Skip to content
  • Register

    • Oracle Analytics Cloud and Server

    Home Oracle Analytics Oracle Analytics Forums Oracle Analytics Cloud and Server Oracle Analytics Cloud and Server

    Welcome!

    It looks like you're new here. Sign in or register to get started.
    Log In
    Register

    Quick Links

    Categories

    Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

    how do you migrate analytics security between environments

    Received Response
    82
    Views
    2
    Comments
    Rank 1 - Community Starter
    edited August 2024 in Oracle Analytics Cloud and Server

    Tried to exporarchive from the environment with the security we would like to replicated and imported into the target environment but did not seem to work. The obiee team only wanted the security changes replicated from the production environment into the test environment.


    Used the following command and options:


    $DOMAIN_HOME/bitools/bin/importarchive.sh ssi ssi.bar nodatamodel nocontent nodatasets nosearch noaction encryptionpassword=<pw>


    I explicitly chose all the no options with the exception of noauthorization hoping that would match the security between environments.


    However it appears that certain roles still have access in the test environment that was removed in prod.


    Should I be doing something different, using different options, or need to do something to reset just the permissions before I run the import?

    Answers

    • Mod

      Hi,

      Seeing the mention "OBIEE", what version are you currently working with? 12.2.1.4, 12.2.1.3, or older than that?

      And also another question: by "security", what do you mean exactly?

      Do you want the application roles? The users, groups, application roles mapped to an application role? Do you want the policies of the application roles? Or maybe the privileges that you set in the "administration" UI of OBIEE? Or the users and groups that you created and maintain in the WebLogic embedded lightweight LDAP?

      Knowing what you look for, and also what you don't look for (because between test and prod there could be many differences in the previously listed pieces, and for a very good reason), will allow to more easily give you a valid answer (and not some random links to documents not really applying to what you really look for).

    • Rank 4 - Community Specialist

      Concur with Gianni.

      To add to the above, importarchive.sh command only imports metadata. You must configure your identity store separately in the target environment and|or export|import users|groups if you are using Weblogic default LDAP authenticator.

      However, if your intention is to migrate application roles only from one environment to another, then importarchive.sh command with all parameters except noauthorization should import JAZN metadata content from one environment to another.

      Now, why  certain roles still have access in the test environment that was removed in prod (provided you imported prod bar file into your test env) may need to be investigated further. In OAS (next generation of BI offering on-prem), roles in the target environment will get overwritten by the roles from the source environment when you run importarchive.sh command. Did you find that in OBIEE, when you migrate bar file from one env to another, roles in the target OBIEE environment do not get overwritten and instead "appended" with roles from the source OBIEE environment? If that is the case, you may want to address it with Oracle Support via SR for further clarification.

    Welcome!

    It looks like you're new here. Sign in or register to get started.
    Log In
    Register