How to add application role to group in obiee — Oracle Analytics

Oracle Analytics Cloud and Server

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

How to add application role to group in obiee

Received Response
72
Views
9
Comments
ksbabu
ksbabu Rank 4 - Community Specialist

Hi Experts,

I installed obiee11g in 64bit windows-7,i created user and group in console i have added user to group in console level,then in enterprise manager

i created role but unable to add role to group

ex:

User name : sateesh

Group        :k12school_wl

I added sateesh to k12school_wl group in console

i created role : k12school viewers , how to add this role to k12school_wl group,please help me.

Thanks,

Sateesh

Answers

  • Michael Verzijl
    Michael Verzijl Rank 6 - Analytics Lead

    Hi Sateesh,

    You add groups to roles, not roles to groups.

    Please review attached blog http://www.rittmanmead.com/blog/2012/03/obiee-11g-security-week-managing-application-roles-and-policies-and-managing-sec…

    Michael

  • ksbabu
    ksbabu Rank 4 - Community Specialist

    Thank you Michael that blog is helped me a lot,but i am facing some issues while implementing security

    I have created role for my testing purpose :Role :BI MANAGER

    Group:BI MANAGER_WL

    Users: Ravi,viswa,sateesh (3 users)

    i assigned 3 users to group and i added group to role .upto here is perfect.

    i have one subject area--SH Analysis ,give access to BI MANAGER ROLE in rpd level,so these 3 users got access.

    in presentation services,manage previliges given access to SH Analysis to bi manager,when i login with user RAVI in subject are i selected few columns but showing ACCESS DENIED

    pastedImage_1.png

    Where i missed,please help me.

    Thanks,

    Sateesh

  • Shams Abbasi
    Shams Abbasi Rank 5 - Community Champion

    KS,

    This BI Manager Role you created is it added to any other roles in Enterprise Manager?

    If not please add that role to BI Administrator Role which comes by default. Otherwise depending upon what you wan to do you might have to add this role too all the places in My privileges.

  • Andrew Fomin.
    Andrew Fomin. Rank 6 - Analytics Lead

    @ksbabu, you really need to read the documentation before diving into security related task. Security is a complicated thing and shouldn't be done with hit and miss approach.

    I've even googled the doc for you: Fusion Middleware Security Guide for Oracle Business Intelligence Enterprise Edition - Contents

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    Ok whatever you do...dont do THIS abive. Making your role automatically Admin instead of managing things correctly and properly is lazy and actually dangerous because you grant way too many rights!

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    Ok I just have to say something here. @ksbabu asked for a group called "k12school viewers". And you mark an answer "helpful" which tell you to add it to an "Administrator" role.

    That's wrong. Wrong!

    You can't "solve" a security setup you don't fully understand by making everyone Administrator. What does that mean for your database? Everyone is SYS? What does that mean for your bank? Everyone has unlimited access to the safe? What does that mean for your clients? Everyone can walk out with all the data of their employer?

    That answer is not "helpful". It's wrong, misleading and and a bigger security risk doesn't exist!

  • ksbabu
    ksbabu Rank 4 - Community Specialist

    Hi Christian Berg,

    You are correct,i tried in my local system by adding BI Adminstrator role all the users  getting the previleges in that group ,but here i noticed one thing is when i login with

    Admin username and password he lost analysis previleges,what is the correct procedure,please let me know.

    Thanks,

    Sateesh

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    The "correct procedure" is to have a correct security setup from A to Z. It's not something you can just slap together.

    Michael told you before: You don't add roles to groups but groups to roles. Also he pointed you to a very good blog.

    Here's another good presentation: OBIEE Security: It’s a Jungle Out There

    For your issue I'd say: You missed one of the layers of security: OBIEE privileges. Log on as an administrator to OBIEE -> Administration -> Manage Privileges.

    pastedImage_1.png

    pastedImage_2.png

    If you create custom roles then you have to go all the way. Which means adapting everything along the security backbone.

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    Edit: And take the "Helpful" away from that other answer if it's still possible. Because it really is anything but helpful.