Oracle Analytics Cloud and Server

Home Oracle Analytics Oracle Analytics Forums Oracle Analytics Cloud and Server Oracle Analytics Cloud and Server

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

Export OBIEE users into excel files

Received Response
73
Views
10
Comments
User_PH6AE
User_PH6AE Rank 4 - Community Specialist
edited Aug 13, 2024 5:56PM in Oracle Analytics Cloud and Server

Hi Guru's,

I need to exports all users of Analytics , roles and privileges for our AUDIT Team

For information, we have configured Active Directory

Thanks you for help

OBIEE version 12.2.1.2.0

Answers

  • saketsrv
    saketsrv Rank 5 - Community Champion

    Unfortunately you cannot export above details from weblogic console into excel sheet as confirmed by oracle itself.But if the AD is configured in database then it shouldn't be a problem.

  • Robert Angel
    Robert Angel Rank 8 - Analytics Strategist

    If your security is in AD then your auditors should be auditing AD, but you can get info out of the tracking tables if that is configured, though this will be restricted to active users only.

  • Gianni Ceresa
    Gianni Ceresa Mod 
    1579154 wrote:exports all users of Analytics , roles and privileges

    Can you define "roles and privileges" ?

    I guess by roles you mean application roles, but privileges there are many different kind of privileges in different places ...

    Everything is possible, there just isn't a big "export me" button for that

    PS: obviously OBIEE can be totally audited, but most auditors just have no idea of what OBIEE is and does, so they ask a random thing waiting to see what they get back ...

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    ^-- This. So much this.

    You got the external/corporate security world with all your connected security providers and their groups and users

    You got the WLS internal security world and and its groups and users plus its own realm roles and policies

    You got the translation of these first two worlds into the application world with roles and policies

    You got the OBI-internal security in terms of privileges etc

    You got the BIP-internal security

    etc

    etc

  • User_PH6AE
    User_PH6AE Rank 4 - Community Specialist

    Hi Team,

    I use this command to get users and group of ldap

    1) cd <HOME>oracle_common/common/bin

    ./wlst.sh

    >connect('weblogic','Paswd,'t3://localhost:7001')

    execfile('<path>/UsersAssignedForGroup.py')

    2) content of UsersAssignedForGroup.py

    from weblogic.management.security.authentication import UserReaderMBean

    from weblogic.management.security.authentication import GroupReaderMBean

    from weblogic.management.security.authentication import MemberGroupListerMBean

    from weblogic.security.providers.authentication import DefaultAuthenticatorMBean

    from weblogic.management.security.authentication import AuthenticationProviderMBean

    from weblogic.management.security.authentication import GroupEditorMBean

    from weblogic.management.utils import NameListerMBean

    realm=cmo.getSecurityConfiguration().getDefaultRealm()

    atns = realm.getAuthenticationProviders()

    for i in atns:

    if isinstance(i,UserReaderMBean):

      userReader = i

      cursor = i.listUsers("*",0)

      while userReader.haveCurrent(cursor):

        user = userReader.getCurrentName(cursor)

        print ''

        atnr=cmo.getSecurityConfiguration().getDefaultRealm().lookupAuthenticationProvider("DefaultAuthenticator")

        x = atnr.listMemberGroups(user)

        groupReader = atnr

        cursor2 = x

        print "* Groups in user '" + user + "' are: "

        while groupReader.haveCurrent(cursor2):

          print groupReader.getCurrentName(cursor2)

          groupReader.advance(cursor2)

        groupReader.close(cursor2)

        userReader.advance(cursor)

      userReader.close(cursor)

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    a) "DefaultAuthenticator" is the WLS-embedded LDAP

    b) That only gives you the WLS principals of types "user" and "group"

    i.e. - this has nothing to do with Active Directory

  • Gianni Ceresa
    Gianni Ceresa Mod

    Yes ... and ?

    So you don't have a question anymore? Then close the thread.

    Are you still looking for what you asked? Then is you answer questions it will be possible to move forward.

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    Hahahaha oh you're mean today X-D

  • Gianni Ceresa
    Gianni Ceresa Mod

    Well .... he asked for users, roles and privileges. Then post back for users and groups and nothing more. I'm just asking if that is like "hey, I got this piece done, it already cover part of my need and now I still would like to add X, Y, Z" or it is more like "the audit guys have no idea of what OBIEE is, so by giving them a random list of users and some mappings to groups they are happy and will put a stamp 'OBIEE audited fine' "

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    Just saw your reply here

    And in all seriousness: Put your hands down and step away from the system. Now take 5 more steps back.

    Stop hacking the system with pointless code and maybe think about what you are trying to do for once. This is an analytics platform product! If you want to write things from scratch with code snippets which are found from random sources on the internet and just used out of context and without reflection...do it in Notepad.

    Approaches like this literally destroy extremely valuable and EXPENSIVE systems that actual client organizations are trying to use to their benefit!