Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 15 Oracle Analytics Lounge
- 208 Oracle Analytics News
- 41 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 76 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
OBIEE 12c: Need Help in understanding BISQLGroupProvider
Hi ,
I am trying to Configure LDAP as the Authentication Provider and Storing Groups in a Database.
Have followed following document for the steps:
https://docs.oracle.com/middleware/1221/biee/BIESC/privileges.htm#BIESC6128
I have created the Table the way they are described all the steps in console are completed & Iam able to see roles in
myrealm >Users and Groups
Customize Table: Providers MySQLGroupProvider
But i do not see them in EM as groups but as application roles, Are these groups from table are supposed to be seen as roles in EM?
Please help me in understanding how Groups( Read from database) are read by EM & passed on to Catalog in analytics page.
When i added them as LDAP everything worked fine & able to see roles for each user. Issue is only with DB groups?
Answers
-
sai kiran t wrote:But i do not see them in EM as groups but as application roles, Are these groups from table are supposed to be seen as roles in EM?
Not sure how that is supposed to work or exist. Groups are security realm principals. Application Roles are the security entities translating the security realm principals (coming in from the outside world) into the application-related logic and control mechanisms.
So no they are not supposed to be seen as "Roles" but as "Groups". Groups are read and re-used inside the system-jazn. Roles are MAINTAINED in the system-jazn. I.e. they originate there. Groups originate in the WLS LDAP or anything you have connected to your WLS security realm.
0 -
Also: Pics or it didn't happen :-)
Because in order for app roles to exist you either have to create them manually through the EM interface or via WLST.
0 -
Iam not sure if this can provide more insight but in Console
myrealm >Users and Groups
Under Groups Tab
I see data as Groups with Provider as : MySQLGroupProvider
But when i try to search under Users Tab
only DefaultAuthenticator data is seen no users with MySQLGroupProvider are seen.
0 -
sai kiran t wrote:Iam not sure if this can provide more insight but in Consolemyrealm >Users and GroupsUnder Groups TabI see data as Groups with Provider as : MySQLGroupProviderBut when i try to search under Users Tabonly DefaultAuthenticator data is seen no users with MySQLGroupProvider are seen.
What does that have to do with your initial problem description? You are talking about totally different things all of a sudden!
1.) A "BISQLGroupProvider" provides - guess what - GROUPS. It does NOT provide users. Users have to come from or reside in a proper security realm provider like the embedded WLS LDAP, an MSAD, an LDAP etc etc. BISQLGroupProvider only ever gives you mappings between groups and users known to the system through other means. It is not an originating point for users since it does not manage users in and "AUTHENTICATION" kind of way. It only "AUTHORIZES"
2.) Please be sure that you provide precise and pertinent problem descriptions. Initially you talked about EM Application Roles and now you're talking about console groups and users.
ref.sai kiran t wrote:But i do not see them in EM as groups but as application roles, Are these groups from table are supposed to be seen as roles in EM?Please help me in understanding how Groups( Read from database) are read by EM & passed on to Catalog in analytics page.
0 -
My problem is still same EM not showing them as application roles not as groups.
I started with a statement "I am not sure if this can provide more insight but in Console" As still donno how EM & console communicate on groups that come from Database.
Apologies if i confused you.
0 -
Ok so once more: provide pictures / screenshots showing your issue!
A security realm GROUP can never auto-magically and without intervention become an Application Role.
0 -
Just to add , you have said in your initial post "But i do not see them in EM as groups but as application roles", that is not possible, they cannot automatically appear in EM ,you have to create with a name(which if you want can be same) in EM under application roles.
If you are getting confused with the existing embedded LDAP Groups and Application Roles then look closely Group name would be like(BIAdministrators,BIConsumers and BIAuthors) whereas Application Roles display name would be like(BI Administrator,BI Consumer and BI Author)
If you want to test successful configuration of BISQLGroupProvider then try and add a BISQLGroupProvider GROUP into an application role and if it shows in the list of Groups in EM then your BISQLGroupProvider configuration is correct.
In below mentioned link under section "3.4.4.5 Testing the Configuration by Adding a Database Group to an Application Role"
https://docs.oracle.com/middleware/1221/biee/BIESC/privileges.htm#BIESC6096
0 -
Syed Hamd Salman wrote:Just to add , you have said in your initial post "But i do not see them in EM as groups but as application roles", that is not possible, they cannot automatically appear in EM ,you have to create with a name(which if you want can be same) in EM under application roles.If you are getting confused with the existing embedded LDAP Groups and Application Roles then look closely Group name would be like(BIAdministrators,BIConsumers and BIAuthors) whereas Application Roles display name would be like(BI Administrator,BI Consumer and BI Author)
You haven't really read the other existing responses to this thread, have you? ;-) That's what I already spelled out twice.
0 -
I did read it!!
When I was in middle of post and a call then you posted this"A security realm GROUP can never auto-magically and without intervention become an Application Role."
All it took is a difference of 4 minutes!!
0