BI Publisher 12 c - missing application roles

Hello world

I installed BI Publisher 12 c (12.2.1.0.0), but it seems that some application roles are missing. I can not find roles consumer BI or BI content author, there are only BI Administrator role Service.

biserviceadmin.JPG

Is there a reason why the roles mentioned are missing?

Hello

"I assume that you have configured the BIPublisher using config.sh($ORACLE_HOME\bi\bin).

http://docs.Oracle.com/middleware/1221/core/BIEIG/GUID-4F0BD89A-C8BE-4851-8D0C-422779D5BC1D.htm#BIEIG-GUID-6EA06E47-2784-4639-BEA8-7DA356AFA247

1. If you have selected "Clean slate (no predefined application)" in step 8 ("application form"), it is not the roles

2. If you select "Sample application Oracle (SampleAppLite)", the roles are met.

Kind regards

Sudhir

Tags: Business Intelligence

Similar Questions

  • How to disable MAD for some groups of users / application roles?

    Hi all

    does anyone know how to revoke the privileges of creating mobile applications with MAD an application role?

    Thank you in advance,

    Stefan

    Hello Stefan,

    Good question, I just suspect that you will be disappointed by the response... (at least my answer)

    Don't know if you can really do...

    MAD's Publisher, so if you remove access to the editor you probably also lose permissions on BIMAD.

    BIMAD 'new' URL: /analytics/saw.dll?bipublisherEntry&Action=new&itemType=.xma

    Publisher report 'new' URL: /analytics/saw.dll?bipublisherEntry&Action=new&itemType=.xdo

    I also had a look at the doc on the deployment of BIMAD to see if there are a few references to safety and there is a named party ' 4.2 task 2: update for Oracle BI Mobile App Designer Security Configuration "(here), they say run a WLST script to"update your system (System-jazn-"Data.xml") JAZN file with security grants needed for BI Mobile App Designer. so I thought I'd find the real answer here!

    The content of the script is a little disappointing:

    grantPermission (codeBaseURL = "file:$ {oracle.deployed.app.dir} /bimad_11.1.1$ {oracle.deployed.app.ext}", permTarget = "IdentityAssertion", permClass = "oracle.security.jps.JpsPermission" permActions = "*")

    grantPermission (codeBaseURL = "file:$ {oracle.deployed.app.dir} /bimad_11.1.1$ {oracle.deployed.app.ext}", permTarget = "context = SYSTEM, mapName is oracle.bi.system, keyName = system.user", permClass = "oracle.security.jps.service.credstore.CredentialAccessPermission", permActions = "read")

    grantPermission (codeBaseURL = "file:$ {oracle.deployed.app.dir} /bimad_11.1.1$ {oracle.deployed.app.ext}", permTarget ="context = SYSTEM, mapName = oracle.bi.publisher, keyName = *", permClass = "oracle.security.jps.service.credstore.CredentialAccessPermission", permActions = "*")

    grantPermission (codeBaseURL = "file:$ {oracle.deployed.app.dir} /bimad_11.1.1$ {oracle.deployed.app.ext}", permTarget = "context = APPLICATION name = obi", permClass ="oracle.security.jps.service.policystore.PolicyStoreAccessPermission", permActions = "getApplicationPolicy")

    grantPermission (codeBaseURL = "file:$ {oracle.deployed.app.dir} /bimad_11.1.1$ {oracle.deployed.app.ext}", permTarget ="AppSecurityContext.setApplicationID. *", permClass = "oracle.security.jps.JpsPermission", permActions = "*")

    grantPermission (codeBaseURL = "file:$ {oracle.deployed.app.dir} /bimad_11.1.1$ {oracle.deployed.app.ext}", permTarget ="context = SYSTEM, mapName = oracle.bi.enterprise, keyName = *", "oracle.security.jps.service.credstore.CredentialAccessPermission", permActions = "read" = permClass)

