Oracle Cloud Infrastructure Documentation

Manage Service Access and Security

Give Users Permissions to Manage Analytics Cloud Instances

About Permissions to Manage Oracle Analytics Cloud Instances

You use authorization policies to control access to resources in your tenancy. For example, you can create a policy that authorizes users to create and manage Oracle Analytics Cloud instances.

You create policies using the Oracle Cloud Infrastructure Console. For detailed information, see Managing Policies.

Resource Types for Oracle Analytics Cloud
Resource Types Description

analytics-instance

A single Oracle Analytics Cloud instance.

analytics-instances

One or more Oracle Analytics Cloud instances.

analytics-instance-work-request

A single work request for Oracle Analytics Cloud.

Each operation you perform on an Oracle Analytics Cloud instance, creates a work request. For example, operations such as create, start, stop, and so on.

analytics-instance-work-requests One or more work requests.

Supported Variables

The values of these variables are supplied by Oracle Analytics Cloud. In addition, other general variables are supported. See General Variables for All Requests.

Variable Type Description Sample Value
target.analytics-instance.id ocid OCID for the Analytics Cloud instance. target.analytics-instance.id = 'oci1.analyticsinstance.oc1..abc123'
target.analytics-instance.name string Name of the Analytics Cloud instance. target.analytics-instance.name = 'myanalytics_1'
target.analytics-instance.source-compartment.id ocid OCID of the source compartment, in a "move compartment" operation. target.analytics-instance.source-compartment.id = 'ocid1.compartment.oc1..aaa100'
target.analytics-instance.destination-compartment.id ocid OCID of the destination compartment in a "move compartment" operation. target.analytics-instance.destination-compartment.id = 'ocid1.compartment.oc1..aaa200'

Details for Verb and Resource-Type Combinations

Oracle Cloud Infrastructure offers a standard set of verbs to define permissions across Oracle Cloud Infrastructure resources (Inspect, Read, Use, Manage). These tables list the Oracle Analytics Cloud permissions associated with each verb. The level of access is cumulative as you go from Inspect to Read to Use to Manage.

INSPECT

Resource- Type INSPECT Permission
  • analytics-instance
  • analytics-instances
  • ANALYTICS_INSTANCE_INSPECT
  • analytics-instance-work-request
  • analytics-instance-work-requests
  • ANALYTICS_INSTANCE_WR_INSPECT

READ

Resource- Type READ Permission
  • analytics-instance
  • analytics-instances
  • ANALYTICS_INSTANCE_INSPECT
  • ANALYTICS_INSTANCE_READ
  • analytics-instance-work-request
  • analytics-instance-work-requests
  • ANALYTICS_INSTANCE_WR_INSPECT
  • ANALYTICS_INSTANCE_WR_READ

USE

Resource- Type USE Permission
  • analytics-instance
  • analytics-instances
  • ANALYTICS_INSTANCE_INSPECT
  • ANALYTICS_INSTANCE_READ
  • ANALYTICS_INSTANCE_USE
  • analytics-instance-work-request
  • analytics-instance-work-requests
  • N/A

MANAGE

Resource- Type MANAGE Permission
  • analytics-instance
  • analytics-instances
  • ANALYTICS_INSTANCE_INSPECT
  • ANALYTICS_INSTANCE_READ
  • ANALYTICS_INSTANCE_USE
  • ANALYTICS_INSTANCE_CREATE
  • ANALYTICS_INSTANCE_DELETE
  • ANALYTICS_INSTANCE_UPDATE
  • ANALYTICS_INSTANCE_MOVE
  • ANALYTICS_INSTANCE_MANAGE
  • analytics-instance-work-request
  • analytics-instance-work-requests
  • ANALYTICS_INSTANCE_WR_INSPECT
  • ANALYTICS_INSTANCE_WR_READ
  • ANALYTICS_INSTANCE_WR_DELETE

Permissions Required for Each API Operation

This table shows the API operations available for Oracle Analytics Cloud, grouped by resource type.

