Date post: | 16-Dec-2015 |
Category: |
Documents |
Upload: | phillip-reed |
View: | 297 times |
Download: | 3 times |
Use Case 1 – Role & Folder Per Entity
Use Case 1:
Several entities (dept’s, org’s, etc)will use OBIEE, each needs their ownfolder in addition to users of each entityhaving their own folder.
Create User
User Exists?
Start
Role Exists?
Yes
Create Role
No
No
Add User to Role
Yes
Create Folder
Remove InheritedFolder
Permissions
Add Role to Folder
End
Use Case 1 – Create User Key Files
Create User Key Files:
Create a user configuration and associating key file to store encrypted authentication credentials.
Login to Web Logic with WLST and run:
storeUserConfig(userConfigFile, userKeyFile, [nm])
Argument Definition
userConfigFileName of the file to store the user configuration. The filename can be absolute or relative to the directory from which you enter the command.
userKeyFile
Name of the file to store the key information that is associated with the user configuration file that you specify. The pathname can be absolute or relative to the directory from which you enter the command.
nm
Optional. Boolean value specifying whether to store the username and password for Node Manager or WebLogic Server. If set to true, the Node Manager username and password is stored. This argument default to false
Create User:
import sysimport socket
url = 't3://'+socket.gethostname()+':7001'user = sys.argv[1]user_pass = sys.argv[2]user_desc = sys.argv[3]
connect(userConfigFile='user_config',userKeyFile='keyfile',url=url)
atnr=cmo.getSecurityConfiguration().getDefaultRealm().lookupAuthenticationProvider("DefaultAuthenticator")
if atnr.userExists(user): exit()else: atnr.createUser(user, user_pass, user_desc) exit()
Call:
/path/to/wlst.sh /path/to/create_user.py user user_pass user_desc
Create User
User Exists?
Start
No
Use Case 1: Create User
Create User
User Exists?
Role Exists?
Yes
No
Use Case 1: Role Exists
Get Roles:
import sysimport socket
url = 't3://'+socket.gethostname()+':7001'
connect(userConfigFile='user_config',userKeyFile='keyfile',url=url)
listAppRoles(appStripe=‘[replace with application stripe name]’)
Call:
/path/to/wlst.sh /path/to/list_roles.py >> roles.txt
Parse For ‘Principal Name’ Value:
grep 'Principal Name' roles.txt | awk -F':' '{print $3}' | awk -F',' '{print $1}'
Create User
User Exists?
Role Exists?
Yes
No
Use Case 1: Role Exists
Get Roles (use existing script):
/oracle/middleware/oracle_common/common/bin/wlst.sh /oracle/middleware/oracle_common/modules/oracle.jps_11.1.1/common/wlstscripts/listAppRoles.py -appStripe [replace with your app stripe name]
Use Case 1: Create Role
Role Exists?
Create Role
No
Create Role:
import sysimport socket
url = 't3://'+socket.gethostname()+':7001'
connect(userConfigFile='user_config',userKeyFile='keyfile',url=url)
atnr=cmo.getSecurityConfiguration().getDefaultRealm().lookupAuthorizer("DefaultAuthenticator")
try: createAppRole(appStripe=‘[replace with application stripe name]', appRoleName=sys.argv[1])except: pass
exit()
Call:
/path/to/wlst.sh /path/to/script.py role_name
Role Exists?