    grantPermission (codeBaseURL = "file:$ {oracle.deployed.app.dir} /bimad_11.1.1$ {oracle.deployed.app.ext}", permTarget ="context = SYSTEM, mapName = oracle.wsm.security, keyName = *", "oracle.security.jps.service.credstore.CredentialAccessPermission", permActions = "read" = permClass)

    createResource (appStripe = "obi", name = "oracle.bi.publisher.developLightDataModel" type = "oracle.bi.publisher.permission" displayName = "Develop model of light data", description = "develop light Data Model")

    grantPermission(appStripe="obi",principalClass="oracle.security.jps.service.policystore.ApplicationRole",principalName="BIAuthor",permClass="oracle.security.jps.ResourcePermission",permTarget="resourceType=oracle.bi.publisher.permission,resourceName=oracle.bi.publisher.developLightDataModel",permActions="_all_")

    Most of the lines is not interesting except the last 2 commands: a resource named 'Developing light Data Model' of type 'oracle.bi.publisher.permission is created.

    And the last command to grant permission to BIAuthor the newly created resource 'oracle.bi.publisher.developLightDataModel' is probably the most interesting.

    It deserves to be tested (no luck my test environment crashed just before that I was able to test it).

    You can try to revoke that permission of BiAuthor (using "revokePermission") and give it to another (smaller) role of app and see if it does what you're trying to reach.

  • application role custom (added ldap group) still no connection possible

    Hello
    I created a BIConsumer_USA (using Oracle Enterprise Manager) role for consumers to report BI from the United States, who should have access only
    dashboards US (consisting of BI publisher reports). I added this new application role BIConsumer_USA
    the application role existing BIConsumer (so the permissions are defined) as well as the usersUSA of the LDAP group.
    However, even after doing all this. I can not connect with users who belong to this group and who have the role of BI_Consumer_USA.
    Why is this?

    Given that the LDAP protocol is an IBM Tivoli we should able to use OpenLDAP instead of OVD LDAP provider in the logic of the Web.

  • How to find what the role application role

    Hello IDM experts, when a request for a role is made by an applicant, inside the composite custom for the approval process, I'm going to get the ID of the application using the API of the IOM. Now, using this ID of the application, how can I get the name of the requested role?

    I know we can get the beneficiary using the IOM APIs, and then we can get a role object. Is there a simpler way without going through the notion of beneficiary? In my case, the plaintiff will ask only a single role both in the query (to put it simply).

    Another thing is, there is method getAttribute() on role class. But the guide API does not say what are these various attributes. Y at - it a guide who talk to us of these various attributes?

    Thank you for your great help.

    Published by: Jyothi on November 4, 2012 19:11

    You will get the role name of the load itself. In the payload as you get the requestId, in the same way, you will have the requested object. In your case since you ask for the role, the payload will contain the name of the role. What to do create an application role and then check the application of the EM. EM, you can find the XML payload, and there you can see the data sent in the payload.
    I donot have an environment running for role now, but I think that the payload contains all the attributes of the same role. So you can directly read the attribute "owned by" off the coast of the payload and assigned to this user. If this isn't the case, you can use the API of the IOM to connect to IOM and read a list of choices that contains this mapping or simply add _APPROVERS as the name of the approver group.

    -Marie

  • ORA-28201 - carrier application role - updated

    I have two application roles.

    They are both identified using the same package.

    I am allowing two using a DBMS_SESSION. SET_ROLE ('role1, role2')

    This works in an environment and - in another - I get the error ORA-28201.

    Documentation says is that the role is enabled on the outside (or attempt to be activated) outside of the package. That - I know that it is not.

    So - I'm not sure what is happening here. The only difference I see is that the role was created by a user in an environment and as sysdba in another environment (the one where it doesn't). Not sure why it would matter, but - that's the only difference. It was created in the environment where he works - the owner of the schema that a package attempts to activate the roles. It was created in the environment where it does not - SYS. This could it be? I can't find anything that would pose the question, but - that's all that I can find (you will have to wait for a DBA to test the theory)...

    Any help/insight would be greatly appreciated.

    Thank you!

    Published by: user8957641 on April 7, 2010 11:46

    Hello

    It must be created by user of dmt.