REST API Operation CLI Command Operation Permission Required to Use the Operation
ListAnalyticsInstances analytics-instance list ANALYTICS_INSTANCE_INSPECT
CreateAnalyticsInstance analytics-instance create ANALYTICS_INSTANCE_CREATE
GetAnalyticsInstance analytics-instance get ANALYTICS_INSTANCE_READ
UpdateAnalyticsInstance analytics-instance update ANALYTICS_INSTANCE_UPDATE
DeleteAnalyticsInstance analytics-instance delete ANALYTICS_INSTANCE_DELETE
StartAnalyticsInstance analytics-instance start ANALYTICS_INSTANCE_USE
StopAnalyticsInstance analytics-instance stop ANALYTICS_INSTANCE_USE
ScaleAnalyticsInstance analytics-instance scale ANALYTICS_INSTANCE_MANAGE
ChangeAnalyticsInstanceCompartment analytics-instance change-compartment ANALYTICS_INSTANCE_MOVE
ListWorkRequests work-request list ANALYTICS_INSTANCE_WR_INSPECT
GetWorkRequest work-request get ANALYTICS_INSTANCE_WR_READ
DeleteWorkRequest work-request delete ANALYTICS_INSTANCE_WR_DELETE
ListWorkRequestErrors work-request-error list ANALYTICS_INSTANCE_WR_INSPECT
ListWorkRequestLogs work-request-log list ANALYTICS_INSTANCE_WR_INSPECT

Example Policy Statements to Manage Analytics Cloud Instances

Here are typical policy statements that you might use to authorize access to Oracle Analytics Cloud instances.

When you create a policy for your tenancy, you grant users access to all compartments by way of policy inheritance. Alternatively, you can restrict access to individual Oracle Analytics Cloud instances or compartments.

Let users in the Administrators group fully manage any Analytics instance

# Full manage permissions (Create, View, Update, Delete, Scale, Start, Stop...)
allow group Administrators to manage analytics-instances in tenancy
allow group Administrators to manage analytics-instance-work-requests in tenancy

Let users in the analytics_power_users group read, start, and stop all Analytics instances in compartment MyOACProduction

# Use permissions (List, Get, Start, Stop)
allow group analytics_power_users to use analytics-instances in compartment MyOACProduction

Let users in the analytics_test_users group create and manage a single Analytics instance (myanalytics_1) in compartment MyOACTest

# Full manage permissions on a single instance
allow group analytics_test_users to manage analytics-instances in compartment MyOACTest where target.analytics-instances.name = 'myanalytics_1'

Let users in the analytics_power_users group move Analytics instances between two named compartments

# Custom permissions to move instances between two specific compartments.
allow group analytics_power_users to {ANALYTICS_INSTANCE_INSPECT, ANALYTICS_INSTANCE_READ, ANALYTICS_INSTANCE_MOVE} in tenancy
where all {
        target.analytics-instance.source-compartment.id =
        'ocid1.compartment.oc1..aaa100',
        target.analytics-instance.destination-compartment.id =
        'ocid1.compartment.oc1..aaa200'
  }

Let users in the analytics_users group inspect any Analytics instance and their associated work requests

# Inspect permissions (list analytics instances and work requests) using metaverbs.
allow group analytics_users to inspect analytics-instances in tenancy
allow group analytics_users to inspect analytics-instance-work-requests in tenancy
# Inspect permissions (list analytics instances and work requests) using permission names.
allow group analytics_users to {ANALYTICS_INSTANCE_INSPECT} in tenancy
allow group analytics_users to {ANALYTICS_INSTANCE_WR_INSPECT} in tenancy

Let users in the analytics_users2 group read details about any Analytics instance and their associated work requests

# Read permissions (read complete analytics instance and work request metadata) using metaverbs.
allow group analytics_users2 to read analytics-instances in tenancy
allow group analytics_users2 to read analytics-instance-work-requests in tenancy
# Read permissions (read complete analytics instance and work request metadata) using permission names.
allow group analytics_users2 to {ANALYTICS_INSTANCE_WR_INSPECT, ANALYTICS_INSTANCE_WR_READ} in tenancy

Let users in the analytics_power_users2 group read, start, and stop all Analytics instances and read their associated work requests

# Use permissions (read, stop, start on analytics instance, read on work request) using metaverbs.
allow group analytics_power_users2 to use analytics-instances in tenancy
allow group analytics_power_users2 to read analytics-instance-work-requests in tenancy
# Use permissions (read, stop, start on analytics instance, read on work request) using permission names.
allow group
        analytics_power_users2 to {ANALYTICS_INSTANCE_INSPECT, ANALYTICS_INSTANCE_READ, ANALYTICS_INSTANCE_USE} in
        tenancy
allow group
        analytics_power_users2 to {ANALYTICS_INSTANCE_WR_INSPECT, ANALYTICS_INSTANCE_WR_READ} in
        tenancy

Let users in the Administrators2 group manage any Analytics instance and their associated work requests

