Primavera Analytics and Primavera Data Warehouse Security Overview

Similar documents
This document provides links to resources that will help you use P6 EPPM.

This document provides links to resources that will help you use EnterpriseTrack.

About Oracle Primavera P6 Enterprise Project Portfolio Management

Contents Introduction... 5 Where to Get Documentation... 5 Where to Get Training... 5 Where to Get Support... 6 Legal Notices... 7

Contents Working with Oracle Primavera P6 EPPM, P6 Analytics, and P6 Reporting Database... 5 For More Information Legal Notices...

About Contract Management

What's New New Features in Primavera Analytics 18

Contents Best Practices for Upgrading P6 EPPM... 5 Upgrade Overview... 6 Examining Your Upgrade Criteria... 9 Upgrade Best Practices...

About Configuring BI Publisher for Primavera Unifier. Getting Started with BI Publisher Reports

Contents About This Guide... 5 Upgrade Overview... 5 Examining Your Upgrade Criteria... 7 Upgrade Best Practices... 8

New Features in Primavera Analytics 16.2

Configuring Single Sign-On for Oracle Enterprise Performance Management Cloud. Configuring Single Sign-On Between EPM Cloud and NetSuite

About Oracle Primavera P6 Enterprise Project Portfolio Management

New Features in Primavera Contract Management 14.1

Oracle Communications Pricing Design Center

Oracle Banking Digital Experience

New Features in Primavera Gateway 14.2

Oracle SCM Cloud. Release 11. Getting Started with Your Manufacturing and Supply Chain Management Implementation O C T O B E R

Oracle Hospitality ecommerce Integration Cloud Service Release Notes Release 18.1 E

Contents Working with Oracle Primavera Analytics... 5 Legal Notices... 10

Oracle Banking Enterprise Product Manufacturing

Oracle. SCM Cloud Getting Started with Your Manufacturing and Supply Chain Materials Management Implementation. Release 13 (update 18B)

Agile PLM UPK. Agile Help Menu Integration Addendum. v9.3

Primavera Project Delivery Application User s Guide

What's New New Features in Primavera P6 EPPM 18

About Configuring BI Publisher for Primavera Unifier. Getting Started with BI Publisher Reports

Oracle Enterprise Manager. 1 Where To Find Installation And Upgrade Documentation

Oracle. SCM Cloud Getting Started with Your Manufacturing and Supply Chain Materials Management Implementation. Release 13 (update 17D)

Oracle Fusion Applications

Agile PLM UPK. Agile Help Menu Integration Guide. v9.3

Oracle Revenue Management and Billing. Upgrade Path Guide. Version Revision 13.0

Quick Installation Guide

Oracle Hospitality RES 3700 Enterprise Management. Installation Guide

Oracle Enterprise Manager

New Features in Primavera Portfolio Management 15.1

NS Connector! Seamlessly Integrate the Data Flow Between Your Projects and Financials with HOW DOES CONNECTOR WORK? WHAT CAN CONNECTOR DO FOR ME?

BlackBerry User Guide

Oracle Banking Digital Experience

What's New New Features in Primavera P6 EPPM 18

Agile Product Lifecycle Management

New Features in Primavera Contract Management 14.2

Agile Product Lifecycle Management

Oracle Project Portfolio Management and Grants Management Cloud Security Reference. Release 13 (update 17D) Part Number E

Oracle Data Relationship Management

Oracle Knowledge Analytics User Guide

Mobile for Android User Guide

Transaction Based Usage Costs

Oracle Procurement Cloud Security Reference

Oracle. Sales Cloud Using Sales Cloud for Outlook. Release 13 (update 17D)

Oracle. Adaptive Intelligent Apps for CX Getting Started with Adaptive Intelligent Sales 18.10

Oracle. Adaptive Intelligent Apps for CX Getting Started with Adaptive Intelligent Sales 18.10

