OBIEE CPU Patches — Where To Find OBIEE 10g and 11g Critical Patch Updates (CPU) Patches And/Or Security Alerts

March 14th, 2012 No comments

Applies to:

Business Intelligence Server Enterprise Edition – Version: 10.1.3.4.1 [1900] to 11.1.1.5.0 [1308] – Release: 10g to 11g
Business Intelligence Server Enterprise Edition – Version: 10.1.3.4.1 [1900] to 11.1.1.5.0 [1308]   [Release: 10g to 11g]
Information in this document applies to any platform.

Goal

How can you determine if there are any Oracle Critical Patch Updates (CPU) and/or Security Alerts for Oracle Business Intelligence Enterprise Edition (OBIEE) 10g and 11g?

Solution

Critical Patch Updates and Security Alerts

Critical Patch Updates (CPU) and Security Alerts notifications are posted on the Oracle Technology Network (OTN) website.  This website maintains a listing of all Oracle products including OBIEE and typically gets updated quarterly, or as needed.  It is possible to receive notification of new CPU and security alerts by email.

Critical Patch Updates (CPU) Patches are cumulative for many Oracle products. This means that, for these products, a CPU includes new security fixes as well as all previously released CPU fixes for this particular
platform and version combination. The main benefit of cumulative CPUs is that it allows customers to
quickly and easily “catch up ” to current security release level by only applying the most recent CPU.

For example,you have the patch for Oct 2011, you do not need to first apply the patch for Jul 2011. Applying the most current CPU patch will include all current fixes.
However, each CPU advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes.

Full details on released CPU patches and how to enable alerts can be found here.

Locating OBIEE CPU Patch
To determine if a recent CPU Patch affects OBIEE, you will need to go to CPU Patch link  http://www.oracle.com/technetwork/topics/security/alerts-086861.html

Look for section ” Critical Patch Updates” . There will be many links available for CPU patches released during different months. One needs to review these links according to what CPU patches one is looking for.

For example, you can click CPU Patch link(i.e. “Critical Patch Update – October 2011″ )
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html and it will bring up a new page.
In the new page, look for section ” Affected Products and Components” and under this section look for
OBIEE (i.e. “Oracle Business Intelligence Enterprise Edition, versions 10.1.3.4.1, 11.1.1.3, 11.1.1.5″). If you see references to OBIEE, click the Patch Availability ” Fusion Middleware” link and review the patch release notes for applicable patches.

For example, when using the steps just described, you will see section titled “3.2.2 Oracle Business Intelligence Enterprise Edition” and will find the latest CPU patches.

Here you will notice that CPU patches were released for OBIEE for Oct 2011 <<12830486, 12830471>>, July: Patch 11833743 for OBIEE 10g and so on.

Categories: OBIEE 11G Tags: , ,

How to Keep Track of OBIEE 10g Patches Applied? How To Handle Version.Txt Files When You Have Multiple Patches? Are Patches Cumulative?

March 10th, 2012 No comments

Applies to:

Business Intelligence Server Enterprise Edition – Version: 10.1.3.2 to 10.1.3.4.2 [2405] – Release: 10g to 10g
Business Intelligence Suite Enterprise Edition – Version: 10.1.3.2 to 10.1.3.4.2 [2405]   [Release: 10g to 10g]
Information in this document applies to any platform.

Goal

- How to handle VERSION.TXT files when you have multiple patches?

- When Oracle supplies an OBIEE patch, its README file always says to replace the VERSION.TXT file on the [Oracle Home] directory with the one included.

- When you apply a second, unrelated patch to the environment why would we want to replace the entire VERSION.TXT file?

- Would you append the text in the second patch’s VERSION.TXT file to the first?

- How will this display on the Settings > Administration window when it displays the information in the Product Information box?

- Are OBIEE Patches cumulative?

Solution

This has been confirmed by Development.

1. Version.txt file should be replaced, following instructions in the readme files of each patch.
New version.txt file should not be appended to the end of the current one, but it should replace the current one.

2. Currently, for 10G versions, OBIEE patch installation does not provide for an automatic way of keeping track of the patches applied.

Nevertheless, Development is working to make 11g use opatch installer. Opatch provides a way to keep track of previous patches installed. There is no official date for 11G release.

