Oracle Analytics Cloud and Server

Home Oracle Analytics Oracle Analytics Forums Oracle Analytics Cloud and Server Oracle Analytics Cloud and Server

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

How to add users to a newly created application role?

Received Response
63
Views
7
Comments
SonPat99
SonPat99 Rank 6 - Analytics Lead
edited Aug 13, 2024 3:26PM in Oracle Analytics Cloud and Server

Hello,

I have got some requirement where I have to assign the newly created application role to existing individual users in the existing system.

I know that this can be achieved by adding these specific users to a group and then assign the role to this new group.

What I really want to ask is :

a. Is there a way to assign the role to users without creating the group and without adding the users one by one (it's a hectic work if there are 100+ such users)?

b. Is there any option with which we can add users in bulk?

Many thanks in advance !!!

Answers

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    Same answer for a and b: Yes. OPSS scripts (so WLST):

    https://docs.oracle.com/cd/E21764_01/core.1111/e10043/wlstcmds.htm#JISEC4599

    https://docs.oracle.com/cd/E21764_01/core.1111/e10043/managepols.htm#JISEC4335

  • SonPat99
    SonPat99 Rank 6 - Analytics Lead

    Thanks Christian...

    I missed to mention, this requirement is for OBIEE and we are using OBIEE 1.1.0.7.

    Also, is it possible for you to share any sample script as I have never done WLST scripting.

    It will be great if the sample script is somehow related to the current topic, otherwise is also fine...

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    The commands haven't change. You didn't mention any version so I always use the latest documentation by default.

    Detail usage here: https://docs.oracle.com/middleware/1212/idm/IDMCR/custom_infra_security.htm#CIHBEHEE

    And if you google "obiee grantAppRple wlst" you'll get loads of examples like this:

    http://www.rittmanmead.com/blog/2011/04/oracle-bi-ee-11g-migrating-security-policy-store-part-2/

  • SonPat99
    SonPat99 Rank 6 - Analytics Lead

    Hello Christian,

    Many Thanks for the links...

    Though it all makes sense, I am trying to understand one thing:

    I assume all these links are referring to "grantAppRole" and its use mainly.

    What I am unable to understand is, how this "grantAppRole" is going to be assigned to 100 specific users? For example, if I have figured out the list of those 100 users who will be getting this new role in a file USERS.TXT, how these users will be mapped to new role, say "BI SUBSCRIBER"?

    Please excuse if the question is inappropriate as I have very limited knowledge on WLST...

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    Having very limited knowledge is not a problem. That's why we learn and that's what all of the usual problem solvers here in the forum do on a daily (and nightly) basis.

    The problem is this:

    user1137177 wrote:I assume all these links are referring to "grantAppRole" and its use mainly.

    So that means you haven't even read - let alone tried to understand what I have posted above.

    Lowest level approach: You have a list of users. You put them in Excel. You concatenate a command for each user using Excel formulas:

    grantAppRole(appStripe="obi",  appRoleName="SomeNewRole",principalClass="com.example.user",principalName="bob")

    grantAppRole(appStripe="obi",  appRoleName="SomeNewRole",principalClass="com.example.user",principalName="john")

    grantAppRole(appStripe="obi",  appRoleName="SomeNewRole",principalClass="com.example.user",principalName="mike")

    And then either execute that line by line in the wlst console or copy+paste it into a pyton script using Notepad.

    How To Ask Questions The Smart Way

    Don't post homework questions

    Hackers are good at spotting homework questions; most of us have done them ourselves. Those questions are for you to work out, so that you will learn from the experience. It is OK to ask for hints, but not for entire solutions.
  • SonPat99
    SonPat99 Rank 6 - Analytics Lead

    Hello Christian,

    I had gone through all the links and saw all were referring to "grantAppRole" and migration of policies and I even googled to understand the syntax and working or this command.

    I apologize if "I assume all these links are referring to "grantAppRole" and its use mainly." sentence has hurt you, but it was unintentional.

    I was thinking in the same direction of using script to read names of all users, but more like SHELL or BAT instead of PYTHON.

    Thanks for all your guidance.

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    Nothing to do with hurt. Everything to do with giving the impression that the posted content wasn't reviewed at all.

    I put "Detail usage here" explicitly on the second post to point out that that's grantAppRole in detail. The full listing of all functions was in the post before that.

    And as far as the script language goes - choose your poison of choice. :-) As long as you can connect to the WebLogic Server with it and run the actual commands everything is fine as the result will be the same.

    Just think about how you package that in terms of deployment cycles and you want to automate stuff like propagation of user rights etc. Maybe your corporation/client uses a specific product or approach which forces the use of .py over .sh or .bat over .whatever