The following is a non-technical explanation of a setup we
have running on a couple of VMs. The first VM is running EPM 11.1.2.3. The
second VM is running OBIEE 11.1.1.7…something. I lost track of OBIEE’s various
versions when they switched to their new “date-in-the-version-string” version
format.
I used these VMs to create the “OBIEE in Workspace”
integration that John Goodwin has blogged about here.
There are a number of pre-requisites and hoops to go through so I have put
together a few scripts that should mean that future integrations can be done in
a few clicks.
The end result after this integration is that there are new
roles created in HSS, which can be provisioned to users to allow them to view
OBIEE resources in Workspace. This is pretty neat - it relies on HSS and OBIEE
both being configured against the same external authentication source but that
is no big problem.
It also gives you an extra link to open up the
Administrative options for Presentation Services, which is a nice touch.
We also have another integration running, one which
basically lets you control OBIEE application role membership from inside Shared
Services. Yep, that’s right, you can have your EPM and OBIEE security (almost)
in one place.
The application role membership is manipulated by loading
information from the HSS database, using SQL. Using the right queries and WLST
statements we can update application role membership using the group membership
in Shared Services. Pretty neat, right?
There are some caveats to this security integration. It
doesn’t handle recursion (groups within groups). It is reliant on external
programs. It needs an extra database created. It currently only supports MS SQL
Server. If Oracle ever changes its database schema for Shared Services the
script will break. Oh and Oracle obviously would not support this as a
solution.
However it demonstrates that it can be done. It could even be made a lot simpler and be
supported out-of-the-box if Oracle changed their database schema and added some
functionality to OBIEE.
In follow-up posts I will try to go into detail as to how this setup was created. Until then I will leave you to ruminate on the possibilites...