Agile Product Lifecycle Management

Oracle Procurement Cloud Security Reference. Release 13 (update 18B)

Oracle Hospitality Hotel Mobile Release Notes Release 1.0 E June 2016

Oracle Procurement Cloud Security Reference. Release 13 (update 17D) Part Number E

Taleo Enterprise Fluid Recruiting User Guide Release 17

Pre-Installation Instructions

Monitoring Oracle Java CAPS Business Processes

Release December 2018

Oracle Service Cloud. New Feature Summary. Release 18C ORACLE

Oracle. Talent Management Cloud Using Talent Review and Succession Management. Release 13 (update 17D)

Oracle. Talent Management Cloud Using Career Development. Release 13 (update 17D)

Oracle. Talent Management Cloud Using Talent Review and Succession Management. Release 12. This guide also applies to on-premises implementations

Oracle Public Sector Revenue Management Analytics

Oracle Hospitality Inventory Management Close Financial Period User Guide Release 9.0 E

Oracle Utilities Customer Care and Billing Release Utility Reference Model Apply Miscellaneous Charges

Oracle Supply Chain Planning Cloud. Release 13 (updates 18A 18C) New Feature Summary

Oracle Retail Merchandising Analytics. Product Overview. Characteristics. Release Notes Release 13.2

Oracle Utilities Customer Care & Billing Release Utility Reference Model Establish and Maintain Net Energy Metering Service

Oracle. SCM Cloud Implementing Supply Chain Planning. Release 13 (update 18A)

Oracle Utilities Customer Self Service

Oracle Service Logistics Cloud Using Service Logistics Cloud 19A

Oracle Banking Digital Experience

Oracle SCM Cloud Implementing Supply Chain Planning. Release 13 (update 18C)

Oracle Banking Digital Experience

Oracle Talent Management Cloud Implementing Career Development 19A

Oracle. Student Management Cloud Getting Started with Your Student Management Implementation. Release 13 (update 18A)

Product Release Note Oracle Banking Corporate Lending Process Management Release Part No. E July 2018

Oracle Fusion Transactional Business Intelligence

Oracle Talent Management Cloud Using Career Development 19A

ABS-POS EMS Functionality ABS-POS EMS Functionality Date: 24th September 2009

Oracle Hospitality Inventory Management Mobile Solutions. Installation and Configuration Guide

Oracle Cloud E

Oracle Public Sector Revenue Management Analytics

Oracle. SCM Cloud Administering Pricing. Release 12. This guide also applies to on-premises implementations

Oracle Banking Digital Experience

Agile PLM Business Intelligence

Oracle Hospitality Suites Management. Release Notes

Oracle Enterprise Performance Management System Addendum. Release

PeopleSoft Enterprise Performance Management 9.1 PeopleBooks Revision 2. December 2013

Oracle Communications Marketing and Advertising. New Features. Platform Upgrade to Oracle WebLogic 11g. Siebel Marketing Integration

Taleo Enterprise Performance Review Ratings Orientation Guide Release 17

Dashboard User Guide Oracle Banking Payments. Release Part No. E

Oracle. Talent Management Cloud Using Goal Management. Release 13 (update 17D)

Oracle Hospitality InMotion Mobile. Quick Reference

Oracle Manufacturing Cloud. Release 13 (updates 18A 18C) New Feature Summary

PeopleSoft Enterprise Contracts 9.1 Reports

Oracle Fusion Transactional Business Intelligence

Taleo Enterprise Fluid Recruiting User Guide Release 17.2

New Features in EnterpriseTrack 16.1

Transcription:

