Oracle Analytics Cloud and Server

Home Oracle Analytics Oracle Analytics Forums Oracle Analytics Cloud and Server Oracle Analytics Cloud and Server

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

create app role add users and give privileges into obiee 12.2.1.2.0

Received Response
137
Views
20
Comments
2»

Answers

  • Syedsalmancs110
    Syedsalmancs110 Rank 6 - Analytics Lead

    Could you perform a test and check what result(whether SAMACCOUNTNAME is displayed as user name) do you get when you search for AD User to assign it to an Application Role, does it give either SAMACCOUNTNAME or Empty Prinicipal Name and Display Name ?

  • User_PH6AE
    User_PH6AE Rank 4 - Community Specialist

      when i search user in i got complet name of user

    Exemple :

    user: john Doe

    login: johne

    when i search this user with "john" into /EM and /Analytics it display "john Doe"

    when i search this user with "john" into /console, i got nothing but when i search with "johne", it display "johne"

  • Syedsalmancs110
    Syedsalmancs110 Rank 6 - Analytics Lead

    Could you test if login with username as "john Doe" works and if it works then are able to get permissions related to newly created application role or not.

  • User_PH6AE
    User_PH6AE Rank 4 - Community Specialist

    It not work

    i need login :<<johne >> for access /Analytics

  • Syedsalmancs110
    Syedsalmancs110 Rank 6 - Analytics Lead

    Could you post content in between below mentioned tag(Just remove Host and Port information) from your issue environment config.xml file which is present at following location <ORACLE HOME>\user_projects\<DOMAIN NAME>\config

    <sec:authentication-provider xsi:type="wls:active-directory-authenticatorType">

    </sec:authentication-provider>

  • User_PH6AE
    User_PH6AE Rank 4 - Community Specialist

    <sec:authentication-provider xsi:type="wls:active-directory-authenticatorType">

            <sec:name>MTN_AD</sec:name>

            <sec:control-flag>SUFFICIENT</sec:control-flag>

            <wls:host> host IP ADRESS </wls:host>

            <wls:user-object-class>user</wls:user-object-class>

            <wls:user-name-attribute>sAMAccountName</wls:user-name-attribute>

            <wls:principal>***_user</wls:principal>

            <wls:user-base-dn>dc=***,dc=**</wls:user-base-dn>

            <wls:credential-encrypted>+wmVhVhLG8fiplxoxLwd8uK2mSWp79Kn0V6T0=</wls:credential-encrypted>

            <wls:user-from-name-filter>(&amp;(sAMAccountName=%u)(objectclass=user))</wls:user-from-name-filter>

            <wls:group-base-dn>OU=groupe de sécurité,OU=administration,dc=***,dc=**</wls:group-base-dn>

            <wls:group-from-name-filter>(&amp;(cn=%g)(objectclass=group))</wls:group-from-name-filter>

          </sec:authentication-provider>

  • Syedsalmancs110
    Syedsalmancs110 Rank 6 - Analytics Lead

    Works fine in my environment(OBIEE 12.2.1.2.0), check below screenshots

    In Console:

    pastedImage_0.png

    In Enterprise Manager:

    pastedImage_1.png

    pastedImage_2.png

    In OBIEE Analytics

    pastedImage_3.png

    pastedImage_4.png

    pastedImage_5.png

    pastedImage_6.png

  • Syedsalmancs110
    Syedsalmancs110 Rank 6 - Analytics Lead

    Same test with custom application role(BI Test) which I created works fine.

    Below is the content of config.xml from my environment, kept it same as yours:

    <sec:authentication-provider xsi:type="wls:active-directory-authenticatorType">

            <sec:name>ADAuthenticator</sec:name>

            <sec:control-flag>SUFFICIENT</sec:control-flag>

            <wls:host>IP_HOST_NAME</wls:host>

            <wls:user-name-attribute>sAMAccountName</wls:user-name-attribute>

            <wls:principal>AD_ADMIN_USER_NAME</wls:principal>

            <wls:user-base-dn>ou=***,dc=***,dc=***,dc=com</wls:user-base-dn>

            <wls:credential-encrypted>{AES}zmuDLLgxwoNZsAJ87BqnGaPJpZEDL+Y2QXd8OQ5KRFo=</wls:credential-encrypted>

            <wls:user-from-name-filter>(&amp;(sAMAccountName=%u)(objectclass=user))</wls:user-from-name-filter>

            <wls:group-base-dn>ou=***,dc=****,dc=***,dc=com</wls:group-base-dn>

          </sec:authentication-provider>

    Will suggest to add users to application roles by searching user in the application role assignment search list instead of adding user to an application role through application role assignment "Advanced Option"

  • User_PH6AE
    User_PH6AE Rank 4 - Community Specialist

    Thank you!

    Are you upgrade obiee 12.2.1.0.0 to 12.2.1.2.0  ?

    I don't know why but i got this Bug 22232288

    Oracle support said bug was fixed in our version but not for mine

    Solution i used

    In EM ... Edit the Application Role, and click the "Add" button to display the "Add Principal" page.

    In the "Add Principal" page, select Search: Type = User, and see the "Advanced Option" section will appear at the bottom of the page.

    In the "Advanced Option" section, check on the "Check to enter principal name here instead of searching from above... " checkbox, and see the Type, Principal Name, and Display Name fields will appear.

    Select Type = User, and enter the Principal Name of the User (for example, jdoe) and click OK. See that the User will be added as a Member of the Application Role with the "correct" Principal Name

  • Syedsalmancs110
    Syedsalmancs110 Rank 6 - Analytics Lead

    Nope mine is OBIEE 12.2.1.1.0 upgrade to 12.2.1.2.0, but there was no AD configuration in prior version, I did AD configuration just as part of test for your issue and I did not face any issues as described by you I even maintained configuration as per your environment in order to replicate the issue but no success, I am pretty sure issue is resolved in 12.2.1.2.0 you might be facing some different issue better to get your issue reviewed by Oracle Support to get a complete solution for your issue.