OBIEE permissions

Similar Questions

• How to create user defined groups and users with custom permissions as only open and export in obiee 11 g?

  Hello

  I want to give as open & export to the level of permissions.

  How to create user defined groups and users with custom permissions as only open and export in obiee 11 g?

  For example, if the group permissions, inturn should reflect on the users.

  Please help me.

  Thanks in advance,

  A.Kavya.

  Your question is quite broad and fuzzy then I suggest the security catalog presentation to read documentation: http://docs.oracle.com/middleware/1221/biee/BIESC/mgrgrpsusers.htm#CIHIBJGD

  And I think that you mix you two things which are managed in different places:

  ) an object as read access permissions, write, delete... which control you through the object "Permissions" dialog box

  

  

  (b) functional privileges controlled through "Manage privileges" under "Administration".

  

• Area permissions Admin subject OBIEE

  I'm trying to accomplish two things related to securing the subject box.  I'm not able to do either with the OBIEE Admin tool as I believe it should work but haven't found a long work around for one using the Administration manage the privileges in the responses.  Here are the two challenges:

  (1) cannot create the table based on security in the administration tools of OBIEE that works when it is deployed to the OBIEE server:

  Location: In the OBIEE administration tool I have:

  • Field 'ARG' who has the following permissions:
    • Authenticated user (defined as reading have no fault in option)
    • GRA Analytics ()set read/write)
    • GRA course Analytics (set read/write)
    • All other responsibilities are defined by default
  • Within the area of topic GRA, I have a table named 'Global' with the following permissions:
    • Authenticated user (defined as reading have no fault in option)
    • Analytics ARG (as default)
    • GRA course Analytics (set read/write)
    • All other responsibilities are defined by default
  • I have a user configuration with the responsibility of 'Analytics ARG' but NOT the responsibility of GRA Secure Analytics
  • The user is authenticated using LDAP by Siebel (where the responsibilities are assigned

  Desire:

  • When the user connects to answers and opens the topic GRA they would see all tables EXCEPT the global table

  Undesirable result:

  • The user is able to see the GRA area but also sees the global table
  • I find users in the groups of roles/catalog and they DO NOT have the role of GRA Secure Analytics ( do not have the role of GRA analytics.)

  Note: My second question which I included below directly impact on the question of the top of the page.

  (2) cannot create the topic in that security based in administrative tools of OBIEE that works when it is deployed to the OBIEE server:

  Location: In the OBIEE administration tool I have:

  • Field 'ARG' who has the following permissions:
    • Authenticated user (defined as reading have no fault in option)
    • GRA Analytics ()set read/write)
    • GRA course Analytics (set read/write)
    • All other responsibilities are defined by default
  • I have a user configuration with the responsibility of 'Analytics ARG' but NOT the responsibility of GRA Secure Analytics
  • The user is authenticated using LDAP by Siebel (where the responsibilities are assigned

  
  

  Desire:

  • When the user connects to only those users with the GRA analytical responses or the responsibility of GRA Secure analytics would see the ARG field

  
  

  Undesirable result:

  • Any user who connects to the responses seen topic GRA area

  Work around:

  • If I connect to answers with my Admin user account I can select Administration-> manage privileges
  • Find the ARG area and then set the permissions of responsibility Through analytics and GRA Secure Analytics as "Granted".
  • When the user logs in the responses with the analytical GRA or the responsibility of GRA Secure Analytics they see the ARG area, but if they don't have the responsibility that they don't see it.

  Problems with work around:

  • Makes assigning permissions in OBIEE Admin obsolete tool
  • Cannot assign table level permissions here and therefore cannot solve the first problem listed
  • Still not sure why to set permissions in the OBIEE administration tool are ignored

  If you could help me find a solution that gets the work tool OBIEE Admin permissions it would be greatly appreciated.

  Thank you...

  Hi Ben,

  I have the feeling you haven't exactly how these things works.

  In the authorization in the 'Authenticated users' administration tool means that every single user in turning to the stage of connection.

  "Read" is enough to see and use (scan on) an object.