Analytics and Primavera Data Warehouse Security Guide 15 R2 October 2015

Contents Primavera Analytics and Primavera Data Warehouse Security Overview... 5 Safe Deployment of Primavera Analytics and Primavera Data Warehouse... 6 Administrative Privileges Needed for Installation and Operation of Primavera Analytics and Primavera Data Warehouse... 6 Physical Security Requirements for Primavera Analytics and Primavera Data Warehouse... 6 Files to Back Up after Installing Primavera Analytics and the Primavera Data Warehouse... 6 Authentication Options... 7 Authorization for P6 EPPM, Primavera Unifier, and the Primavera Data Warehouse... 7 Maintaining Confidentiality for Primavera Analytics and the Primavera Data Warehouse... 8 Reliability for Primavera Analytics and the Primavera Data Warehouse... 8 Sensitive Data in Primavera Analytics and the Primavera Data Warehouse... 9 Primavera Data Warehouse Security... 9 Primavera Analytics Security... 10 WebLogic Embedded Security... 11 For More Information... 12 Where to Get Documentation... 12 Where to Get Training... 14 Where to Get Support... 15 Legal Notices... 17 3

Primavera Analytics and Primavera Data Warehouse Security Overview During the installation and configuration process for Primavera Analytics and the Primavera Data Warehouse, several options are available that impact security. Depending on your organization's needs, you might need to create a highly secure environment for Primavera Analytics and the Primavera Data Warehouse. Use the following guidelines to plan your security strategy for Primavera Analytics and the Primavera Data Warehouse: Review all security documentation for applications and hardware components that interact or integrate with Primavera Analytics and the Primavera Data Warehouse. Oracle recommends you harden your environment (where required). Read through the summary of considerations for Primavera Analytics and the Primavera Data Warehouse included in this document. Areas covered include: safe deployment, authentication options, authorization, confidentiality, sensitive data, and reliability. Throughout this documentation, the Security Guidance icon helps you to quickly identify security-related content to consider during the installation and configuration process. Once you begin the installation and configuration of your Primavera Analytics and Primavera Data Warehouse environment, use the Security Guidance icon as a reminder to carefully consider all security options. Tips As with any software product, be aware that security changes made for third-party applications might affect Primavera Analytics and Primavera Data Warehouse applications. 5

Primavera Analytics and Primavera Data Warehouse Security Guide Safe Deployment of Primavera Analytics and Primavera Data Warehouse To ensure overall safe deployment, you should carefully plan security for all components, such as database servers and client computers that are required for and interact with Primavera Analytics and the Primavera Data Warehouse. In addition to the documentation included with other applications and hardware components, follow the Primavera Analytics and Primavera Data Warehouse-specific guidance below. Administrative Privileges Needed for Installation and Operation of Primavera Analytics and Primavera Data Warehouse As the administrator, you should determine the minimum administrative privileges or permissions needed to install, configure, and operate Primavera Analytics and the Primavera Data Warehouse. Physical Security Requirements for Primavera Analytics and Primavera Data Warehouse You should physically secure all hardware hosting Primavera Analytics and the Primavera Data Warehouse to maintain a safe implementation environment. See the Primavera Analytics Planning and Sizing Guide. Files to Back Up after Installing Primavera Analytics and the Primavera Data Warehouse Once Primavera Analytics and the Primavera Data Warehouse installation and configuration is compete, you should back up the files that are not needed for daily operations. Use your discretion to determine the complete list of files to be backed up, but Oracle recommends that you include the following: staretl.properties, which contains given paths, DB user names, installation options, and encrypted passwords. The user who installs, configures, and runs the ETL process must have read/write privileges to this file. The default location is the <star_home>\star\etl_homes\staretl\res folder. etl_calculations.tcsv, which contains metadata calculations. The default location is the <star_home>\star\etl_homes\staretl\res\metadata folder. Any custom scripts that you have created. The default location for custom scripts is the <star_home>\star\etl_homes\staretl\scripts\user_scripts folder. 6

