Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 14 Oracle Analytics Lounge
- 211 Oracle Analytics News
- 41 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 77 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
weblogic users and application roles do not appear in permissions of OFFLINE catalog manager
OBIEE 12.2.1.2.0
I applied this patch to fix the issue on windows 2012R2..
"Patch 25484350: GET "JAVA.LANG.NULLPOINTEREXCEPTION" IN CATALOG MANAGER WHEN VIEWING PERMISSIONS"
the error went away when opening permissions, but I can still not manage permissions..
when i open permissions and click list on the right side, there should be users and application roles from weblogic and LDAP... but there are only a few options from the catalog..
online mode sees the roles and users, but of course your not allowed to make changes while online: (users name shows instead of ID, so I blocked it out)
so how does the catalog in OFFLINE MODE connect to weblogic, because that is clearly not working..
log shows:
[OBIPS] [WARNING:16] [] [saw.security.securitymanagerloaderimpl.initializeSecurityManagerLoader] [ecid: ] [tid: ] [SI-Name: ] [IDD-Name: ] [IDD-GUID: ] [userId: ] Could not read securityversion record as it is not present.
[OBIPS] [WARNING:16] [] [saw.security.userpopulationmanagerimpl.searchidentities] [ecid: ] [tid: ] [SI-Name: ] [IDD-Name: ] [IDD-GUID: ] [userId: ] GUID _GRP2ROLE_CMP for Account Type AppRoles not found in cache or backend, marking as unknown.
[OBIPS] [WARNING:16] [] [saw.security.userpopulationmanagerimpl.searchidentities] [ecid: ] [tid: ] [SI-Name: ] [IDD-Name: ] [IDD-GUID: ] [userId: ] GUID 092047 for Account Type Users not found in cache or backend, marking as unknown.
Answers
-
SJenkins wrote:online mode sees the roles and users, but of course your not allowed to make changes while online
Why? Isn't it that you don't have the privileges? (so not using an account with enough permissions)
Because online you can definitely make changes in permissions.
And it's normal that when offline you don't see the list of users/roles from weblogic as your aren't connected to weblogic (being offline), so you only see a list of known roles/users which already have security setup I guess.
0 -
Offline mode is the only way to manage permissions.. the < and > buttons are disabled in online mode..
Offline mode does pull all the weblogic and LDAP users on version 11.1.1.7
I use it all the time to fix 'my dashboard' permission errors when a user logs in..
0 -
It isn't normal that in "online" mode you can't edit permissions, that's why I asked if you don't have a permission issue where your account isn't allowed to do that.
In mine I can definitely change permission when online.
0 -
sorry if I wasn't clear, its disabled under the 'User Folder' section (if online)...
in online mode, nobody can access a /users/#userid# subfolders.. managing those as the server admin has to be done offline..
0 -
Ah, yes, that one is off limits online
And as I don't have a system with users defined (just a sandbox with only weblogic) I can't have a look more in detail...
Out of curiosity: what kind of permission are you looking to define on the users personal folders? Because as they aren't supposed to be shared the fact that you can't select another user or approle could even be seen as a functionality (depending the point of view of course).
0 -
actually, you don't have to have ldap or anything special defined..
just run the servers catalog manager in offline mode, not the client tools one..
ie.... \Middleware\user_projects\domains\bi\bitools\bin\runcat.cmd
expand / users
right click a folder and go to permissions..
switch to users and click list... (it should show weblogic as a user)
0 -
I don't have a Windows install of OBIEE, but I have the same result with the 12.2.1.2.0 catalog manager client tool patched (because of the bug you linked).
No "weblogic" exists in the list, only the 3 "fake" accounts "Creator Account", "Owner Account" and "System Account".
I crossed these 3 earlier in the afternoon when using the webservices to get the security details, they seem to be 3 fake accounts which probably take a "value" based on the usage (kind of aliases of something else), but still didn't check for details to find out exactly their behaviour.
0