# Full manage permissions (use, scale, delete on analytics instance, read and cancel on work request) using metaverbs.
allow group Administrators2 to manage analytics-instances in tenancy
allow group Administrators2 to manage analytics-instance-work-requests in tenancy
# Full manage permissions (use, create, scale, delete on analytics instance, read and cancel on work request) using permission names.
allow group 
        Administrators2 to
        {ANALYTICS_INSTANCE_INSPECT, ANALYTICS_INSTANCE_READ, ANALYTICS_INSTANCE_USE,
        ANALYTICS_INSTANCE_CREATE, ANALYTICS_INSTANCE_DELETE, ANALYTICS_INSTANCE_UPDATE,
        ANALYTICS_INSTANCE_MOVE, ANALYTICS_INSTANCE_MANAGE} in 
        tenancy
allow group
        Administrators2 to 
        {ANALYTICS_INSTANCE_WR_INSPECT, ANALYTICS_INSTANCE_WR_READ, ANALYTICS_INSTANCE_WR_DELETE} in
        tenancy

Typical Workflow for Setting Up Policies to Manage Analytics Cloud Instances

If you’re setting up policies for Oracle Analytics Cloud for the first time, take some time to understand what's required before you start.

Description of policy_flow.jpg follows
Description of the illustration policy_flow.jpg

High-level steps:

  1. Create users in the federated Oracle Identity Cloud Service (IDCS).
  2. Create one or more groups and assign users to each group, as required.

    Give the groups suitable names and include only users that you want to manage Oracle Analytics Cloud instances in Oracle Cloud Infrastructure. For example, prefix them with OCI and indicate the level of access for users in the group: OCI_Users, OCI_Power_Users, OCI_Analytics_Admins, and so on.

  3. Create groups in Oracle Cloud Infrastructure (OCI).

    Give the groups suitable names. For example, prefix them with analytics and mirror the naming convention that you used in Oracle Identity Cloud Service: analytics_users, analytics_power_users, analytics_service_admins, and so on.

  4. Map the groups you created in OCI to the groups in IDCS.
  5. Create one or more polices, as required.

    Give users in OCI groups suitable access permissions to compartments and Oracle Analytics Cloud instances.

For more detailed steps, see the next topic.

Give a User Permissions to Manage Analytics Cloud Instances

You can create security policies to give users suitable access to Oracle Analytics Cloud instances in Oracle Cloud Infrastructure Console.

  1. Sign-in to your Cloud Account as Cloud Account Administrator.
  2. Navigate to the federated Oracle Identity Cloud Service.
    1. Under Governance and Administration, click Identity, then Federation.
    2. Click the link to your Oracle Identity Cloud Service Console.
  3. In Oracle Identity Cloud Service, add one or more users.
    1. In the Users section, click Add a User.
    2. Enter details about the user, and click Finish.
  4. In Oracle Identity Cloud Service, create one or more groups and assign users to the appropriate group.
    1. Click Groups in the Navigator, and then click Add.
    2. Enter details about the group, and click Next.
      For example, if you're creating a policy that gives users permissions to fully manage Oracle Analytics Cloud instances you might name the group OCI_Analytics_Admins (or similar) and include a short description such as "Users with permissions to set up and manage Oracle Analytics Cloud instances on Oracle Cloud Infrastructure" (or similar).
    3. Add one or more users to the group.
  5. In Oracle Cloud Infrastructure Console, create an OCI group that corresponds to each of the groups you created in Oracle Identity Cloud Service.
    1. Under Governance and Administration, click Identity, then Groups.
    2. Click Create Group.
    3. Enter details about the group.
      For example, if you're creating a policy that gives users permissions to fully manage Oracle Analytics Cloud instances you might name the group analytics_service_admin (or similar) and include a short description such as "Users with permissions to set up and manage Oracle Analytics Cloud instances on Oracle Cloud Infrastructure" (or similar).
  6. Map OCI groups to the corresponding groups in Oracle Identity Cloud Service.
    1. Under Governance and Administration, click Identity, then Federation.
    2. Navigate to your Oracle Identity Cloud Service federation.
      For most tenancies, the federation is named OracleIdentityCloudService.
    3. Click Add Mapping and select the name of a group you created in Oracle Identity Cloud Service. For example, OCI_Analytics_Admins.
    4. Select the OCI group you want to map to. For example, analytics_service_admin.
  7. Create a policy that gives users belonging to an OCI group, specific access permissions to Oracle Analytics Cloud instances or compartments.
    1. Under Governance and Administration, click Identity, then Policies.
    2. Select a compartment, and click Create Policy.

Users belonging to any groups mentioned in the policy statement get their new permission when they next sign in to the Console.

Give Data Sources Access to Analytics Cloud Instances

About Access Into and Out from Analytics Cloud Instances

You can manage access into and out from Oracle Analytics Cloud deployments on Oracle Cloud Infrastructure through public IP addresses.

All incoming connections access Oracle Analytics Cloud over the public internet and any connections you set up in Oracle Analytics Cloud to your data sources must be accessible through the public internet.