Authentication Options Authentication Options When you set up Primavera Analytics, you can choose one of the following authentication modes: Native is the default mode for the application. In Native mode, the database acts as the authority and the application handles the authentication of the user who is logging into that application. Single Sign-On (SSO) controls access to Web applications. In SSO mode, the applications are protected resources. When a user tries to login to one, a Web agent intercepts the login and prompts the user for login credentials. The Web agent passes the user's credentials to a policy server, which authenticates them against a user data store. With SSO, once the users login, they are logged into all Web applications during their browser session (as long as all Web applications authenticate against the same policy server). Lightweight Directory Access Protocol (LDAP) authenticates users through a directory and is available for all applications. The application supports LDAP referrals with Oracle Internet Directory and Microsoft Windows Active Directory. LDAP referrals allow authentication to extend to another domain. You can also configure multiple LDAP servers, which supports failover and enables you to search for users in multiple LDAP stores. In LDAP mode, an LDAP directory server database confirms the user's identity when they attempt to log in to an application. Authorization for P6 EPPM, Primavera Unifier, and the Primavera Data Warehouse Grant appropriate authorization to all P6 EPPM, Primavera Unifier, and Primavera Data Warehouse users. See the following documents for details on the most secure application security options: Primavera Analytics and Primavera Data Warehouse Installation and Configuration Guide P6 EPPM Security Guide Primavera Unifier Security Guide Authentication for Primavera Analytics depends on your authorization method for the Oracle Business Intelligence application; however, all of the following user names must match: P6 EPPM Primavera Unifier Primavera Data Warehouse OBI WebLogic server 7

Primavera Analytics and Primavera Data Warehouse Security Guide Maintaining Confidentiality for Primavera Analytics and the Primavera Data Warehouse Confidentiality ensures only authorized users see stored and transmitted information. In addition to the documentation included with other applications and hardware components, follow the guidance below. For data in transit, use Secure Socket Layer (SSL)/Transport Layer Security (TLS) to protect network connections among modules. If you use LDAP or SSO authentication, ensure you use LDAP over SSL to connect to the directory server. For data at rest, refer to the documentation included with the database server for instructions on securing the database. Reliability for Primavera Analytics and the Primavera Data Warehouse Take the following steps to protect against attacks that could cause a denial of service: Install the latest security patches on all Primavera Analytics and the Primavera Data Warehouse servers. (P6 EPPM only) Replace the default Admin Superuser (admin) immediately after a manual database installation or an upgrade from P6 7.0 and earlier. Ensure log settings meet the operational needs of the server environment. Do not use "Debug" log level in production environments. Document the configuration settings used for servers and create a process for changing them. Protect access to configuration files with physical and file system security. 8

Sensitive Data in Primavera Analytics and the Primavera Data Warehouse Sensitive Data in Primavera Analytics and the Primavera Data Warehouse Protect sensitive data in Primavera Analytics and the Primavera Data Warehouse, such as user names, passwords, and email addresses. Use the process below to help during your security planning: Determine which products and interacting applications display or transmit data that your organization considers sensitive. For example, costs and secure codes. Implement security measures in Primavera Analytics and the Primavera Data Warehouse to carefully grant users access to sensitive data. For example, in P6 EPPM, use a combination of Global Profiles, Project Profiles, and OBS access to limit access to data. In Primavera Unifier, use Company level permissions to grant access to companywide data for all projects and Project level permissions to grant access to a project-specific data. Implement security measures for applications that interact with Primavera Analytics and the Primavera Data Warehouse, as described in the documentation included with those applications. Primavera Data Warehouse Security The Primavera Data Warehouse maintains security similarly to P6 EPPM and Primavera Unifier. In P6 EPPM, the security being maintained consists of Project/Cost security, Resource security, and OBS security. In Primavera Unifier, the security being maintained consists of Company level permissions and Project level permissions, which both work in tandem with the permissions set in Primavera Analytics for a user. The Primavera Data Warehouse has row-level security that is built into the Oracle Enterprise Edition database. See the Primavera Analytics and Primavera Data Warehouse Installation and Configuration Guide for details. 9