Create Role
No
Add User to Role
Yes
Use Case 1: Add User to Role
Add User to Role:
import sysimport socket
url = 't3://'+socket.gethostname()+':7001'
connect(userConfigFile='user_config',userKeyFile='keyfile',url=url)
try: grantAppRole(‘[replace with application stripe name]',sys.argv[1],"weblogic.security.principal.WLSUserImpl",sys.argv[2])except: pass
exit()
Call:
/path/to/wlst.sh /path/to/user_to_role.py role_name user_name
Use Case 1: Web Service Session
SAWSessionService.logon:
<soapenv:Envelope xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/' xmlns:v6='urn://oracle.bi.webservices/v6'><soapenv:Header/> <soapenv:Body> <v6:logon> <v6:name>{User}</v6:name> <v6:password>{Pass}</v6:password> </v6:logon> </soapenv:Body> </soapenv:Envelope>
Access WSDL at:
host:9704/analytics/saw.dll?wsdl
Add User to Role
Create Folder
Use Case 1: Create Folder
WebCatalogService.createFolder:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v6="urn://oracle.bi.webservices/v6"> <soapenv:Header/> <soapenv:Body> <v6:createFolder> <v6:path>/shared/{REPLACE W/NAME OF FOLDER}</v6:path> <v6:createIfNotExists>1</v6:createIfNotExists> <v6:createIntermediateDirs>0</v6:createIntermediateDirs> <v6:sessionID>{REPLACE WITH SESSION ID}</v6:sessionID> </v6:createFolder> </soapenv:Body></soapenv:Envelope>
Create Folder
Remove InheritedFolder
Permissions
Use Case 1: Remove Inherited Folder Perms
WebCatalogService.updateCatalogItemACL:
<v6:updateCatalogItemACL> <!--1 or more repetitions:--> <v6:path>/shared/{REPLACE W/NAME OF FOLDER}</v6:path> <v6:acl> <!--Optional:--> <v6:dummy></v6:dummy> <!--Zero or more repetitions:--> <v6:accessControlTokens> <v6:account> <!--Optional:--> <v6:name>{Replace with Role Name}</v6:name> <v6:accountType>4</v6:accountType> <!--Optional:--> <v6:guid>{Replace with Role Name}</v6:guid> </v6:account> <v6:permissionMask></v6:permissionMask> </v6:accessControlTokens> </v6:acl> <v6:options> <v6:updateFlag>2</v6:updateFlag> <v6:recursive>0</v6:recursive> </v6:options> <v6:sessionID>{REPLACE WITH SESSION ID}</v6:sessionID> </v6:updateCatalogItemACL>
Use Case 1: Add Role to Folder
Remove InheritedFolder
Permissions
Add Role to Folder
End
WebCatalogService.updateCatalogItemACL:
<v6:updateCatalogItemACL> <!--1 or more repetitions:--> <v6:path>/shared/{REPLACE W/NAME OF FOLDER}</v6:path> <v6:acl> <!--Optional:--> <v6:dummy></v6:dummy> <!--Zero or more repetitions:--> <v6:accessControlTokens> <v6:account> <!--Optional:--> <v6:name>{Replace with Role Name}</v6:name> <v6:accountType>4</v6:accountType> <!--Optional:--> <v6:guid>{Replace with Role Name}</v6:guid> </v6:account> <v6:permissionMask>{ADD Permissions MASK}</v6:permissionMask> </v6:accessControlTokens> </v6:acl> <v6:options> <v6:updateFlag>1</v6:updateFlag> <v6:recursive>0</v6:recursive> </v6:options> <v6:sessionID>{REPLACE WITH SESSION ID}</v6:sessionID> </v6:updateCatalogItemACL>
Use Case 1: Add Role to Folder
Remove InheritedFolder
Permissions
Add Role to Folder
End
WebCatalogService.updateCatalogItemACL:
<v6:accountType>4</v6:accountType><v6:permissionMask>{ADD Permissions MASK*}</v6:permissionMask><v6:updateFlag>1</v6:updateFlag>
From the WSDL:
permissionMask field value is combination of the following flags: 1 permission to read items content 2 permission to traverse directory 4 permission to change items content 8 permission to delete an item 16 permission to assign permissions to others 32 can take ownership of the item 2048 permission to run a publisher report live 4096 permission to schedule a publisher report 8192 permission to view output of a publisher report
Invalid ACL update flag. Valid values are:0 - replace ACL1 - replace privileges only for mentioned accounts2 - delete mentioned accounts from item's ACL
accountType values: 0 - user 1 - group 4 - role
Add User to Role
Create User
User Exists?
Start
Yes
No
Update Passwords
Clear User Folder
End
Users Expired?
End
No
Yes
Use Case 2:
Training department needs 50 trainingusers for each business day of the week.Passwords for each user needs to bereset after one week.
Use Case 2 – Training Users
Use Case 2: User Exists Alternative
User Exists?