For example, you connect your Oracle Analytics Cloud deployment to data sources such as Oracle Autonomous Data Warehouse, Oracle Cloud databases deployed on Oracle Cloud Infrastructure, and Oracle Cloud databases deployed on Oracle Cloud Infrastructure Classic through public IPs. If you're not familiar with setting up public IP access for these data sources, use the information here as a guide.

For a complete list of the data sources that Oracle Analytics Cloud can connect to, see Supported Data Sources.

IP Ranges and Gateway IPs for Oracle Analytics Cloud Instances

If you want to connect Oracle Analytics Cloud to a database in Oracle Cloud, you must whitelist the IP address, IP address ranges, or gateway IPs where your Oracle Analytics Cloud instance is located on Oracle Cloud Infrastructure.

First, use Oracle Cloud Infrastructure Console to verify the region where you deployed your Oracle Analytics Cloud instance. When you know the region, make a note of the IP addresses listed in the IP Ranges column or the Gateway IPs column for that region.

The security policy enforced by your company or organization determines whether you must whitelist IP Ranges or Gateway IPs. If you're not sure, check with your network administrator.

For example, if you deployed your Oracle Analytics Cloud instance in Tokyo, Japan East (ap-tokyo-1) and your company's security policy requires you to whitelist an IP range, you whitelist 192.29.39.56/29. Alternatively, if you're required to whitelist Gateway IPs, you whitelist 192.29.39.59.

Region Location Region Identifier IP Ranges Gateway IPs
Japan East (Tokyo) ap-tokyo-1 192.29.39.56/29 192.29.39.59

Whitelist the IP Address of Your Oracle Analytics Cloud Instance

Before you try to connect Oracle Analytics Cloud to an Oracle Cloud database, ask the database administrator to whitelist the IP address (or addresses) for the region where your Oracle Analytics Cloud instance is deployed. The database administrator must add a security rule on the target Oracle Cloud database that allows TCP/IP traffic from this region on a specific database port.

This topic describes how to whitelist Oracle Analytics Cloud with an Oracle Cloud database. If you want to connect to other data sources, follow similar whitelisting steps, as required.

  1. Make a note of the IP address (or addresses) of your Oracle Analytics Cloud instance that you or your database administrator must whitelist.
  2. Whitelist the IP addresses that you made a note of in Step 1 with your Oracle Cloud database.

    The way you whitelist the IP address or CIDR address of your Oracle Analytics Cloud instance depends on whether the database you're trying to connect to is deployed on Oracle Cloud Infrastructure or Oracle Cloud Infrastructure Classic:

Connect to a Database Deployed on Oracle Cloud Infrastructure with a Public IP Address

Configure Oracle Analytics Cloud to connect to a database deployed on Oracle Cloud Infrastructure with a public IP address, so that end users can analyze that data in visualizations, analyses, and pixel-perfect reports.

Typical Workflow to Connect to a Database Deployed on Oracle Cloud Infrastructure

If you’re connecting to an database deployment on Oracle Cloud Infrastructure for the first time, follow these tasks as a guide.

Task Description More Information

Verify the prerequisites

Verify that your environment satisfies the prerequisites required for this configuration.

Prerequisites

Record database information

Record connection information for database.

Record Database Information

Enable database access

Add an ingress rule to give Oracle Analytics Cloud access to the database.

Enable Database Access Through Port 1521

Connect to the database

Create and test your connections.

Connect to Your Database from Oracle Analytics Cloud

Prerequisites

Before you start, make sure you have the required environment.

Step Description Important Information to Note

Set up Oracle Analytics Cloud

Deploy Oracle Analytics Cloud.

Region

Availability Domain

Set up a Virtual Cloud Network (VCN) on Oracle Cloud Infrastructure

Set up a VCN for the database deployment on Oracle Cloud Infrastructure.

Note: The VCN must be in the same Region and Availability Domain as Oracle Analytics Cloud.

Virtual Cloud Network

Subnet

Same:

  • Region

  • Availability Domain

Deploy a database:

  • Deploy the database on the VCN in Oracle Cloud Infrastructure

  • Populate the database with data

  • Set up a database user with permissions to read database tables

Deploy a database on the VCN in Oracle Cloud Infrastructure.

Note: The database must be in the same Region and Availability Domain as the VCN.

Public IP

Database Unique Name

Host Domain Name

Database User/Password

Same:

  • Region

  • Availability Domain

  • Virtual Cloud Network

  • Client Subnet

Record Database Information

All the information you need to connect to a database is available in the Oracle Cloud Infrastructure Console. Record the information now, so you have the required details when you set up the connection in Oracle Analytics Cloud.

