OBIEE Security: Repositories and RPD File Security

The OBIEE repository database, known as a RPD file because of its file extension, defines the entire OBIEE application. It contains all the metadata, security rules, database connection information and SQL used by an OBIEE application. The RPD file is password protected and the whole file is encrypted. Only the Oracle BI Administration tool can create or open RPD files and BI Administration tool runs only on Windows.  To deploy an OBIEE application, the RPD file must be uploaded to Oracle Enterprise Manager. After uploading the RPD, the PRD password then must be entered into Enterprise Manager.

From a security assessment perspective, who has physical access to the RPD file and the RPD password is critical. If multiple OBIEE applications are being used, the RPD passwords should all be different. It is also recommended that the RDP password be rotated per whatever policy governs critical database accounts and that production RPD passwords be different than non-production RPD passwords. 

Once deployed through WebLogic, RPD file (version 11g) is located here: 

ORACLE_INSTANCE/bifoundation/OracleBIServerComponent/coreapplication_obisn/

Figure 1 Repository (RDP) File Define OBIEE Solutions

Figure 2 Windows based OBIEE BI Admin Tool

If you have questions, please contact us at info@integrigy.com

 -Michael Miller, CISSP-ISSMP

References

• Collaborate 2014 session OAUG – #14366 OBIEE Security Examined, Friday, April 11, 12:15pm
• OBIEE Security Examined - Webinar and Presentation: OBIEE Security Examined Webinar
• OBIEE Security Examined - Whitepaper: OBIEE Security Examined