CloudSQL is developed with security in mind. CloudSQL goes one level above Oracle’s security model to handle real-life security issues faced by IT teams. A connection file helps to keep BI access secure and straightforward in CloudSQL. It safely stores login details so multiple users can work in the same BI environment without providing access to everyone to overwrite BI Catelog. This blog explains how it helps you easily manage access.
Use Case: Security Challenge Faced by an IT Team Lead
The idea for the Connection File feature came from a discussion with a CloudSQL customer who manages more than 10 licenses shared between internal IT staff and external report developers in another country.
The Oracle Technical Manager explained the issue:
“I need to give developers read-only access, especially for production. But because CloudSQL requires BI access, developers can log in to the Oracle BI server and modify the BI Catalog. This bypasses our release process. Recently, two production reports were changed, and we couldn’t identify who did it“
It highlighted a serious security gap. To address it, we introduced the Connection File feature in CloudSQL. With this feature:
- Developers can be granted true read-only access
- Passwords never need to be shared
- Access credentials are encrypted and securely distributed
It ensures proper control, protects production environments, and prevents unauthorized BI Catalog changes.
You May Read: Working with SQL Worksheet in CloudSQL
How Do Donnection Files Work?
The connection file works in 3 simple steps:
The best way to ensure security and efficiency is by setting up a dedicated service account for BI access. Think of a service account as a reliable, single user that connects to the BI tool or database on behalf of the entire team.
Once you have created the service account, the administrator can produce an encrypted connection file using CloudSQL. This file holds all the essential information like the Oracle Fusion homepage link, username, and password.
Instead of handing out direct database credentials to each team member, you can share the encrypted connection file with anyone who needs access.
Stage 1: Create Connection File (IT Team Lead)
Step 1: Open CloudSQL Desktop and select “Local Sign In” as the connection type to begin configuring your Oracle Fusion connection.
Note: Check out our blog on how to run your first SQL in CloudSQL to see how to create the local connection.
Step 2: Go to the connections page from the left menu.
Step 3: Select your database connection. On the same page, click the Download icon to get the connection file for secure access.
Stage 2: Create Connection Using Connection File (Developers)
Step 1: Launch CloudSQL Desktop, Select create a new connection
Step 2: Select “Connection File” as the connection type. Click on the folder icon to browse and upload the downloaded file from your system.
Step 3: Upload the encrypted connection file.
Step 4: Click “Test and Create Connection” to create a connection to Oracle Fusion.
How Connection File Helps?
Using a connection file comes with a bunch of great benefits:
- Enhanced Security: User passwords and database credentials are kept under wraps. Thanks to encryption, no one can misuse those connection details.
- Centralized Control: Admins can easily manage access via the service account, eliminating the need to update each user’s profile.
- User-Friendly Setup: Team members can simply import the connection file instead of manually entering their login details.
- Uniform Access: Everyone connects to the same data source using a shared, approved configuration.
The Connection file method keeps data secure while allowing the team to collaborate effortlessly. It minimizes security risks, keeps credentials private, and makes business intelligence access straightforward and professional.
At DataFusing, we are constantly improving CloudSQL for you by adding more features. Click here to start a 30-day free trial today.
Must Read: Use the CloudSQL AI Assistant to Fix Your Oracle Fusion SQLs
Frequently Asked Questions (FAQs)
I need to reset my password every 60 days due to our security policy. How should I manage this?
Each time the password is reset, you simply need to recreate the Connection File and share it with your team. This is quick and easy, both generating the file and uploading it take only a few seconds.
Will I lose audit traceability when using shared service accounts?
No. Audit trails are not a concern here because the Connection File only allows limited, read-only actions. Users can update one data model and run reports through CloudSQL, but they cannot perform any write or destructive operations in the system.