  1. In Oracle Cloud Infrastructure Console, click the navigation icon Hamburger icon for toggling navigation options.
  2. Under Database, click Bare Metal, VM, and Exadata, and then click DB Systems.
  3. Locate the database you want to connect to and record the Public IP address.
    Description of uc1_databases.jpg follows
    Description of the illustration uc1_databases.jpg
  4. Click the name of the database you want to connect to and write down the values in these fields: Database Unique Name, Host Domain Name, Virtual Cloud Network, Client Subnet, and Port.
    Description of uc1_database.jpg follows
    Description of the illustration uc1_database.jpg
  5. Find out the user name and password of a database user with permissions to read from this database, and write them down as you need these later. For example, the user SYSTEM.

Enable Database Access Through Port 1521

Add an ingress rule that enables Oracle Analytics Cloud to access the database through port 1521.

  1. Make a note of the IP addresses that you need to whitelist for your Oracle Analytics Cloud instance. See IP Ranges and Gateway IPs for Oracle Analytics Cloud Instances.
  2. In the Oracle Cloud Infrastructure home page, click the navigation icon Hamburger icon for toggling navigation options, then under Databases, click Bare Metal, VM, and Exadata, and then DB Systems.
  3. Click the database that you want to connect to.
  4. Click the Virtual Cloud Network link.
    Description of uc1_database_vcn.jpg follows
    Description of the illustration uc1_database_vcn.jpg
  5. Navigate to the appropriate subnet, and under Security Lists, click Default Security List For <VCN>.
    Description of uc1_vnc.jpg follows
    Description of the illustration uc1_vnc.jpg
  6. Click Add Ingress Rules.
    Description of uc1_securitylist.jpg follows
    Description of the illustration uc1_securitylist.jpg
  7. For each IP address that you want to whitelist, add an ingress rule to allow any incoming traffic from the public internet to reach port 1521 on this database node, with the following settings:
    • SOURCE CIDR: Enter the IP address that you wrote down in Step 1.

    • IP PROTOCOL: TCP

    • SOURCE PORT RANGE: All

    • DESTINATION PORT RANGE: 1521

    • Allows: TCP traffic for ports: 1521

Connect to Your Database from Oracle Analytics Cloud

After enabling access to the database, use the database connection information you wrote down earlier to connect Oracle Analytics Cloud to the database. The way you connect to the database depends on what you want to do with the data.

  • Visualize the data.

  • Model the data using Data Modeler, then generate analyses and dashboards.

  • Model the data with Oracle Analytics Cloud Developer Client Tool, then generate analyses and dashboards.

  • Publish the data in pixel-perfect reports.

Connect to Your Database for Data Visualization
In Oracle Analytics Cloud, create an Oracle Database connection for data visualizations in the usual way. See Create Database Connections.
Use the database details you recorded earlier to fill in the Create Connection dialog.
Specify these values:
  • New Connection Name: A name for the database you want to connect to.

  • Host: The Public IP address for the database instance. For example, 123.213.85.123.

  • Port: The port number that enables access to the database. For example, 1521.

  • Username: The name of a user with read access to the database.

  • Password: The password for the specified database user.

  • Service Name: A concatenated name comprising Database Unique Name and Host Domain Name, separated with a period. For example, CustDB_iad1vm.sub05031027070.customervcnwith.oraclevcn.com.

Connect to Your Database for Data Modeler
In Oracle Analytics Cloud Console, create a connection in the usual way. See Connect to Data in an Oracle Cloud Database.
Use the database details you recorded earlier to fill in the Create Connection dialog.
Specify these values:
  • Name and Description: A name for the database you want to connect to.

  • Connect using: Select Host, Port, and Service Name.

  • Host: The Public IP address for the database. For example, 123.213.85.123.

  • Port: The port number that enables access to the database. For example, 1521.

  • Service Name: A concatenated name comprising Database Unique Name and Host Domain Name, separated with a period. For example, CustDB_iad1vm.sub05031027070.customervcnwith.oraclevcn.com.

  • Connect as: The name of a user with read access to the database.

  • Password: The password for the specified database user.

Connect to Your Database in Oracle Analytics Cloud Developer Client Tool
In Oracle Analytics Cloud Developer Client tool, click File, then Open, then In the Cloud to open your data model. See Edit a Data Model in the Cloud.
When you sign in, use connection information for your Oracle Analytics Cloud to fill in the Open in the Cloud dialog.
Create a connection pool for your database. In the Physical pane, expand the DBaaS node, right-click the database icon, and click Properties to display the Connection Pool dialog. Use the database details you recorded earlier to specify Call Interface, Data Source Name, User Name, and Password.


