Oracle Analytics Cloud and Server

Home Oracle Analytics Oracle Analytics Forums Oracle Analytics Cloud and Server Oracle Analytics Cloud and Server

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

Needs to allow login to the LDAP users, only if he exist in external database tables in obiee11g

Received Response
12
Views
5
Comments
3051369
3051369 Rank 3 - Community Apprentice
edited Aug 13, 2024 6:13PM in Oracle Analytics Cloud and Server

Hi

Please let me know solution for this

I maintain users in external table and LDAP is configured and all are working fine. only thing is I need restrict LDAP users (currently all employees in the company can see the reports )

So,how to restrict the LDAP users, only if he exist in external database tables in obiee11g

Thanks

Veera

Answers

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    YOu have all necessary things already in place it's simply a question of managing authorization correctly. Authentication is done by the LDAP. Then your external table(s) bring in the user/group information based on which you then authorize. I.e. only users coming in with a vali group from the external table and get translated into a valid application role have access. Done.

    Also as Gianni already said: Do not triple-post!

    Restrict LDAP users and shld allow only if user exists in external database tables obiee11g

    Needs to allow login to the LDAP users, only if he exist in external database tables in obiee11g

  • 3051369
    3051369 Rank 3 - Community Apprentice

    Yes christian Berg, I cld able to bring the groups in which the user belongs to in external  table  and apply roles and when that user logins it perfectly working, it shows only the desired dashboards for him.

    but other LDAP users who are not part of external tables users or grps , can able to login, due to Active directory pwds and can see the Dashboards

    so unable to restrict these users.did i miss any configure settings ...?.

    Thanks

    BK

  • Michael Verzijl
    Michael Verzijl Rank 6 - Analytics Lead

    Define a group in your Active Directory with users who should able to login in OBIEE and filter on this from Console.

    Furthermore: your security setup doesn't seem correct. It should not be the case that a user belonging to BIConsumer should see all dashboards. Did you setup any securityon dashboard level?

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    That just means that you didn't clean out the vanilla security and the "Authenticated User" application role is still allowed access rights and privileges.

    Or worse: You have some weird inheritance making every authenticated user a BIConsumer.

    Basically something's rotten.

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    Just saw that the other thread is also active...can you PLEASE close one and only manage ONE thread?