Different projects on one OBIEE enviroment

mmajdana1

Hi , I am using OBIEE 12.2.1.2.0

I already made a project on OBIEE, however now there is a need for another project on the same enviroment,

As we know we can have only one RPD online at the moment so i should make this project on same RPD, but different model , and this is the part where i know how to do that.

My question is when i deploy this RPD how can i make that subject areas that are exposed are unavaillable/hidden to one group of users and vice versa.

Kr, Matija

Joel

You could use Application Roles to manage this. In the rpd, right-click on the subject area in the presentation layer and select the properties menu item.

Click on Permissions, and in here you can select the Application Role which should have access. In WebLogic, you'll need to assign users to the Application Roles.

Gianni Ceresa

You also have the privileges in the front-end.

As security is in multiple places and require to be configures everywhere to be effective you maybe want to define a proper security model and strategy (which was supposed to already be implemented even for a single "project" ).

https://speakerdeck.com/gianniceresa/obiee-security-its-a-jungle-out-there

mmajdana1

Thank you very much Joel, i will go with this approach.

Kr, Matija

mmajdana1

I made a row level security and visibility of certain records in dimension tables with session variables, but this was a new thing for me.

I appreciate your effort.

Thx, Matija

Gianni Ceresa

You covered data level security, but don't forget the whole front-end: privileges + catalog permissions. It's worth to setup everything as "clean" and restricted as possible from the beginning so that whatever happen later (like now a new part added in OBIEE or anything else) is covered by default with security already in place.