Description of connpool-gif.bmp follows
Description of the illustration connpool-gif.bmp

Specify these values:
  • Call interface: Select Default (Oracle Call Interface (OCI)).

  • Data Source Name: Specify the connection details. For example:

    (DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=129.213.85.177)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=CustDB_iad1vm.sub05031027070.customervcnwith.oraclevcn.com))

    For SERVICE_NAME, specify the concatenated Database Unique Name and Host Domain Name separated by a period, for example, db1_phx1tv.mycompany.com. To find both these names in Oracle Cloud Infrastructure Console, click Databases, Bare Metal, VM, and Exadata, DB Systems, and then click the name of your database.

Connect to Oracle Autonomous Data Warehouse with a Public IP Address

Configure Oracle Analytics Cloud to connect to Autonomous Data Warehouse over a public IP address so that end users can analyze that data in visualizations, analyses, dashboards, and pixel-perfect reports.

Typical Workflow to Connect to Oracle Autonomous Data Warehouse with a Public IP Address

If you’re connecting Oracle Analytics Cloud to Autonomous Data Warehouse over a public IP address for the first time, follow these tasks as a guide.

Task Description More Information

Verify the prerequisites

Verify that your environment satisfies the prerequisites required for this configuration.

Prerequisites

Enable access to Autonomous Data Warehouse

Upload your Autonomous Data Warehouse Client Credentials file (wallet file) to Oracle Analytics Cloud.

Enable Access to Oracle Autonomous Data Warehouse

Connect to Autonomous Data Warehouse

Create and test your connections.

Connect to Oracle Autonomous Data Warehouse

Prerequisites

Before you start, make sure you have the required environment.

Step Description Important Information to Note

Set up Oracle Analytics Cloud

Deploy Oracle Analytics Cloud.

Region

Availability Domain

Set up Oracle Autonomous Data Warehouse

Deploy Autonomous Data Warehouse.

  • Deploy Autonomous Data Warehouse on Oracle Cloud Infrastructure.

  • Populate Autonomous Data Warehouse with data.

  • Set up a database user with permissions to read database tables on Autonomous Data Warehouse

Host Name

Port Number

Service Name

(Obtain these details from tnsnames.ora in the Autonomous Data Warehouse Client Credentials file.)

Enable Access to Oracle Autonomous Data Warehouse

To enable secure communication between Oracle Analytics Cloud and Autonomous Data Warehouse, you upload trusted SSL certificates to Oracle Analytics Cloud.

  1. In Autonomous Data Warehouse Console, obtain the Client Credentials file.
    The Client Credentials file is a ZIP file containing the files cwallet.sso and tnsnames.ora. See Download Client Credentials (Wallets) in Using Oracle Autonomous Data Warehouse Cloud.
  2. Extract the cwallet.sso file from the Client Credentials file.
  3. Upload the cwallet.sso file to Oracle Analytics Cloud.
    1. Sign in to Oracle Analytics Cloud, open the Console and click Connections.
    2. Click Upload Wallet to upload a wallet for the first time or Replace Wallet to update an existing wallet.
    3. Click Browse and locate the wallet file (cwallet.sso) you downloaded from Autonomous Data Warehouse.
    4. Select the file and click Open.
    5. Click Update and OK to update the existing wallet file.

Connect to Oracle Autonomous Data Warehouse

After enabling access to Oracle Autonomous Data Warehouse, use the connection details you recorded earlier to connect Oracle Analytics Cloud to Autonomous Data Warehouse. The way you connect depends on what you want to do with the data.

  • Visualize the data

  • Model the data using Data Modeler, then generate analyses and dashboards.

  • Model the data with Oracle Analytics Cloud Developer Client Tool, then generate analyses and dashboards.

  • Publish the data in pixel-perfect reports.

Connect to Autonomous Data Warehouse for Data Visualization
In Oracle Analytics Cloud, create an Autonomous Data Warehouse connection for data visualization. See Create Connections to Oracle Autonomous Data Warehouse Cloud.
Now create a new project and data set to visualize data from your Autonomous Data Warehouse.
Connect to Autonomous Data Warehouse for Data Modeler
In Oracle Analytics Cloud Console, create a connection in the usual way. See Connect to Data in an Oracle Cloud Database.
Use the database details you recorded earlier to fill in the Create Connection dialog.
Specify these values:
  • Name and Description: A short name and description to identify this connection in Oracle Analytics Cloud.

  • Connect Using: Select Host, Port, and Service Name.

  • Host: The host name of the Autonomous Data Warehouse instance that you obtained from the downloaded tnsnames.ora file. For example, adwc.example.oraclecloud.com.