    Concerning
    Anurag

  • Download error: Unknown Publisher / is not an application valid win 32

    I can't download anything. My hijack this wont even work. Previous download exe. files do not work I get a
    Download error: Unknown Publisher / is not an application valid win 32 I have Win xp.  Firefox browser on a gateway netbook. No floppy drive or c/d.

    No location with AVG or Malewarebytes Virus. AVG update itself. Security Windows has done as well.

    I was trying to Messenger from yahoo to d/l, then updating firefox.  Nada.

    Hello

    · Were there any changes made on the computer before the show?

    · Who is the service pack installed?

    1. try to download files from Internet explore and check the results.

    2. empty the Temp folder:

    a. Click Start, point to programs, point to Accessories, point to system tools and then click on disk cleanup.

    b. click C: or click the drive where Windows XP is installed and then click OK.

    c. Click to select the temporary files check box.

    d. click OK and then click Yes to confirm the deletion.

  • OBIEE 12 c - can't see application roles in Identity Manager (online mode)

    We would be able to see Application roles in Identity Manager when it is connected to the repository in online mode?  11 g, after the opening of management > identity, there is an option of Action > Synchronize Application roles.  That option is absent in 12 c.  I don't see any application roles in Identity Manager dialog box.

    I faced this problem in obiee 11g and open a Service request to the support.oracle.com. I got a solution less than an hour. (It was a bug and he suggested me to install a small patch)

    Maybe you could do the same for your problem.

  • Application role does not properly

    Hello

    I have an authorizattion init block which assigns the following values when a user "pconde"

    USER: pconde

    GROUP: ManagerGroup

    I have the catalogue of group "ManagerGroup" created through the option manage catalog groups. Now, I created a new role of application with the following details:

    Name - Manager

    Display name - sales managers

    I also added the "ManagerGroup" group to this application role.

    I assigned filters to the data level the 'Manager' via Manage application role-> identity

    When I connect through my pconde of the user, level data filters are not get picked up. The application role Manager sees all the data yet that the weblogic user see. It seems that the application role may not correctly setup.

    What I am doing wrong?

    Yes I did. In fact, my problem is different. The session of ROLES was not get properly completed. I rectified this and my problem was solved.

  • How to limit the authorized person of the role of certain application roles in the IOM 11 GR 2 PS1?

    Hello

    I'm running on IOM 11 GR 2 PS1 BP06.

    I have a need to grant permission to role to an Application administrator so that that person can grant or revoke the application role to a user.  I need to limit the application to ABC (assuming that we have a lot of applications).

    Is there a way to achieve the IOM 11 GR 2 PS1?  If so, how can I achieve this?

    Thank you

    Khanh

    You should be able to configure your policy on approval and customized soa composite appropriate to handle the scenario.  Set it to know about the admin and check the request data if that user is a member of a role that is authorized to submit without approval.  If found, then auto approve, otherwise, either dismiss it or go through the award of accreditation.

    -Kevin

  • Cannot delete the application role - error OBIEE main

    I tried to fix my personal account of OBIEE today and tried to remove me an applicaation role in enterprise manager and received the following error

    Cannot delete the main application role; main < user name > is not a member of the application role < role >

    Has anyone seen this error?

    My user id also seems to be capitalized - ex userid: Userid rather than what I expect it to be in all the tiny userid

    Hi Christian

    You are right that I am on 11.1.1.7.140225

    I was able to fix this very weird error in fact goes here/home/itadm/u01/obiee/user_projects/domains/bifoundation_domain/config/fmwconfig

    Open the file system-jazn - data .xml

    And by removing the additional entry manually

    So I deleted the following

    weblogic.security.principal.WLSUserImpl rodneyc

    Then when I went back to EM the user had gone as planned. I'm guessing that something screwed up in this file, but all right

    Thank you for the help

  • Problem setting Application Role for DPS

    I'm trying to set up an Application role account for a DPS multi-folio application. The application content is sold (on iOS iPad only, initially) and some for free or will the free content preview value. We have access to DPS through a company customer ID and license, trying to put in place the other oles, that we need to proceed with the construction.

