Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 14 Oracle Analytics Lounge
- 211 Oracle Analytics News
- 42 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 78 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
Is it possible to restrict the authenticated-role from being assigned to users that don't belong to
I would like to map all users that can log in but don't have the OBIEE specific roles to be mapped to a role in EM that doesn't have any access. So I tried mapping the authenticated-role to that role but that basically doesn't let any users in because it seems EVERY user gets the authenticated-role, no matter what. Is there a workaround?
Answers
-
3240307 wrote: I would like to map all users that can log in but don't have the OBIEE specific roles to be mapped to a role in EM that doesn't have any access.
Why would you want that?
That's basically a reverse logic which would have to parse all users and their application roles after authorization and then re-assign them if no app role is found etc etc. Also you can't really mix GRANT and DENY principles just like that. One of them will win and if you deny authenticated-user then obviously that deny will prevent anyone from logging on.
You can read up a bit on the security concepts (and what wins when) here: OBIEE Security: It’s a Jungle Out There
0 -
I think you are trying to solve a non-existent problem.
Instead of trying to build a strange system with explicit restriction of everything, you simply need to remove all privileges from authenticated-role.
PS. @Christian Berg is faster.
0 -
By 6min according to the forum posts ;-)
0 -
Thank you, that clears things up a bit.
0