Scribd Logo
Upload

Welcome to Scribd!

  • External Table Authentication

    Uploaded by

    Keshav Ram
    32 views14 pages
    This document discusses setting up external table authentication in Oracle. The key steps are: 1. Create a database table to store user IDs, group memberships, and other authentication data 2. Populate the table with user and group information 3. Create corresponding security groups in the repository using the same names as in the database table 4. Configure a session initialization block to query the database table and assign users to groups based on their entries 5. Create catalog groups in the presentation services using the same names to control web and data security

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses setting up external table authentication in Oracle. The key steps are: 1. Create a database table to store user IDs, group memberships, and other authentication data 2. Populate the table with user and group information 3. Create corresponding security groups in the repository using the same names as in the database table 4. Configure a session initialization block to query the database table and assign users to groups based on their entries 5. Create catalog groups in the presentation services using the same names to control web and data security

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    32 views14 pages

    External Table Authentication

    Uploaded by

    Keshav Ram
    This document discusses setting up external table authentication in Oracle. The key steps are: 1. Create a database table to store user IDs, group memberships, and other authentication data 2. Populate the table with user and group information 3. Create corresponding security groups in the repository using the same names as in the database table 4. Configure a session initialization block to query the database table and assign users to groups based on their entries 5. Create catalog groups in the presentation services using the same names to control web and data security

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 14

    EXTERNAL TABLE AUTHENTICATION

    Authorization is most commonly handled by using an external table. The following steps are required after setting up Authentication process: 1. Create a table in the database that would have the Authorization information. If you already have a table from which associates the UserID/Username with Groups, you can use that table. If not, create the following table in your database. CREATE TABLE WC_USER_AUTH ( LOGON VARCHAR2(120 BYTE) NOT NULL, GROUP_NAME VARCHAR2(120 BYTE) NOT NULL, CREATED_DT DATE DEFAULT SYSDATE ) TABLESPACE <your tablespace> PCTUSED 0 PCTFREE 10 INITRANS 1 MAXTRANS 255 STORAGE ( INITIAL 64K MINEXTENTS 1 MAXEXTENTS 2147483645 PCTINCREASE 0

    BUFFER_POOL DEFAULT ) LOGGING NOCOMPRESS NOCACHE NOPARALLEL MONITORING; CREATE UNIQUE INDEX NDX_LOGON_GROUP ON WC_USER_AUTH (LOGON, GROUP_NAME) NOLOGGING TABLESPACE <your tablespace> PCTFREE 10 INITRANS 2 MAXTRANS 255 STORAGE ( INITIAL 64K MINEXTENTS 1 MAXEXTENTS 2147483645 PCTINCREASE 0 BUFFER_POOL DEFAULT ) NOPARALLEL; 2. Now you will have to populate the table with the relevant information. Note that one user can belong to more than one group. 3. Next, you need to create the groups in the repository. The name of the groups should be as they are in the table, if you want these groups to drive web and data security as well. If you have a group called Power Users in the table, you would have to create a group with the exact same name.

    1. As a best practice, it is recommended that a separate connection pool is created for the execution of Authentication and Authorization Initialization blocks.

    1. Now create a session initialization block that would read from the table to assign groups to the user.

    1. Configure the session initialization block. Give it a name and click on Edit Data Source. In the pop up window, choose Database from the drop down box. Write a SQL statement that would get all the group names of the user that is populated in the USER variable as part of Authentication. The SQL statement used in this example is SELECT GROUP, R.GROUP_NAME FROM WC_USER_AUTH R WHERE UPPER(R.LOGON)=UPPER(:USER). Choose a connection pool.

    1. Now edit the variable target and set it to row wise initialization. What it really means is, it would assign multiple values to a variable, GROUP variable in this case. If a user belongs o multiple groups, multiple rows will be returned by the SQL and this setting would enable GROUP to contain all the values.

    1. Now set execution precedence. The authorization process takes place after authentication process. We are using a variable (USER) that authentication process is populating.

    2. Now create the Catalog Groups in the presentation services. The group names should match the group names from the table and the repository as in Step 3, if you want them to drive the web and data security. Go to Settings -> Manage Presentation Catalog Groups and Users

    1. Click on Create a new Catalog Group. In the new window give the name of the group and as a best practice give it a password.

    1. Now when logged I will log in as Kumar Kambam and click on My Account, in here we can see the Kumar.Kambam s group membership. You can join a Catalog Group from here.

    1. Now that we have established that Power Users group has at least one user as demonstrated in the Step 12, let us log in as Administrator and go to Power Users Group properties. Dont panic if you see the message saying There are currently no members in this Group. Group assignment to a user is done at session level. When a user logs on and authorization process assigns groups to users. This assignment of users to a group is valid for that session only. Thus no group membership information is stored in the presentation services.

    1. One can also create catalog groups in the presentation services and assign users manually, however it is not recommended to do so. 2. One frequently asked question is Why cannot I see the comprehensive list of users and their group memberships in the presentation services? In this set up, presentation services cannot be used to maintain or see the comprehensive list of users. A user will appear only after he/she logs on for the firstime. As far as group assigment goes, it is done on the session level and is valid for that session only. So we cannot see the group membership information. Though you can create a catalog group on the presentation services and assign users manually, it not recommended to do so.

    Points to ponder
    1. Authentication and Authorization are two different processes accomplishing different tasks. 1. Authentication checks valid user and password

    2. Authorization assigns security group membership 2. Authorization process is executed after authentication process 3. If you want to control data and web security with the groups defined in the table, the name of the group should be the same in all the three places table, repository, and presentation services 4. The assignment of a user to a group in this case is done at session level and that information is not stored in the presentation services. Though you can create a catalog group on the presentation services and assign users manually, it not recommended doing so.

    You might also like