Support  |  Site Map  |  How to Buy  |  Contact Us

OBIEE Security: Repositories and RPD File Security

April 4, 2014

The OBIEE repository database, known as a RPD file because of its file extension, defines the entire OBIEE application. It contains all the metadata, security rules, database connection information and SQL used by an OBIEE application. The RPD file is password protected and the whole file is encrypted. Only the Oracle BI Administration tool can create or open RPD files and BI Administration tool runs only on Windows.  To deploy an OBIEE application, the RPD file must be uploaded to Oracle Enterprise Manager. After uploading the RPD, the PRD password then must be entered into Enterprise Manager.

From a security assessment perspective, who has physical access to the RPD file and the RPD password is critical. If multiple OBIEE applications are being used, the RPD passwords should all be different. It is also recommended that the RDP password be rotated per whatever policy governs critical database accounts and that production RPD passwords be different than non-production RPD passwords. 

Once deployed through WebLogic, RPD file (version 11g) is located here: 

ORACLE_INSTANCE/bifoundation/OracleBIServerComponent/coreapplication_obisn/

 

Figure 1 Repository (RDP) File Define OBIEE Solutions

 

Figure 2 Windows based OBIEE BI Admin Tool

 

If you have questions, please contact us at info@integrigy.com

 -Michael Miller, CISSP-ISSMP

References