Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 15 Oracle Analytics Lounge
- 208 Oracle Analytics News
- 41 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 76 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
Application Roles on OBIEE 12

Hi evryone,
I'm currently working on OBIEE 12. I've seen that much has changed in application roles management.
I'm a little bit confused about the function inside Administration tool that let us manage identities.
When I create a new application role inside EM do I have to create it also inside Admin tool? (using same name)
Ho do I manage i.e. direct SQL autorizations if not inside RPD?
Am I supposed to find new application roles created inside EM automatically inside my RPD? This is not happening...
thanks in advance for help,
kind regards,
Marco
Answers
-
The "Application Roles" will appear when you are connected in online mode. See documentation below.
https://docs.oracle.com/middleware/1221/biee/BIEMG/dataaccess.htm#BIEMG1436
Direct Database permissions are managed in Answers under Administration->Manage Privileges.
0 -
Hi George thanks for your answer,
what you say is partially correct;
- I'm not seeing Application Roles automatically when I create them on EM, dunno why..
- Direct database request are managed mandatory in Admin Tool, what if I need to give access to a specific DB?
I use to set the following property:
that's why it looks to me that managing application role is a task that have to be performed both in EM and Admin tool...
M
0 -
What is your OBIEE 12c exact version is it 12.2.1.0.X, 12.2.1.1.X or 12.2.1.2.X, X is either base version of a particular release or patch level.
To sync application roles within RPD with EM try and follow below steps:
Open RPD in Online mode, then Go to > Manage > Identity and then Action > Click on Synchronize Application RolesPlease also note that there are known issues relating to same in OBIEE 12c
OBIEE 12c : Newly Created Application Roles Are Not Reflecting In RPD (Doc ID 2206883.1)
I can recall that on OBIEE 12.2.1.2.0 version of OBIEE 12c were this issue is said to be fixed it still doesn't work as intended after clicking on "Synchronize Application Roles" within RPD in Online Mode it takes sometime to reflect newly created roles in EM but it eventually syncs.
0 -
Just to be clear, you are both correct about the Direct Database Request (DDR) : it's in the RPD and in the front-end in manage privileges. It is simply 2 different kind of management !
In the RPD you set which connection pool accept DDR globally (the setting in the physical DB object) or by role (the permissions in "query limits" tab). In the "Manage privileges" in the front-end you define who can see the "new DDR" link in the front-end to create a DDR, but doesn't manage which connection pool they are allowed to use or not.
You are also both right for the application roles (the magic of the doc):
Application roles are created and managed in the policy store using the Oracle WebLogic Administration Console and Fusion Middleware Control. These application roles are displayed in the Administration Tool in online mode so that you can use them to set data filters, object permissions, and query limits for particular roles. The application roles in the policy store are retrieved by the Oracle BI Server when it starts.In some cases, you may want to proceed with setting up data access security in your repository for application roles that have not yet been defined in the policy store. You can do this by creating placeholder application roles in the Administration Tool, then proceeding with setting up data access security in the repository.If you create placeholder application roles in the Administration Tool, you must eventually add them to the policy store. Run a consistency check in online mode to identify application roles that have been defined in the Administration Tool, but that have not yet been added to the policy store. Be sure to use the same name in the policy store that you used for the placeholder role in the Administration Tool.
So real application roles are defined in Enterprise Manager, in the RPD you can add them as "reference" to define permissions and other things, but they aren't going to be created for real in the system. As the doc says it is a placeholder.
0 -
Grazie Gianni!
This explain perfectly the situation!
Kind regards,
Marco
0