Primavera Analytics and Primavera Data Warehouse Security Guide Primavera Analytics Security Primavera Data Warehouse row-level security is enforced when queries are executed from the OBI server. To apply the proper security and ensure users have access to their data, confirm that the following user names match: P6 EPPM Primavera Unifier Primavera Data Warehouse OBI WebLogic server 10

WebLogic Embedded Security WebLogic Embedded Security Primavera Analytics leverages the existing WebLogic embedded security model. This means that Primavera Analytics supports all the various security implementations that a traditional WebLogic server supports. This section lists are some common security methods. WebLogic Authenticator Provider To allow users to access the Primavera Data Warehouse, create a group in the provider called p6rdbusers and assign each administrator that will run the Primavera Analytics web application to this group. For details on configuring the WebLogic Authenticator Provider, see http://docs.oracle.com/cd/e17904_01/web.1111/e13707/atn.htm#i1206556. LDAP Providers WebLogic supports a variety of LDAP providers. Refer to the documentation from your LDAP provider for details on adding users and groups to the store. The only requirement for Primavera Analytics is that you create a group in the LDAP store called p6rdbusers and assign each administrator that will run the Primavera Analytics web application to this group. Primavera Analytics has been certified in the Red Stack using Oracle Internet Directory (OID) Authentication provider. For details on WebLogic LDAP providers and how to configure the server, see http://docs.oracle.com/cd/e17904_01/web.1111/e13707/atn.htm#i1216261. Identity Assertion Providers (Single Sign-on): WebLogic supports configuration of a SSO provider. Refer to your SSO documentation for information on configuration and administration. Primavera Analytics has been certified using Oracle Internet Directory (OID) in coordination with Oracle Access Manager (OAM). For details on configuring OAM with WebLogic, see http://docs.oracle.com/cd/e15523_01/core.1111/e10043/osso.htm#chdgcacf. 11

Primavera Analytics and Primavera Data Warehouse Security Guide For More Information Where to Get Documentation Complete documentation libraries for Primavera Analytics releases are available on the Oracle Technology Network (OTN) at: http://www.oracle.com/technetwork/documentation/default-1555811.html From this location you can either view libraries online or download them to have local copies. Oracle recommends that you view the libraries online from OTN to ensure you always access the latest versions, including critical corrections and enhancements. Most documentation assumes a standard setup of the product with full access rights to all features and functions. The following table describes the core documents available for Primavera Analytics and lists the recommended readers by role. Title What's New in Primavera Analytics Primavera Analytics System Architecture Data Sheet Description This guide highlights the new and enhanced features included in this release. You can also use the Cumulative Feature Overview tool to identify the features that have been added since a specific release level. All users and administrators should read this guide. The guide provides information on how Primavera Analytics and the Primavera Data Warehouse work together with P6 EPPM and Primavera Unifier. All on-premises administrators should read this guide. Primavera Analytics and Primavera Data Warehouse Planning and Sizing Guide This guide details how to plan your installation and ensures you have the necessary technical specifications to successfully install Primavera Analytics and the Primavera Data Warehouse. It also includes checklists for Primavera Analytics and the Primavera Data Warehouse to help guide you through the installation. All on-premises administrators should read this guide. 12

For More Information Title Primavera Analytics and Primavera Data Warehouse Security Guide Primavera Data Warehouse Installation and Configuration Guide Primavera Analytics Installation and Configuration Guide Description This guide enables you to plan your security strategy for Primavera Analytics and the Primavera Data Warehouse. It includes information on safe deployments, authentication options, and specific security settings for the Primavera Data Warehouse database. All on-premises administrators should read this guide. This guide gives step-by-step instructions for installing and configuring the Primavera Data Warehouse database. Primavera Data Warehouse is required to run Primavera Analytics. All on-premises administrators should read this guide. This guide gives step-by-step instructions for installing and configuring Primavera Analytics. All on-premises administrators should read this guide. Primavera Analytics and Primavera Data Warehouse Post Installation Administrator's Guide Primavera Cloud Service Administrator's Guide Primavera Analytics Reference Manual This guide describes advanced configurations of Primavera Analytics and Primavera Data Warehouse. It also includes the on-going tasks required for administration. All on-premises administrators should read this guide. This guide describes how to configure and administer Primavera products hosted on the Oracle Cloud for Industries. It supersedes all the other installation and configuration guides for Primavera products, since they are for on-premises deployments. All cloud administrators should read this guide. This guide describes how to get started with Primavera Analytics. It has examples of sample dashboards and Burn Down activity use cases. All users should read this guide. Tested Configurations This document lists the configurations that have been tested and verified to work with Primavera Analytics. The network administrator/database administrator and Primavera Analytics all administrators should read this document. 13