  "Read/write" If you want to make updates to your data through OBIEE.

  (2) only members of the roles GRA Analytics & GRA Secure Analytics app must be able to see these topic: 'see' means hide or display in the front end, it's something you manage (as you did in the privileges to manage in the front-end server. If you want to restrict the user to use the subject box (this is what is permission to Admin tool) you will need to attach "Authenticated user" to "No access", all other roles 'Default' (= 'Access forbidden') with the exception of your 2 app Analytics ARG and ARG Secure Analytics roles for which you set the 'Read' permission

  (1) just use the same "recipe" (2): 'Authenticated user' to 'Access forbidden', GRA Analytics also on "Access forbidden" and only Through Secure analytics on 'reading '.

  Give it a try.

  Just keep in mind that Manage privileges works in a different way than the tool Admin permissions. Privileges to manage 'decline' is the highest permission. If an app role has 'decline' and another 'allow' and you are a member of both you will have the "decline" applied to you.

  In the Admin tool, it's the opposite: If one role of the app does not have 'access' and another 'read' and you are both Member you will have permission to 'read '.

• reports of permissions in OBIEE

  I am very new to OBIEE, but I'm looking through this guide: http://www.integrigy.com/files/Integrigy%20OBIEE%20Security%20Examined.pdf

  And on pages 37-38 it shows a catalog to create report - ACL security and management of the privileges tab. My question is what is the name of the management tool that allows you to access these reports and view these permissions?

  The tab 'Manage privileges' is in the frontend OBIEE, click 'Administration' at the top right of the OBIEE screen and there you have 'Manage privileges' (if you have permission to see).

• OBIEE 11 g - permissions

  on obiee 11g - catalog\shared folders\permissions I have remove all the roles without role that I create.

  I want to return the authorization to the roles, but I have no option.

  When I connect with my role - there is no authorization of button and when I connect with weblogic user I see the folder

  How can I find the roles?

  Thank you

  Sin

  The solution:

  1. connect to the Catalog Manager.

  2 file\open catalogue - to connect on weblogic

  3. Add the role of administrator and system.

  Sin

• LDAP + permissions OBIEE group does not

  Try to get LDAP and row-level security work...
  
  LDAP authentication works very well and my users are authenticate without any problem. I imported my LDAP users, but want to create my groups manually iin OBIEE (and not import from LDAP). Created groups and added my users to these groups, everything is fine so far.
  
  First step is to set up some groups to not see certain elements. I thought it was as simple as the definition of permissions on a specific group - tab, add the subject areas you do not want to display and make sure that the read check box is x'd out. I did it, but the fields are still visible in the 'answers '.
  
  Am I missing something?

  Go to settings > administration > manage privileges... scroll your domains. Delete "Everyone", add the appropriate groups...

• The user's permissions to pages in OBIEE 10 g and dashboard

  Hi all
  
  
  I have a dashboard and is to have six pages. I have the list of users to access the dashboard, but the thing is, for example, for some users need to have access to the page only and for some pages B users have access, but all these users belong to the same user group.can you please help me how to do this.
  
  
  
  Thank you and best regards,
  Narasimha.

  When you explicitly set to denied for pages to the page level that they must not see these pages.

• Cannot expand the catalog in OBIEE

  Hi all

  We have a customer Server Obiee crash so I'm trying to restore everything at the moment.

  I sent the catalog, the repo, etc. application roles but I'm not able to develop or to do something for the online catalogue? (expand the shared folders folder)

  When checking the permissions of Catalog Manager offline everything seems fine.

  Please see attached snip of what I see.

  Thank you.

  Too bad... It seems that this only happens in Chrome, it opened with Firefox and it worked fine? how weird.

• OBIEE 12 c BI member groups

  I had a default installation of OBIEE 12 c on Linux, it was working fine, I could log in with weblogic and have access to analysis, to the repository, etc...

  But then I tried to import the contents of another installation (using a file bar) and after you have imported the file bar everything is messed up.

  When I connect to the analysis with the weblogic user now, I don't have the right to see the disciplines to create analyses, etc..  It seems that the weblogic user is part of any group.

