Categories
- All Categories
- Oracle Analytics Learning Hub
- 29 Oracle Analytics Sharing Center
- 18 Oracle Analytics Lounge
- 236 Oracle Analytics News
- 45 Oracle Analytics Videos
- 16K Oracle Analytics Forums
- 6.2K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 88 Oracle Analytics Trainings
- 15 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
what is impact of shared logon uncheck in connection pool in OBIEE 12c?
Dear All,
I have created one test user 'test1' in weblogic admin console in default authentication provider and provided BI Content Author role from EM.
I have unchecked the Shared Logon option in connection pool and deployed to the server. Restarted the services.
When i tried login to analytics, authentication went well. But when i tried creating the analysis, following are the ODBC error i got.
I wanted to achieve the scenario where users who are created in the weblogic console should be able to generate the report in OBIEE analytics page.
| Error | |
| View Display Error | |
Odbc driver returned an error (SQLExecDirectW). Error Codes: OPR4ONWY:U9IM8TAC:U9IM8TAC:U9IM8TAC:U9IM8TAC:OI2DL65P State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. Please have your System Administrator look at the log for more details on this error. (HY000) State: HY000. Code: 43113. [nQSError: 43113] Message returned from OBIS. Please have your System Administrator look at the log for more details on this error. (HY000) State: HY000. Code: 17001. Please have your System Administrator look at the log for more details on this error. (HY000) State: HY000. Code: 17010. Please have your System Administrator look at the log for more details on this error. (HY000) Best Regards, Ritesh SQL Issued: SELECT 0 s_0, "Employee_Details"."Dim_Dept"."Dname" s_1 FROM "Employee_Details" FETCH FIRST 65001 ROWS ONLY | |
Answers
-
From the doc:
Select this option if you want all users whose queries use the connection pool to access the underlying database using the same user name and password.If this option is selected, then all connections to the database that use the connection pool use the user name and password specified in the connection pool, even if the user has specified a database user name and password in the DSN (or in user configuration).If this option is not selected, connections through the connection pool use the database user ID and password specified in the DSN or in the user profile.
Why are you unchecking it? Do you need your OBI users to use their own personal connection to benefit from security you setup in the DB based on the logged in user?
0 -
Hi Gianni,
Thanks for your reply. much appriciated.
Yes, your understanding is correct. We want all the user should use their own credential for authentication and further able to create report, view report etc.. based on their OBIEE application role and acesses provided.
As i mentioned, user is able to authenticate but while creating report ODBC error is throwing.
Could you please share some document or provide the steps to achieve this scenario?
Best Regards,
Ritesh
0 -
user8465380 wrote:Yes, your understanding is correct. We want all the user should use their own credential for authentication and further able to create report, view report etc.. based on their OBIEE application role and acesses provided.
Actually this part is a bit confusing ...
Keep in mind the various layers where security apply and you can achieve that.
So are you looking to setup security in OBIEE? Or do you simply want each OBIEE user to have to authenticate as itself on the DB and so the security is managed by the DB and OBIEE doesn't care at all?
Because application roles are on the OBIEE side, while the checkbox you are playing with is more to not define anything in OBIEE and let the DB handle this ...
0 -
Let me try to rephrase my requirement
- I want to be able to authenticate users on OBIEE Analytics portal using Active Directory
- Subsequently, I want to be able to assign permissions to users on the reports, dashboards
- When an authenticated user opens a report or a dashboard, I want OBIEE server to use the logged in user's credentials to login to the underlying data source to execute the report queries (instead of using a shared database login credential for all OBIEE application users).
0 -
So the answer to those 3 is:
a) That means integrating MSAD in the WLS security provider config
b) Enterprise Manager will transform your AD groups into Application Roles and these Roles then control all in the web catalog and RPD
c) That means using :USER / :PASSWORD in the conneciton pools.
Done
0 -
Well ... what Christian said
You use the 2 system variables to reference the user credentials and use that in the connection pool for the DB.
For the first part it's about integrating your AD with OBIEE, the doc cover that as well as ton of blogs.
0 -
Thanks Christian.
I am fine with Point a & b.
Would you please elaborate the steps to perform the point# c.
0 -
- Open the Admin Tool.
- Double-click the connection pool in question
- Enter " :USER " in the "User Name" field. Without the quotes
- Enter " :PASSWORD " in the "Password" field. Without quotes
- Save the RPD
- Run it
- Done
0 -
Followed your instruction but getting same odbc connection.
0 -
can you even reach the DB from that server?
is the user created and authorized on the DB?
etc etc
0
