark, and Oracle8i, Oracle8, PL/SQL, and Oracle Expert are trademarks of Oracle Corporation. All other company and product names mentioned are used for identification purposes only and may be trademarks of their respective owners. Release 6i 31
Release 6i 32