Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 15 Oracle Analytics Lounge
- 208 Oracle Analytics News
- 41 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 76 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
How to avoid multiple application roles per user.

Dear All
How to avoid multiple application roles per user.
Followed the below steps.
in Console (weblogic)
1)Created two groups
a)SalesReporting
b)CostReporting
2)Created two Users
a)Created user SalesMan and assigned the Group SalesReporting
b)Created user CostAnalyzer and assigned the Group CostReporting
In Enterprise Manager(Fusion Middleware)
3)Created two Application roles
a)Role SalesReportingApplicationRole
Added weblogicGroup SalesReporting and BIConsumer Application Role under the Application Role
b)Role CostReportingApplicationRole
Added weblogicGroup CostReporting and BIConsumer Application Role under the Application Role
Now when we login with SalesMan User we could see both the CostReportingApplicationRole and SalesReportingApplicationRole
in Roles And Catalog Groups under MY Account
Authenticated User
BI Consumer
CostReportingApplicationRole
SalesReportingApplicationRole
Answers
-
Hi,
I am not following why this is a problem?
What you are describing is 'how it works'....
0 -
Dear Robert,
Actually I need Sales user under sales application role only, not under cost appication role
0 -
Hi guess by default "authenticated user" (the application role representing all the users successfully authenticated) is member of "BI Consumer", so by adding "BI Consumer" to your 2 roles you are actually adding these 2 roles to everybody because of the inheritance between "BI Consumer" and "authenticated users".
0 -
Hello Gianni,
Thanks alot for your reply. But if i remove it from the members of the group, Will i get login to BI?
0 -
Well, depends on your whole security model.
Do not believe OBIEE security is just few clicks adding people here or there, you have to plan it and design it based on your business needs.
So the answer can be Yes or No depending on how does your full security model looks like.
I personally always remove 'authenticated user' from BI Consumer (or the role acting as such) and never set permissions or privileges on 'authenticated user' as much as possible (for example: if you use a corporate LDAP/AD for logins everybody in the company could potentially be an 'authenticated user' if you didn't set a strict filter on the branch containing the OBIEE users in your LDAP/AD).
Maybe worth to have a look at a presentation we did some time ago with @Christian Berg about security. Some models are covered including the "authenticated user" possible issues. https://speakerdeck.com/gianniceresa/obiee-security-its-a-jungle-out-there
0 -
Fixed it by removing BI Consumer from the roles under it and created a identical Application policy from BIConsumer and added the users in it.
0 -
Can you close the thread by marking answers as required? So far it's still This question is Not Answered.
0