3. It is recommended that you keep a record of the patches you have applied.
You could implement that in the way you prefer, but separated from OBIEE installation, and in addition to replace the version.txt file used in OBIEE.

For example, you could:
- Append the version.txt file to another file, with name version_history.txt or something like that, everytime you apply a patch.
OR
- When applying first patch, rename original version.txt from GA release to version0.txt and copy version.txt from the patch.
Then, when applying second patch, rename version.txt to version1.txt and copy new version.txt from the second patch, and so on.
OR
- copy new version.txt file to a file named like version_<YYYY_MM_DD>.txt, indicating the date when you applied it.
That way you can have in a single directory all the previous version.txt with its dates of installation.

4. OBIEE One-off patches are not cumulative at this time.

5. Production patches (the ones that do not require a password), normally, contain the fixes of older production patches.

6. When we create a new patch for you (that is when you report a new issue, never seen before, and then we create a fix for that and provide it to you) we ask you the list of one-off patches you have applied. Development uses it to create a merged patch including all those fixes plus the new one.

7. In the case a one-off patch is already available (so, it was not produced for you), you would need to open an SR to ask for a password to download it. In that same SR, please, provide the list of patches applied previously, so Support can determine if it is ok for you to apply the patch, or if a merged patch needs to be created for you.

8. When in doubt, ask ORACLE Support if a patch can be applied by you without conflict issues.

Categories: OBIEE 11G Tags: , ,

OBIEE 10g and 11g: Comparing Repository And Catalog Security Models And Changes With Upgrade

March 7th, 2012 No comments

Applies to:

Business Intelligence Suite Enterprise Edition – Version: 10.1.3.2 to 11.1.1.5.0 [1308] – Release: 10g to 11g
Business Intelligence Suite Enterprise Edition – Version: 10.1.3.2 to 11.1.1.5.0 [1308]   [Release: 10g to 11g]
Information in this document applies to any platform.

Purpose

This document highlights the security features in Oracle Business Intelligence Enterprise Edition (OBIEE) and compares and contrasts features found in OBIEE 10g and 11g.

Questions and Answers

What documentation describes the security model for the Repository (RPD) and Catalog in OBIEE 10g?

OBIEE 10g security and repository access control are described in the Oracle Business Intelligence Server Administration Guide.

Web Catalog security and access control is described in the Oracle Business Intelligence Presentation Services Administration Guide.

What documentation describes the security model for the RPD and catalog  in OBIEE 11g?

OBIEE 11g security is described primarily in two places:

How are security settings enabled / controlled in OBIEE 10g and 11g?

In OBIEE 10g, security is controlled at the following points: permissions on the OBIEE Presentation catalog, via the repository (users and passwords) and optionally via an external LDAP, or external tables.

In OBIEE 11g, the security policy is split across the OBIEE presentation catalog, repository and default 11g identity store (embedded WLS LDAP), or external LDAP (i.e. OID or other if used).


What are the primary differences between the OBIEE 10g and 11g security models and what happens during upgrade?

