Hi there

We have an OBIEE 12.2.1.4 cluster with two instances, and the bidata folder is located on shared storage.

Authentication is configured via the repository (RPD) using an initialization block with an Oracle DB query similar to:select username, name, role from app_users where username=:USER and password=:PASSWORD and...

In other words, users are not physically created anywhere (in WebLogic or AD), with rare exceptions for maintenance accounts; their identities and roles are stored in database tables.

Upon the first authentication, BI automatically creates a folder in the catalog with the username and grants the appropriate permissions to it.

During virtual machine maintenance (I am not entirely sure of the details, but the machines were joined and disjoined from the Active Directory), some users lost access permissions to their own personal folders.The attached screenshots show two cases: before and after the issue. In the first case, permissions are granted to the specific owner, while in the second, only standard permissions remain, including the BIUser role we manually created.

We are not currently considering restoring the catalog from backup (althoug

h we do have one).

All users are assigned the BIUser role.We can grant full privileges to these folders using scripts like the following:

runcat.cmd -cmd setItemPermissions -online "http://192.168.10.10:9502/analytics/saw.dll" -credentials "C:\temp\weblogic\creds.txt" -setOption changeMentioned -changeOption replace -accountName "BIUser" -accountType approle -permission F -item "/users/meinzergd" -recursive true

However, is there a way to specify the actual username so that BI simply applies it to the ACL without validating it against the internal security store?