This content has been marked as final. Show 9 replies
I have faced same issues earlier. Its know issues only still its not yet resolved. please make to create application roles not be like below
the role name should not keep _,-# ,0,
better to create only string and test it will for you.
Refer my blog.
That name RegionA_Role, RegionB_Role provided here is simple example, In my case I am using RegionA only.
Updated the role name without underscore, in the first post.
Also, I don't understand why after 2-3 hours if I relogin agian with different user the security works fine? looks like some kind of cache.
Edited by: Vinodh NK on Apr 3, 2012 2:19 AM
Yes, the BI Server caches the security details (I see this happening with rowwise-initialization variables). To clear this off, just login to BI as BIAdministrator and navigate to Administration -> Reload Files and metadata and click this link.
I think that should clear off your cache.
Hope this helps.
Simulated your issue & I too faced the same issue.
This was my data.
I as a weblogic user created 2 users RGA(Role and Group is RegionA) and RGB(Role and Group is RegionB). Plain setup. Groups RegionA and RegionB are not part of any subgroups.
First 3 tabs of Quickstart dashboard : visible to RGA / not visible to RGB
Next 3 tabs of Quickstart dashboard: visible to RGB / not visible to RGA
plz go thru the images of this folder - this trick worked for me.
https://docs.google.com/open?id=0B_6YDYCkQgcfdk5LeWxid0tTRmFiWGFDR1hlQXZEQQ ( go by sequence - IMG1 thru IMG5)
Once changes are applied - do not forget t0 refresh the metadata.
Edited by: 910861 on Apr 3, 2012 4:02 AM
Thanks for your Reply.
In my side I haven't give explicit no access to Roles.
I have tried your suggestion, that by explicitly specifying No Access for RegionB dashboard pages, for RegionA Role and viceversa but it is not working for me.
I have removed Authenticated_Role from biconsumer role, so the expected behaviour is when I specify a dashboard page access to specify Role, only that role can see it. No need to explicitly specify a No Access for the Other roles.
I believe it is some issue with security cache,
User from RegionA - Can see RegionA pages
User from RegionB - Can see RegionA pages (wrong)
After 2-3 hours
User from RegionB - Can see RegionB pages
If role level access is the problem, it should not work after 2-3 hours as well.
Raised an SR with Oracle but still didn't get any patches for the issue.
In this link, it is mentioned there is a patch available..
Re: Users assigned to diffrnt groups/roles able to access objects not allowed?!
Could anyone please share the patch details?