We have configured the OBIEE for APCC 12 version. My question is regarding the User Access to OBIEE Dashboards and Reports. How can we configure User with Read access only to Dashboards.
I know there is Supply Chain Analyst Responsibility which is created by default but If I have to create new Responsibility how can I link that to OBIEE.
Thanks & Regards,
If you want New Responsibility, please create one through BI Console
In the RPD, Select Manage -> Identity -> Application Roles
Right Click in the vacant area -> select New Application Role -> Give the same name given in the console ->Click Ok and close the Identity Manager window
With the permissions tab we can control object level or data level access.
If you want to give general security level to the application role, then login in Analytics -> Administration (right top) -> Manage Privileges
In your corresponding Subject Area answers you can add the role you created with your desired privileges.
Please mark if it is helpful
In case of APCC, I assume you are authenticating thru EBS, so the responsibilities in EBS are mapped to the ones you see in Enterprise manager(the have to match with the exact same names)
Now if you need to create a new custom Read only responsibility you need to go to EBS > System Administration > Security > Responsibility > Define > Create Test_RO
Go to EM and create the same called Test_RO and also edit the existing BIConsumer role and make this Test_RO as a member of it.
And login to OBIEE and go to Administration > Manage Privileges > Restrict access what ever you dont want these read only users access to.
Refer to the list of Privileges and what you can restrict here : How To Disable The Answer Privilege In APCC? (Doc ID 1451932.1)
Hope this helps.
Thanks for the reply. What do you mean by creating responsibility in EM?
I checked the responsibilty at EBS Side it is same as Catalog Group and same is present in Application Role in Repository. So if I create new catalog group in the Catalog and Create a new responsibility in EBS with same name will that work.
Yes, using catalog groups instead of roles, is 10g style and also works. You should be able to create a new catalog group and that matches with you EBS Responsibility and use this new catalog group to define/restrict what ever you grant/deny access using Manage privileges.
Hope this helps.