Is it possible to assign an OBIEE Application role to Active Directory group?

Question

Hi!

We're implementing Active Directory authentication for OBIEE.

I would like to avoid using database authorization but rather manage OBIEE privileges by assigning users to  Active Directory groups and then associate Active Directory groups with the application roles defined in the Enterprize Manager.

Is this feasible? Is this a good idea?

Thanks,

Alex

AM_1 · Answer

Thanks Gianny!

Gianni Ceresa · Answer

Hi Alex,

Not only it's a good idea, but that's how authentication and authorization generally works.

In Enterprise Managers you will see the AD groups available as members of the application roles. So you map your AD groups to application roles and after you only manage your users in AD by adding them or removing them from AD groups. Inheritance will do the rest of the job.