Does the user have access to the OBIEE homepage?
If not give him access and ask to test again when at home.
The OBIEE homepage privilege is required for few things (act as if I'm not wrong for example) and it's possible that the iPad app also require it. (I guess the user uses the OBIEE app and not the browser as 220.127.116.11 doesn't work well on mobile devices, that's why they added MAD at that time.)
More general: "accesses the home page"...
...like how? Just through a browser? No use of the OBI app? Using BIMAD or just plain OBI?
The user does have access to the OBIEE home page, or at least the security group that we put them in maps to it.
I checked Administration -> Manage Privileges -> Home and Header -> "Access Home Page" has the BI Consumer Role mapped to it.
When the user is able to successfully log in at work, I checked their [My Account->Roles and Catalog Groups] and see BI Consumer.
I had to do a lot of digging and rummaging around to see what the issue could be with this.
I tried to refresh the GUID and validate the catalog but the same issue persisted with the user.
I finally told them to just bring their iPad into work and have them log in so I could see exactly what was happening (it was quite a fight to even get this user to do this).
So it looks like they are using a plain old internet browser (Chrome I believe on their iPad).
When they logged in, I noticed that by default the [User ID] field on the default OBIEE home page capatilized their user id.
User ID = Charles
When they were able to log in at work I saw that they had
User ID = charles
I was doing some searching around and it sounds like it is possible that there is some case sensitivity.
We use LDAP as our authenticator - so when someone logs in they need to be part of our directory - otherwise they would get the error "Unable to sign in"
Since my end user is able to log in but then hits the error "Insufficient privileges" its almost as if he does not have his role mapped to the privilege [Access Home Page].
Is it possible that if he logs in with a capatilized user id that our LDAP is case INsensitive - but when OBIEE tries to map his user id to his groups/roles that it gets confused because it is case sensitive?
We have for authentication
Weblogic Authentication Provider
Weblogic Identity Assertion Provider
Is there some case sensitivity happening some where?
I am pretty sure there is something funny going on when we have a user log in using non lower case user id's
So if someone with the login of
Typed in ChArLeS - OBIEE seems to not recognize this and can not map them to the security groups we put them into.
Is there anyway I can enforce all lower case to be POST from the OBIEE login page?
I finally found an answer here
A lot of googling around and found the above link
Theres basically two places to make a change.
I am on active directory - and was having issues with end users and their login ID being case sensitive.
To turn off, or to make it case insensitive you can follow the above document.
You just need to set PrincipalEqualsCaseInsensitive to True
Log into Weblogic console - click on bifoundation_domain -> Security -> Click on the [Advanced] link to open up more options and check the box for Principa lEquals Case Insensitive to True
Another way is to do this
bifoundation_domain > Security Realms > myrealm > Providers > (Name of your ADSI provider) > Provider Specific >
Use Retrieved User Name As Principal (ticked/checked)
Specifies whether we should use the user name retrieved from the embedded LDAP server as the Principal in the Subject.
This option basically takes what the log in is from Active Directory that it gets and uses this to feed into OBIEE and match the ID with the users assigned groups.
Either option will work, just need to do one or the other
Hope that helps anyone else with this same issue