  So I went in the Administration tab in the analysis (which weblogic is still allowed), I went to manage privileges, then in Access, I added weblogic user "access to the answers. Which allowed me to create analysis indeed. But of course, this isn't the way to go, I guess that weblogic should be part of the author of the 'content' BI and so automatically rights? Otherwise I'll have to go through each of the access and add weblogic :-(

  Can someone pointing me the direction to manage the BI groups (as opposed to the weblogic group?) Where this group BI content author is defined? After reading the doc, I found information to go to the weblogic console, then areas of security, my Kingdom, where I can indeed find users and groups, but not BI (author of BI, Bi administrator..), groups.

  Pointer to the document or advice are appreciated

  Stone

  Hi Pierre,.

  Are not looking for Application roles more than groups?

  An idea of how was the security configuration of the system where you generated the bar? Because the bar also contains the security, so when you imported your BAR default application roles probably were replaced by the content of the bar.

  Take a look in Enterprise Manager what application roles you have and that you add weblogic save it somewhere based on what you find.

  Default weblogic is part of the application of the Admin role, and that role inherit the role of the author of the content that inherits the role of consumer (-online has 3 roles permissions weblogic).

  

• Delete the deletion for developers OBIEE report option

  Hi all

  We have an application role for a developer where he can remove reports of PROD. but we want to go forward with 1 more application role new where the developers must have all privileges except Delete option.

  We have 2 application roles to role of Developer 1 with delete option and others without the delete option.

  We have a huge catalogue with more than 35,000 reports altogether.

  For a particular report:

  Catalog-> shared-> reports, make files right click and option remove this can be removed in permissions-> customize - > uncheck the box delete

  Shared folder:

  Catalogue->-> shared folders permissions Select custom and deselect the Delete option

  But we are looking for something has changed in the world to remove option to remove existing EM (application policies) application role or OBIEE level.

  Thanks in advance

  Hello

  I don't see a way for you to find it in EM.

  The button Delete is something related to catalogue objects, that's why I think, is the only place where you can set or remove it in the catalog itself (as you say).

  For your 35000 reports you can still do so by code (web service, etc.)

• Map of OBIEE 11.1.1.7.1 tree

  Hello

  I am introducing the OBIEE tree to my customer card. I have seen documentation that OBIEE 11.1.1.7.0 by itself doesn't have a tree map view in it but the patched version it is. I also see it in the tab Manage Administration listed as tree view card privileges and permissions only to the BI administrator user role.

  I logged as user weblogic and again I do not see the map display tree when I do the actual analysis.

  Any ideas how to navigate to the Treemap mode

  Kind regards

  Prasad

  11.1.1.7.10 > 11.1.1.7.1

  You need to install patches to get your 11.1.1.7.1 installation up to the 11.1.1.7.10

• Integration in obiee with elocation map viewer

  HI, I want to create maps of FTI and access FTI example dashboard - (cost of the region for shipping).

  I have HDowner diagram of FTI

  Pls explain

  (1) how to integrate Mapviewer in OBIEE.

  (2) how can I use Elocation as my background card? Y at - it no permit required for spatial data?

  (3) share any document to incorporate mapviewer to see the reports of the FTI.

  Below are the answers to your questions:

  Configuration of MapViewer in OBIEE 11g (Doc ID 1315475.1)

  Added BI_WORLD_MAP and BI_WORLD_MAP_LIGHT that will be used for the OBIEE (Doc ID 2005097.1)

  Is mandatory to spatial Configuration? How to get the example of spatial data for the India? (Doc ID 1953186.1)

  https://docs.Oracle.com/CD/E38437_01/OTM/Acrobat/OTM/Admin/E38416_04.PDF (see Page: 4-13)

  If you consider your question/problem answered/resolved,

  Please do not forget to mark the Correct/good responses in the thread. It helps other users of the community to identify the solution quickly!

  -Coco

• Report of BEEP in the use of the content on the Emdedded OBIEE dashboard not working not

  Report of BI Publisher throwing error 'Allowed access' seen OBIEE dashboard page.