Security Task/Object OBIEE 10g OBIEE 11g What happens during 10g upgrade to 11g?
Define Users and Groups in RPD file using OBIEE Admin Tool Default N/A. By default, users are defined in embedded WLS LDAP via FMW EM Console, or alternatively, in external LDAP. By default, existing users and groups migrated to embedded WLS LDAP. Existing groups are automatically mapped to an Application role.
Defining security policies Policies in the catalog and repository can be defined to reference groups within a directory Policies are defined in terms of application roles, which map to users and groups in a directory. 10g catalog groups are automatically migrated in the upgraded catalog and assigned the same privileges, access, and membership.
“Administrator” user Unique user with full administrative privileges No single user named for full administrative privileges. Administration can be performed by any user who is member of BIAdministrators group. “Administrator” user automatically added as member of “BIAdministrators” group in embedded WLS LDAP and granted Administrator role. The user specified during OBIEE 11g installation (i.e. “weblogic”, “biadmin”) is also a member of the BIAdministrators group.
Repository encryption Available on sensitive elements only – i.e. user passwords, connection pool passwords, etc. Entire RPD encrypted via a password. Prompted to set a repository password while running the upgrade assistant. Do not lose this password as there is no feature to recover a lost password.
External Authentication and OBIEE Initialization (Init) Blocks Init blocks are required for external LDAP or external table authentication. Init blocks not required for WLS embedded LDAP. Init blocks are required for external LDAP or external table authentication. Upgraded RPD will continue to point to 10g LDAP or external tables. Initblocks may need to be modified to ensure that deprecated, or reserved word, variable names are renamed.
NOTE: If you intend to use another LDAP server, such as Oracle Identity Management (OID), then you must upgrade to the embedded LDAP server first, then
migrate to the production LDAP server. Please see Upgrade Guide for further details.
Catalog Groups Defined in Presentation Server Administration link Available for backward compatibility. Use of Application Roles in FMW EM Console recommended. Existing groups will be migrated. Recommendation is to use application roles instead. Privileges on catalog objects may be granted to an application role via BI Presentation server Administration link.
SA System Subject Area Optional Available for backward compatibility and requires init blocks and external tables. Use of Embedded LDAP is recommended. Upgraded 10g RPD will point to external tables. Initblocks may need to be modified to ensure that deprecated, or reserved word, variable names are renamed.
“Everyone” Presentation Server Group Default Replaced with AuthenticatedUser role “Everyone” group migrated to AuthenticatedUser role.

OBIEE 10g and 11g: Comparing Repository And Catalog Security Models And Changes With Upgrade Related

Categories: OBIEE 11G Tags: , , ,

Obiee 11g: After upgrade from 10g, 11g report generated UNION ALL in SQL

March 3rd, 2012 No comments

Applies to:

Business Intelligence Server Enterprise Edition – Version: 11.1.1.3.0 [1905] and later   [Release: 11g and later ]
Information in this document applies to any platform.

Symptoms

1) Customer upgraded 10.1.3.4.1 RPD and web catalog to 11.1.1.3.
2) Its noticed that in 11.1.1.3 the same reports take a lot longer to execute:
Eg: 1 min 30 sec in 11G vs. only 30 sec in 10G.
3) RPD doesn’t have any metadata inconsistencies, connection pool settings are good.
4) The memory usage spikes up when reports are run, and BI Server is taking too long compiling these reports.
5) Customer notices that the XML copied from 10g to 11g creates a more complicated logical query in 11g compared to 10g.
6) When customer copies the logical query from 10g and runs in 11g it gives the same performance as 10g.

Cause

Basically this is caused by many column with the empty string formula: ”, causing it to have 2nd UNION leaf to calculate the subtotal in 11.1.1.3.

Solution

These columns with a column formula ” where used as separators in the report.

Replaced all column separators with “duplicate measure” columns with a column length of 0.
This ensures the subtotals are NOT trying to use the separators as dimensions and create extra queries with UNION ALL.

Categories: OBIEE 11G Tags: , ,

The OBIEE Dashboard Is Empty After Upgrading From 10g To OBIEE 11g

February 29th, 2012 No comments

Applies to:

Business Intelligence Interactive Dashboard – Version: 11.1.1.5.0 [1308] and later   [Release: 11g and later ]
Information in this document applies to any platform.

Symptoms

Recently upgraded Oracle Business Intelligence Enterprise Edition (OBIEE) from 10g to 11g (OBIEE 11.1.1.5).
All upgrade steps were completed as described in the Upgrade Guide for Oracle Business Intelligence
11g; including upgrading the web catalog and repository (RPD).
The repository was checked and there were no errors.
When logging in to OBIEE Presentation server as a user with OBIEE Administrator role, the 11g dashboard is empty and expected content is not present.

Changes

Upgraded from 10g to 11g.

Cause

Insufficient permissions on ‘shared folders.’
The permissions on catalog folder ‘shared folders’ were available only for ‘Authenticated user’ and ‘Presentation Server Administrators’.

Solution

Login to OBIEE Presentation server as WLS or biadmin user and select Administration link ->
add relevant application role e.g. ‘BI Administrator role’ and grant at least read and traverse permissions to the ‘shared folders.’
Also ensure that you tick the check boxes to apply permissions to all items within the folder and sub folders.

The OBIEE Dashboard Is Empty After Upgrading From 10g To OBIEE 11g

Categories: OBIEE 11G Tags: ,