Primavera Analytics and Primavera Data Warehouse Security Guide Distributing Information to the Team You can copy the online documentation to a network drive for access by project participants. Each team member can then view or print those portions that specifically relate to his or her role in the organization. Throughout this documentation, the Security Guidance icon helps you to quickly identify security-related content to consider during the installation and configuration process. Where to Get Training To access comprehensive training for all Primavera products, go to: http://education.oracle.com Oracle Learning Library The Oracle Learning Library (OLL) provides online learning content covering Primavera products. Content includes videos, tutorials, articles, demos, step-by-step instructions to accomplish specific tasks, and self-paced interactive learning modules. To access the learning library s Primavera content, go to: http://www.oracle.com/oll/primavera 14

For More Information Where to Get Support To get the latest information about Critical Patch Updates, visit http://www.oracle.com/technetwork/topics/security/alerts-086861.html. Access to Oracle Support If you have a question about using Oracle products that you or your network administrator cannot resolve with information in the documentation or help, go to http://support.oracle.com/. This page provides the latest information on contacting Oracle Global Customer Support, knowledge articles, and the support renewals process. Primavera Analytics and the Primavera Data Warehouse integrate with different Oracle applications; when you create a Service Request, be sure to open the request with the proper Support team. To ensure you reach the proper Support team, enter the correct product information when you create the Service Request. Each product has its own support line. Use the Primavera Analytics or Primavera Data Warehouse support line when you are having installation, configuration, connection, or application issues related to Primavera Analytics or the Primavera Data Warehouse. Use one of the following support lines when you are having installation or configuration issues that are not related to Primavera Analytics or the Primavera Data Warehouse: Oracle WebLogic Server Oracle Server BI Publisher Oracle WebCenter Content Oracle Access Manager Oracle customers have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/us/support/contact-068555.html or visit http://www.oracle.com/us/corporate/accessibility/support/index.html if you are hearing impaired. 15

Primavera Analytics and Primavera Data Warehouse Security Guide Using Primavera's Support Resource Centers Primavera s Support Resource Center provides links to important support and product information. Primavera's Product Information Centers (PICs) organize documents found on My Oracle Support (MOS), providing quick access to product and version specific information such as important knowledge documents, Release Value Propositions, and Oracle University training. PICs also offer documentation on Lifetime Management, from planning to installs, upgrades, and maintenance. Visit https://support.oracle.com/epmos/faces/documentdisplay?id=1486951.1 to access links to all of the current PICs. PICs also provide access to: Communities which are moderated by Oracle providing a place for collaboration among industry peers to share best practices. News from our development and strategy groups. Education via a list of available Primavera product trainings through Oracle University. The Oracle Advisor Webcast program brings interactive expertise straight to the desktop using Oracle Web Conferencing technology. This capability brings you and Oracle experts together to access information about support services, products, technologies, best practices, and more. 16

Legal Notices Oracle Primavera Analytics and Primavera Data Warehouse Security Guide Copyright 2008, 2015, Oracle and/or its affiliates. All rights reserved. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government. This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate failsafe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications. This software or hardware and documentation may provide access to or information on content, products and services from third-parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services. 17

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback