Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 16 Oracle Analytics Lounge
- 215 Oracle Analytics News
- 43 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 79 Oracle Analytics Trainings
- 15 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
How to update user permissions memberships immediately with new role
Working purely with WLS security for users and groups in OBIEE 12c, and roles in Fusion Middleware. Nothing extraneous, nothing out of the ordinary. Plain vanilla security.
Yesterday, we created an OBIEE user, and assigned him to roles A and B. He signed in and out several times, and everything was working as expected. Today, we also assigned that user to role C (in addition to A and 
.
Also today, we created a new user, and assigned roles A, B, and C to that user.
When User #2 signs in, he sees that he is a member of all 3 roles. The OBIEE experience reflects what we should see with all 3 roles in place.
But User #1 still only sees that he is a member of roles A and B. We wait an hour, two hours, he signs out, signs back in ... still only roles A and B are reflected in his OBIEE experience. In Fusion Middleware, we can see that we have indeed assigned him to Role C, but OBIEE doesn't recognize it.
Why is this happening and what can be done about it?
Answers
-
As roles are retrieved after the validation of username & password, during a login the user should have the new role.
Can your User #1 do the things that only role C allows? Maybe you have a browser cache of the "my account" screen and it is only a visual issue.
Mainly if you have everything by default I don't expect any cache effect on the EM level. Even more so if you did assign roles directly to the user and not to a group and then adding the user to a group (and this can also have cache).
But you also don't give any detailed version: are you on the latest bundle patch of 12.2.1.4? Because bugs exists and that's why every few months there is a bundle patch...
0 -
Gianni, it's not version specific. I've seen this behavior all the way back into 11g and on every version of 12c.
User #1 can only do the things related to roles A and B. It's as if role C doesn't exist. It's not a visual issue.
0 -
In the past, I've seen it on my OBIEE systems on Windows. Now I'm working for a different company, using Linux, and we're seeing the same behavior that I've seen for years in Windows.
0 -
Hold on, I think I reported incorrectly. Here is what my QA is telling me, and this is what I have also experienced in the past: "We add a new permission to a role. That role is assigned to a new user. The permissions work fine for that new user. But existing users who were already members of the role are not getting the updated permissions right away. Seems to be some kind of caching mechanism that is preventing the immediate update to an existing user."
0 -
Gianni, I'm going to cancel this post and rewrite it with greater clarity.
0
