Security Issues after Patching Oracle BI Publisher 220.127.116.11.0
As all know, patching process is not a big deal in most of the cases, but sometimes it is like "pain in the ass". As soon as starting dealing with BI Publisher, I faced issues which want to share.
I have discovered that after patching the BIP, security losts its permissions. So, let's see how to fix it! :)
First will show the patching process which for BI 11 is standard:
1. Log to the server, where BI is running with the correct user. In our case user is 'weblogic'.
2. Upload the zip file with the patch p28609078 , unzip it and change directory to 28609078
In this directory, you can find the readme.txt, where all steps are described.
You have to check that OPatch version to be 18.104.22.168.2 or higher.
3. As pre-patch step you have to stop the running servers from the admin console of the WebLogic. Log to the WebLogic Administration Console and stop the managed server and AdminServer.
Oracle Interim Patch Installer version 22.214.171.124.3
Applying interim patch '28609078' to OH '/opt/oracle/BIPublisher11g/Oracle_BI1'
Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.
Patching component oracle.bi.xdo, 126.96.36.199.0...
Verifying the update...
Now we are going to start Admin Server and managed server. Firt of all set the domain environemnt, start NodeManager and start WebLogic Scripting Tool (wlst):
nohup /opt/oracle/BIPublisher11g/wlserver_10.3/server/bin/startNodeManager.sh &
Connect to the NodeManager and start AdminServer:
|nmConnect('weblogic','weblogic1', host='localhost', port=5556, domainName='bifoundation_domain', domainDir='/opt/oracle/BIPublisher11g/user_projects/domains/bifoundation_domain', nmType='plain')
Now we can log in to the Administration Console http://IP.Address:Port/console and start from there Managed Node. After starting Managed Server we can see the below error in the log file of bipublisher.log
which is located here:
java.security.AccessControlException: access denied (oracle.security.jps.service.policystore.PolicyStoreAccessPermission
This error is related to missing permissions in System Policies. You can access http://IP.Address:Port/xmlpserver but you are not able to open reports. In order to fix this issue, you have to log in to the Enterprise Manager: http://IP.Address:Port/em
Right click on the domain which in our case is bifoundation_domain -> Security -> System Policies
On type choose Codebase, Name -> Includes -> bipublisher -> search. Then click on create or create like from one of the existing and add:
When you mark the file that just created below you will find the window below with Permission for Codebase. For all of the Resource Names, the Permission Actions should be with * for all. Only the last one can be set to read as
it is shown on the above picture. You can make that changes when click on the codebase that you have just added and click on edit.
When the changes are applied you can have problems with accessing http://IP.Address:Port/xmlpserver/servlet/catalog or http://IP.Address:Port/xmlpserver/servlet/admin
The problem might be related with browser caching, so you have to clear your browser cached data and try to open it again. The issue will be fixed.
I can give you another hint if you cannot log in or access xmlpserver is to remove tmp anc cache folders from the OS which are located here:
First, stop your BI managed server, remove both folders or rename them and start again the managed server.
It is good to know the above things for cached and tmp data, because they are not so big deal, but if you do not know for them, they can lost your time for nothing.
Hope that you have enjoyed this post. :)
Comment from: Member
hmm, this is totally different post, its look like that to be Oracle DBA is not only database but as well other challenges like Oracle BI :)
This is very useful post due to the fact that in order to consider adding here you maybe you have spend a lot of time.
this is great for the community
#Oracle #OracleBI #BI #DBA