Start
SecurityService.getAccounts:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v6="urn://oracle.bi.webservices/v6"> <soapenv:Header/> <soapenv:Body> <v6:getAccounts> <!--1 or more repetitions:--> <v6:account> <!--Optional:--> <v6:name>*Training*</v6:name> <v6:accountType>0</v6:accountType> <!--Optional:--> <v6:guid></v6:guid> </v6:account> <v6:sessionID>{REPLACE WITH SESSION ID}</v6:sessionID> </v6:getAccounts> </soapenv:Body></soapenv:Envelope>
Compare results with users you want to add.
Update Passwords
Clear User Folder
End
Users Expired?
End
No
Yes
Use Case 2: Reset Users
User Expired:
Use Regular Expression to compare user day on username with dayfrom date object or sysdate.
For example: ^([0-9]{1,2})(Training[0-9]{1,2})
Compare first part of regex (1,2,3,4,5) to the day of the week from date object.
Change Password:
import sysimport socket
url = 't3://'+socket.gethostname()+':7001'new_pass = sys.argv[3]old_pass = sys.argv[2]user_number = sys.argv[1]
connect(userConfigFile='user_config',userKeyFile='keyfile',url=url)
atnr=cmo.getSecurityConfiguration().getDefaultRealm().lookupAuthenticationProvider("DefaultAuthenticator")atnr.changeUserPassword(user_number, old_pass, new_pass)exit()
Clear User Folder:
rm -rf /path/to/OracleBIPresentationServicesComponent/coreapplication_obips1/catalog/root/users/user/*
Use Case 3:
To improve product quality, the QA or Dev teamwant to have repeatable automated tests ranper RPD release.
Tests need to be added per iteration to account forchanges or additions. Previously built tests will be ranin the automated suite of tests to validate unchanged objects still contain proper logic.
Get DB and RPD Output
Create report with RPD logic in good state
Start
Fail
DB == RPD?
Pass
No Yes
Use Case 3: RPD QA
XmlViewService.executeXMLQuery:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v6="urn://oracle.bi.webservices/v6"> <soapenv:Header/> <soapenv:Body> <v6:executeXMLQuery> <v6:report> <v6:reportPath>/path/to/folder name/report name</v6:reportPath> </v6:report> <v6:outputFormat>SAW_ROWSET_SCHEMA_AND_DATA</v6:outputFormat> <v6:executionOptions> <v6:async>false</v6:async> <v6:maxRowsPerPage>10</v6:maxRowsPerPage> <v6:refresh>true</v6:refresh> <v6:presentationInfo>false</v6:presentationInfo> </v6:executionOptions> <v6:sessionID>{REPLACE WITH SESSION ID}</v6:sessionID> </v6:executeXMLQuery> </soapenv:Body></soapenv:Envelope>
Get DB and RPD Output
Use Case 3: RPD Output
Returned XML:
To get this data we have gone through all logic in the RPD we’d go through when requesting through a URL (initialization blocks, identity manager, session variables, BMM layer logic, etc).
<sawsoap:rowset xsi:type="xsd:string"><![CDATA[<rowset xmlns="urn:schemas-microsoft-com:xml-analysis:rowset"><Row>
<Column0>Baz</Column0></Row><Row>
<Column0>Bar</Column0></Row><Row>
<Column0>Foo</Column0></Row>
</rowset>]]></sawsoap:rowset>
Use XML parser to get just values or transform returned values from database into XML.
Get DB and RPD Output
Use Case 3: RPD Output
References
WLST Commands: http://docs.oracle.com/cd/E13222_01/wls/docs92/config_scripting/quick_ref.html
WebLogic Server API Reference:http://docs.oracle.com/cd/E29542_01/apirefs.1111/e13941/toc.htm
Example of SecurityConfigurationMBean:http://docs.oracle.com/cd/E11035_01/wls100/javadocs_mhome/weblogic/management/configuration/SecurityConfigurationMBean.html
MBean Reference:http://docs.oracle.com/cd/E28280_01/apirefs.1111/e13951/core/
Web Service Structures:http://docs.oracle.com/cd/E21764_01/bi.1111/e16364/structures.htm
Evaluate this sessionhttps://www.surveymonkey.com/s/UTOUGSessions
Session Evaluation Number: 7