Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 15 Oracle Analytics Lounge
- 208 Oracle Analytics News
- 41 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 76 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
How to add application role to group in obiee
Hi Experts,
I installed obiee11g in 64bit windows-7,i created user and group in console i have added user to group in console level,then in enterprise manager
i created role but unable to add role to group
ex:
User name : sateesh
Group :k12school_wl
I added sateesh to k12school_wl group in console
i created role : k12school viewers , how to add this role to k12school_wl group,please help me.
Thanks,
Sateesh
Answers
-
Hi Sateesh,
You add groups to roles, not roles to groups.
Please review attached blog http://www.rittmanmead.com/blog/2012/03/obiee-11g-security-week-managing-application-roles-and-policies-and-managing-sec…
Michael
0 -
Thank you Michael that blog is helped me a lot,but i am facing some issues while implementing security
I have created role for my testing purpose :Role :BI MANAGER
Group:BI MANAGER_WL
Users: Ravi,viswa,sateesh (3 users)
i assigned 3 users to group and i added group to role .upto here is perfect.
i have one subject area--SH Analysis ,give access to BI MANAGER ROLE in rpd level,so these 3 users got access.
in presentation services,manage previliges given access to SH Analysis to bi manager,when i login with user RAVI in subject are i selected few columns but showing ACCESS DENIED
Where i missed,please help me.
Thanks,
Sateesh
0 -
KS,
This BI Manager Role you created is it added to any other roles in Enterprise Manager?
If not please add that role to BI Administrator Role which comes by default. Otherwise depending upon what you wan to do you might have to add this role too all the places in My privileges.
0 -
@ksbabu, you really need to read the documentation before diving into security related task. Security is a complicated thing and shouldn't be done with hit and miss approach.
I've even googled the doc for you: Fusion Middleware Security Guide for Oracle Business Intelligence Enterprise Edition - Contents
0 -
Ok whatever you do...dont do THIS abive. Making your role automatically Admin instead of managing things correctly and properly is lazy and actually dangerous because you grant way too many rights!
0 -
Ok I just have to say something here. @ksbabu asked for a group called "k12school viewers". And you mark an answer "helpful" which tell you to add it to an "Administrator" role.
That's wrong. Wrong!
You can't "solve" a security setup you don't fully understand by making everyone Administrator. What does that mean for your database? Everyone is SYS? What does that mean for your bank? Everyone has unlimited access to the safe? What does that mean for your clients? Everyone can walk out with all the data of their employer?
That answer is not "helpful". It's wrong, misleading and and a bigger security risk doesn't exist!
0 -
Hi Christian Berg,
You are correct,i tried in my local system by adding BI Adminstrator role all the users getting the previleges in that group ,but here i noticed one thing is when i login with
Admin username and password he lost analysis previleges,what is the correct procedure,please let me know.
Thanks,
Sateesh
0 -
The "correct procedure" is to have a correct security setup from A to Z. It's not something you can just slap together.
Michael told you before: You don't add roles to groups but groups to roles. Also he pointed you to a very good blog.
Here's another good presentation: OBIEE Security: It’s a Jungle Out There
For your issue I'd say: You missed one of the layers of security: OBIEE privileges. Log on as an administrator to OBIEE -> Administration -> Manage Privileges.
If you create custom roles then you have to go all the way. Which means adapting everything along the security backbone.
0 -
Edit: And take the "Helpful" away from that other answer if it's still possible. Because it really is anything but helpful.
0