The following is a non-technical explanation of a setup we have running on a couple of VMs. The first VM is running EPM 18.104.22.168. The second VM is running OBIEE 22.214.171.124…something. I lost track of OBIEE’s various versions when they switched to their new “date-in-the-version-string” version format.
I used these VMs to create the “OBIEE in Workspace” integration that John Goodwin has blogged about here. There are a number of pre-requisites and hoops to go through so I have put together a few scripts that should mean that future integrations can be done in a few clicks.
The end result after this integration is that there are new roles created in HSS, which can be provisioned to users to allow them to view OBIEE resources in Workspace. This is pretty neat - it relies on HSS and OBIEE both being configured against the same external authentication source but that is no big problem.
It also gives you an extra link to open up the Administrative options for Presentation Services, which is a nice touch.
We also have another integration running, one which basically lets you control OBIEE application role membership from inside Shared Services. Yep, that’s right, you can have your EPM and OBIEE security (almost) in one place.
The application role membership is manipulated by loading information from the HSS database, using SQL. Using the right queries and WLST statements we can update application role membership using the group membership in Shared Services. Pretty neat, right?
There are some caveats to this security integration. It doesn’t handle recursion (groups within groups). It is reliant on external programs. It needs an extra database created. It currently only supports MS SQL Server. If Oracle ever changes its database schema for Shared Services the script will break. Oh and Oracle obviously would not support this as a solution.
However it demonstrates that it can be done. It could even be made a lot simpler and be supported out-of-the-box if Oracle changed their database schema and added some functionality to OBIEE.
In follow-up posts I will try to go into detail as to how this setup was created. Until then I will leave you to ruminate on the possibilites...