  OBIEE and BEEP is integrated by default when it is installed.

  Requirement:

  Embed report BEEP in OBIEE dashboard page.

  Report parameters a BEEP and then tried the method to incorporate the full report without "Header" information below

  Steps for coating

  1. connected to BEEP via the URL xmlpserver and link report generated using option "report sharing link.

  Below the URL generated for the 'No Header' option

  http:// < Server >: < port > / xmlpserver/training/My_Test/Data Model Editor / Oracle BI Analysis Report.xdo? _xpf = & _xpt = 0 & _xdo=%2FTraining%2FMy_Test%2FData%20Model%20Editor%2FOracle%20BI%20Analysis%20Report.xdo & _xmode = 2 & _params_dashboardexpr = xdo%3Axdo%3A_paramssaw.param.Month_div_input=All & _paramssaw.param.Month = * & product = _xt & _xf = html & _xautorun = true

  2. copy the generated URL

  3. connected to OBIEE analytical URL and created a new dashboard

  4. slipped and fell "Embedded content" Dashboard object

  5 a. provided the URL copied in embedded content

  6 saved the dashboard and it ran.

  7 error received unauthorized access

  Please note that I received as "Suspicion of Injection of Script" error sometimes.

  I see that no permissions related issue because I've been running reports by using administrator privileges.

  Details of the attached error.

  Thank you!

  Problem has been solved by following step below

  The spaces in between the name of the report template/folder/data should be replaced with % 20.

  URL before change

  http:// :/xmlpserver/Training/My_Test/Data Model Editor/Oracle BI Analysis Report.xdo?_xpf=&_xpt=0&_xdo=%2FTraining%2FMy_Test%2FData%20Model%20Editor%2FOracle%20BI%20Analysis%20Report.xdo&_xmode=2&_params_dashboardexpr=&xdo%3Axdo%3A_paramssaw.param.Month_div_input=All&_paramssaw.param.Month=*&_xt=Product&_xf=html&_xautorun=true

  URL after change

  http:// :/xmlpserver/Training/My_Test/Data%20Model%20Editor/Oracle%20BI%20Analysis%20Report.xdo?_xpf=&_xpt=0&_xdo=%2FTraining%2FMy_Test%2FData%20Model%20Editor%2FOracle%20BI%20Analysis%20Report.xdo&_xmode=2&_params_dashboardexpr=&xdo%3Axdo%3A_paramssaw.param.Month_div_input=All&_paramssaw.param.Month=*&_xt=Product&_xf=html&_xautorun=true

• "Accessibility Mode" checkbox on the login obiee page

  Hello

  You have tutorials or documents for dispalying

  (1) "accessibility mode" checkbox on the login page.

  (2) If a user is authenticated, but has no permissions on the home page, it gets the following error.

  No sufficient privileges. «"" "«Access homepage»»»"

  How we customize this error.

  Thanks in advance...

  RAM

  Hello

  I think that's what you're looking for...

  http://www.Oracle.com/us/corporate/accessibility/accessibility-guide-OBIEE-11g-1865005.PDF

  Mark it as relatively useful/correct, if it is.

  Best regards

  Kalyan Chukkapalli

  http://123obi.com

• Masking of conditional column in OBIEE

  Hi all

  We have a requirement like conditionally hide the column based on the role of the user

  We have a relationship with the rest of the columns

  Country_Head Region_Head Branch_Head Branch_Manager Gross_Sales

  If the head of country views this report, the structure of the report should be exactly the same as above.

  If views area manager, the head of country column should not appear and when head of branch designs, country head both head region columns are not displayed and the same way until the leaf level, it should be achieved.

  Is it possible to do this without developing multiple reports.

  Thanks in advance

  Dinesh

  You can provide dashboard level permissions.

  by taking a user name of head of countries in any variable then you can set permissions.

  Otherwise, you can apply column of RPDlevel permissions. This link http://obieeblog.wordpress.com/2009/01/15/obiee-data-security-column-level-security/ can be useful for you according to your needs.