  • Port: The port number that you obtained from the downloaded tnsnames.ora file. For example, 1522.

  • Service Name: The service name that you obtained from the downloaded tnsnames.ora file. For example, adwc1_high.adwc.oraclecloud.com.

  • Connect as: The name of a user with read access to Autonomous Data Warehouse. For example, ADMIN.

  • Password: The password for the specified database user.

  • Enable SSL: Select this option.

In Data Modeler, you can now model data from your Autonomous Data Warehouse using this connection.
Connect to Autonomous Data Warehouse in Oracle Analytics Cloud Developer Client Tool
You can use Oracle Analytics Cloud Client Tool to edit a data model connected to Autonomous Data Warehouse.
  1. On the machine where you installed Oracle Analytics Cloud Developer Client Tool, copy the cwallet.sso, sqlnet.ora, and tnsnames.ora from the zip file that you downloaded from Autonomous Data Warehouse to the folder:
    <Developer Client Tool installation folder>\domains\bi\config\fmwconfig\bienv\core
  2. Edit sqlnet.ora so that the wallet location points to:
    <Developer Client Tool installation folder>\domains\bi\config\fmwconfig\bienv\core
    For example:
    WALLET_LOCATION = (SOURCE = (METHOD = file) (METHOD_DATA = (DIRECTORY="C:\ade\admintoolOAC18.2.1\domains\bi\config\fmwconfig\bienv\core"))) SSL_SERVER_DN_MATCH=yes
  3. In Oracle Analytics Cloud Developer Client tool, click File, then Open, then In the Cloud to open your data model. See Edit a Data Model in the Cloud.
    When you log in, use the connection information for your Oracle Analytics Cloud instance to fill in the Open in the Cloud dialog.
    • For Port, specify 443.

    • For Host name, specify the host domain name of your Oracle Analytics Cloud instance.

    • Select SSL. For Trust Store and Password, point to a local JDK/JRE cacerts keystore that trusts certificates signed by well-known CAs.

  4. Connect to Autonomous Data Warehouse Cloud.
    1. Click File, then Import Metadata to start the Import Metadata wizard, and follow the on-screen instructions.Description of uc6_imp_md-gif.gif follows
      Description of the illustration uc6_imp_md-gif.gif
    2. On the Select Data Source page, for the Data Source Name value, specify a long TNS connection string from the downloaded tnsnames.ora file. Include the entire description, enclosed in brackets.

      For example:

      (description=(address=(protocol=tcps)(port=1522)(host=adwc.example.oraclecloud.com))(connect_data=(service_name=adwc1_high.adwc.oraclecloud.com))(security=(ssl_server_cert_dn="CN=adwc.example.oraclecloud.com,OU=Oracle BMCS US,O=Oracle Corporation,L=Redwood City,ST=California,C=US")) )

    3. For User Name and Password, enter the credentials for the ADMIN user or another suitably provisioned Autonomous Data Warehouse Cloud user.
You’re now ready to model the data in Oracle Analytics Cloud Developer Client Tool, publish the data model to Oracle Analytics Cloud, and create analyses and data visualizations using data from Autonomous Data Warehouse.

Connect to a Database Deployed on Oracle Cloud Infrastructure Classic with a Public IP Address

Configure Oracle Analytics Cloud to connect to Oracle Database Cloud Service deployed on Oracle Cloud Infrastructure Classic so that end users can analyze that data in visualizations, analyses, and pixel-perfect reports.

Typical Workflow to Connect to a Database Deployed on Oracle Cloud Infrastructure Classic

If you’re connecting Oracle Analytics Cloud to a database deployed on Oracle Cloud Infrastructure Classic for the first time, follow these tasks as a guide.

Task Description More Information

Verify the prerequisites

Verify that your environment satisfies the prerequisites required for this configuration.

Prerequisites

Record database information

Record connection information for Oracle Database Cloud Service.

Record Database Information

Enable database access

Add access rules to enable Oracle Analytics Cloud access to the database.

Enable Database Access Through Port 1521

Connect to the database

Create and test your connections.

Connect to Your Database from Oracle Analytics Cloud

Prerequisites

Before you start, make sure you have the required environment.

Step Description Note Important Information

Set up Oracle Analytics Cloud

Deploy Oracle Analytics Cloud.

Region

Availability Domain

Deploy Oracle Database Cloud Service

  • Deploy Oracle Database Cloud Service on the Virtual Cloud Network in Oracle Cloud Infrastructure Classic.

  • Populate Oracle Database Cloud Service with data.
  • Set up a database user with permissions to read database tables.

Deploy Oracle Database Cloud Service on the Virtual Cloud Network in Oracle Cloud Infrastructure Classic.