    When I click on 'Activate', I'm waiting to enter the name of the application, what I've done. I also checked 'Enable the Preview Article' so we can report content to preview. We do not want visible content on the web.

    Down in section Analytics though, when I click on 'Send', I get this error.

    Screen Shot 2015-08-19 at 2.27.45 pm.png

    How to go beyond that or properly configured Analytics?

    You typed in a report Suite name and check availability before submitting?

    Business accounts are invited to specify a report name single suite and can optionally specify the name of the company if they have an account of SiteCatalyst. If you have an account of SiteCatalyst, use the exact name used to SiteCatalyst so that the remainder of the report is linked to the appropriate company.

  • Weblogic portal WebCenter group and application role mappings goes after each deployment

    Hello

    I use jdev 11.1.1.6.0 version.

    I created the Group of weblogic server and assigned to users to that group.

    and created the same role used in jazn-"Data.xml".

    I traced RoleManager Taskflow using weblogic with the application role group

    but after each deployment this mapping is removed and manually I have to create mapping once more.

    For example.

    I created user1, user2 in weblogic security realarm and assigns them to the 'employee' group

    Jazn-"Data.xml" I created the role of 'employee' in the Application roles

    and pages.xml this application role to ensure safety to the pages.

    RoleManager Taskflow using

    Employee weblogic group added to the employee of application role.

    This mapping is removed after each deployment.

    Help me...

    You must disable the security properties of the Application deployment options > deployment... Follow the link and uncheck the boxes as required.

  • Log level obiee 11g for application roles

    Hi Experts,

    It is possible to activate the logging level for an entire application role? For example, I have 20 + users who are a BIAdministrator and rather than allowing the log for each user level (such as additional users will be added/removed to the BIAdministrator role) is it possible to activate the journal of leveling for the application BIAdministrator role?
    All of the documentation I read points to 'no '. It seems that the only options are:


    1) activate at the level of the newspaper for the BISystemUser through the tab manage repository in the RPD
    (2) check the log level in the reports by prefixing
    (3) grant rights log level to individual users

    Looks like you can't turn on the logging level at nqsconfig or at the level of the application role. anyone could do this?

    Thank you

    Create a new init block to validate the specific role to set the number of loglevel to what you want.
    ex: case when role = then else 2 0 end
    and use LOGLEVEL in the variable section.

    Score pls help if

  • LDAP user to application role mapping

    Hi all

    OBIEE 11.1.1.5

    I have a table with the user name ldap and role. I also configured external LDAP server to the RPD. Users can connect to the portal.

    Can someone guide me, how to ensure that when the connection of the user to OBIEE automatically by the role table is retrieved and mapped with the application role created?

    Or, in simple terms,

    How can I assign an external ldap user to map to the application role? One by one? or Via the table as shown above?

    Can anyone help? All documents are not giving this simple image for me.

    It was easy in 10g, 11g is it rocket science so that my company can lose hope to go ahead with 11g?

    Hi Hari,

    These can be useful for you

    http://gerardnico.com/wiki/dat/OBIEE/security_11g
    https://blogs.Oracle.com/robreynolds/entry/security_in_obiee_11g_part_1

  • Difference between a business and Application roles

    Dear all,

    I am struggling to understand the difference between Application roles and company safety of the ADF?

    Could someone please help me understand the subtle difference between the two?
    I tried to do some reading, but I still don't understand the underlying concepts.

    Thank you.

    Neliel,

    To put it simply:

    Application roles are the roles that you define (in JDeveloper) for your application. You grant permissions on various objects to application roles.
    Business roles are roles defined in WebLogic. Users/groups in the identity provider are granted to these kinds of roles. Map application to business roles roles.

    Here is a raw illustration:

    Users/Groups ----granted----> enterprise roles <---mapped to----- application roles <---- granted to ---- adf security permissions
    

    This is definitely a simplification - I think I got the semantics of a correct basis, however :)

    Ah, Abhijit beat me to it, and I forgot this blog

    John

Maybe you are looking for