Oracle Analytics Cloud and Server

Home Oracle Analytics Oracle Analytics Forums Oracle Analytics Cloud and Server Oracle Analytics Cloud and Server

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

OBIEE 12c User is assigned to all Application role

Received Response
1
Views
4
Comments
user6439991
user6439991 Rank 1 - Community Starter
edited Aug 13, 2024 6:16PM in Oracle Analytics Cloud and Server

Hi,

I am trying to assign Row Level Data Filter Security to Application Role. I went through the below steps so user hsannouh can only view Sale Department related data.

However, when the user login he sees all departments data. Also not sure why the user is assigned all the Application Roles.

Can someone help.

TIA

Hicham

1) I've created a  group

              HR_SAL_GRP

image1.png

2) New user

              I've created user "hsannouh" and assigned him to HR_SAL_GRP

image2.png

3) Application Role

I've created new application Roles HR_SAL_ROLE using "Create Like" and selected BIConsumer” and added the above group HR_SAL_GRP

  image3.png        

4) RPD

In RPD I added "Data Filters" to the newly created Application Role to allow users to only see Sales data based on column value in dimension and measure tables

image4.png

5) When the user Login he sees all data from all departments. Under My Account -> Role and Catalog Groups it list all Application Role although the user is added only to HR_SAL_GRP

image5.png

Answers

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    So you're managing everything in WLS, right? Have you looked at the inheritance? Are your WLS groups members of other groups, your application roles members of other roles and/or your WLS groups members of application roles?

    I think he just inherits stuff due to your group/role structure.

  • Gianni Ceresa
    Gianni Ceresa Mod

    Hi,

    In your screenshot I see authenticated-role is member of your HR_SAL_ROLE, is it the same for your other "consumer" roles?

    Because "authenticated-role" represent every single user with a values login/password, so if your other "consumer" roles are similar to your HR_SAL_ROLE having authenticated-role as member ... there you have your problem...

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    Or in short: inheritance :-P

  • Gianni Ceresa
    Gianni Ceresa Mod

    Yes, but that's the obvious answer (it will not assign you all the approles because you are good looking )