I having troubles for setting permissions within the OBIEE Catalog (Oracle Business Intelligence 22.214.171.124.4)
An External LDAP (ADAM) has been already setted for the users authentication, and everything work well (this means that LDAP users can access to the BI). By default, all authenticated users get “BI Consumer Role”.
How it should be:
I have to set permissions for 10 users --> 3 with Admin role, 3 read/write and 4 only read.
What I did:
- By Oracle Enterprice Manager:
1. I've created ('create like' option) three new 'Application Roles' ("My Administrator Role" member of --> "My Author Role" member of --> "My Consumer Role" );
2. I've added the above cited users to each of my 'Application Roles'.
3. I've created ('create like' option) 'Application Policies' for each of my 'Application Roles'.
4. I've restarted all Bi components (BI Server..Presentation....);
- Within the catalog:
1. Logged in with the default administrator user, named weblogic.
2. I have setted users access to reports, dashboard pages as a following:
* "My Administrator Role" --> 'Full Control'
* "My Author Role" --> modify
* "My Consumer Role" --> read
3. Logged out.
4. Logged in with one of the users addes to an application role ("My Administrator Role") created in above steps.
At this point I suppose to have 'Full Control' permissions. But once I logged in I cannot do anything: create new analysis, see dashboards and so on.
I try to check in 'My Account' on the tab 'Groups and Application Roles' and I could not see "My Administrator Role" but only the default “BI Consumer Role”.
Is there anyone that could give me some suggestions?
Do the following,
In Analytics . Goto Administrations -> Manage Privilages ->
Here you can set the previleges for all the objects.
Ex :- under Answers , create view , click on BI Author , Add user/role search for 'My Administrator Role' set permission granted.
By default 'My Administrator Role' should have got the permission, you must have missed something somewer.
Check this works, If not please write back, let me go on detail and let me know wats the reason,
Please mark if this helps,
yep, I granted already permission to my roles.
okay if I map the default groups (BIAdministrator, BIAuthor and BIConsumers) to my roles it seem to work eveything fine, but if I add/map (for me means same thing) single users (retrieved from LDAP) to my roles, then the added users has not permissions (view/edit/..) to the catalog objects.
thanks for your reply guys.
Try to create an application role without space in the name such as MyAdminRole.
The permissions for an application role on Presentation Services are given only in the privileges tab.
- you just create a simple application role,
- add a group of a user to this application role
- login in BI Presentation Services (Dashboard)
- check that the user has get the good application role (as you have done) in my account.