Académique Documents
Professionnel Documents
Culture Documents
password
Monday, April 4, 2016
Introduction
As part of installing and configuring FDM EE, securing EPM is typically forgotten. As you might know, FDM
EE is built on top of ODI 11g. Sadly ODI is configured with the factory default credentials, which imposes a
security risk. The more because ODI is not only accessible through the ODI Studio (which is per default
not installed), but also through the web based ODI Console.
The Steps
Below the main steps in order of execution:
1. Change the password for the ODI agent through Enterprise Manager;
2. Change the password for ODI through ODI Studio;
3. Validate the ODI agent connection from ODI;
4. Configure the new password in FDM EE.
Tutorial
Step 1 - ODI Agent (EM)
1. Start Weblogic Admin Server
(\Oracle\Middleware\user_projects\domains\EPMSystem\bin\startWebLogic.cm
d)
2. Login to Enterprise Manager (http://localhost:7001/em) and use the "epm_admin"
account to login
3. In the left pane, select "EPMSystem" in Farm_EPMSystem -> Weblogic Domain
4. In the middle pane, select Credentials in Weblogic Domain -> Security
3. In the left pane, right mouse click on OracleDIAgent in Agents and select "Open"
4. In the right pane, just under tab "OracleDIAgent" click "Test"
5. If not successful, you probably forgot to logout from Oracle Studio and re-login?
During the installation and configuration of Financial Data Quality Management Enterprise
Edition (FDMEE), the Oracle Data Integrator (ODI) master repository and agent are
installed with a default username of SUPERVISOR and SUNOPSIS. Securing the Oracle
Hyperion EPM environment by changing the SUPERVISOR password is not a single step but
requires changes in three separate interfaces: FDMEE, ODI Studio Console, and WebLogic /
Oracle Enterprise Manager.
This post will proceed with version 11.1.2.4 of Oracle EPM installed on Windows Server
2012 R2. The steps for 11.1.2.3.X of EPM are the same except for Operating System
differences.
1. Log into Workspace.
2. Navigate –> Administer –> Data Management.
5. Key the new ODI password for User Name SUPERVISOR and then select Save.
6. After a successful Save, the message “Your changes have been saved” will display.
7. To verify the ODI SUPERVISOR password has changed, select “Check ODI
Connection," which will display an Error. Select OK to close the error.
8. Select ODI Studio from Apps By Name.
9. Key the User “SUPERVISOR” and the Password “SUNOPSIS,” and then select OK.
11. Select Users –> Supervisor then right click and choose Open.
16. Select Agents –> OracleDIAgent and then double click OracleDIAgent.
17. Select Test, which will generate an error. This verifies the password has changed.
Select OK to close the Error dialog box.
18. Select Start Admin Server for WebLogic Server Domain from Apps By Name.
19. Once the Admin Server has started, select Admin Server Console from Apps By
Name.
20. Key the WebLogic Username and Password created during installation and then
select Login.
23. If the Accessibility Preference dialog box appears, update if needed (the default is
displayed below) and then select Continue.
25. Select EPMSystem –> WebLogic Domain –> Security –> Credentials.
26. Expand and select oracle.odi.credmap –> SUPERVISOR.
30. Return to ODI Console and select ODI –> Disconnect “SUPERVISOR.”
32. Key the User “SUPERVISOR” and Password “Updated One,” and then select OK.
33. Select View –> ODI Topology Navigator.
34. Select Agents –> OracleDIAgent and then double click OracleDIAgent.
35. Select Test, which will generate an Agent Test Successful dialog box. Select OK to
close the dialog box.
2. In the left pane, select tab "Setup" and click "System Settings"
3. In the right pane, select ODI as profile type
4. Change the "ODI Password" and click Save (upper most right)
5. Click "Check ODI Connection" in order to validate the connection to the agent
Final Notes
As you noticed changing the "SUPERVISOR" password can be a bit cumbersome. However from a security
perspective worth the effort. I would avoid using complex passwords that include special- and high ASCII
characters. It could very well break FDMEE and/or ODI.