Public IP

Service Name

Host Domain Name

Database User/Password

Same:

  • Region

Record Database Information

All the information you need to connect to Oracle Database Cloud Service is available in Oracle Cloud Infrastructure Console. Record the information now, so you have the required details when you set up the connection in Oracle Analytics Cloud.

  1. In Oracle Cloud Infrastructure Console, click Navigation menu icon in the top left corner.
  2. Under More Oracle Cloud Services, go to Classic Data Management Services, and click Database Classic.
  3. Click the name of the database you want to connect to and from the Instance Overview section, record the Service Name from the Connect String. For example, ucmdb906:1521/PDB1.504988564.oraclecloud.internal.
  4. Extract and record the Service Name of the database from the connect string value. For example, PDB1.504988564.oraclecloud.internal.
  5. Record the IP address of the database displayed in the Resources section.
  6. Find out the user name and password of a database user with permissions to read from this database, and write them down.  For example, the user SYSTEM.

Enable Database Access Through Port 1521

Add an access rule that enables Oracle Analytics Cloud to access the database through port 1521.

  1. In Oracle Cloud Infrastructure Console, click Navigation menu icon in the top left corner.
  2. Under More Oracle Cloud Services, go to Classic Data Management Services, and click Database Classic.
  3. Select the database you want to connect to.
  4. Click the Manage service icon and select Access Rules.
  5. For port 1521, click Actions and select Enable to enable the port for the default Oracle listener.

Connect to Your Database from Oracle Analytics Cloud

After enabling access to the database, use the database connection information you recorded earlier to connect Oracle Analytics Cloud to the database deployed in Oracle Cloud Infrastructure Classic. The way you connect to the database depends on what you want to do with the data.

  • Visualize the data.

  • Model the data using Data Modeler, then generate analyses and dashboards.

  • Model the data with Oracle Analytics Cloud Developer Client Tool, then generate analyses and dashboards.

Connect to Your Database for Data Visualization
In Oracle Analytics Cloud, create an Oracle Database connection for data visualizations in the usual way. See Create Database Connections.
Use the database details you recorded earlier to fill in the Create Connection dialog.
Specify these values:
  • Connection Name: The name of the Oracle Database Cloud Service you want to connect to.

  • Host: The Public IP address for Oracle Database Cloud Service. For example, 123.213.85.123.

  • Port: The port number that enables access to Oracle Database Cloud Service. For example, 1521.

  • Username: The name of a user with read access to Oracle Database Cloud Service.

  • Password: The password for the specified database user.

  • Service Name: The service name on the Database Classic page. For example, PDB1.123456789.oraclecloud.internal.

Connect to Your Database for Data Modeler
In Oracle Analytics Cloud Console, create a connection in the usual way. See Connect to Data in an Oracle Cloud Database.
Use the database details you recorded earlier to fill in the Create Connection dialog.
Specify these values:
  • Name and Description: The name of the Oracle Database Cloud Service you want to connect to.

  • Connect Using: Select Host, Port, and Service Name.

  • Host: The Public IP address for Oracle Database Cloud Service. For example, 123.213.85.123.

  • Port: The port number that enables access to Oracle Database Cloud Service. For example, 1521.

  • Service Name: The service name from the Database Classic page. For example, PDB1.123456789.oraclecloud.internal.

  • Connect as: The name of a user with read access to Oracle Database Cloud Service.

  • Password: The password for the specified database user.

Connect to Your Database in Oracle Analytics Cloud Developer Client Tool
In Oracle Analytics Cloud Developer Client tool, click File, Open, and then In the Cloud to open your data model in the usual way. See Edit a Data Model in the Cloud.
When you sign in, use connection information for your Oracle Analytics Cloud to fill in the Open in the Cloud dialog.
Create a connection pool for your database. In the Physical pane, expand the database node, right-click the database icon, and click Properties to display the Connection Pool dialog. Use the database details you recorded earlier to specify Call Interface, Data Source Name, User Name, and Password.


Description of connpool-gif.bmp follows
Description of the illustration connpool-gif.bmp

Specify these values:
  • Call interface: Select Default (Oracle Call Interface (OCI).

  • Data Source Name: Specify the connection details. For example:

    (DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=123.213.85.123)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=PDB1.587075508.oraclecloud.internal))

    For SERVICE_NAME, use the Database Classic page to locate the service name. For example, PDB1.587075508.oraclecloud.internal.

You’re now ready to model the data in Oracle Analytics Cloud Developer Client Tool, publish the data model to Oracle Analytics Cloud, and create analyses and data visualizations using data from Oracle Database Cloud Service.