Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 16 Oracle Analytics Lounge
- 216 Oracle Analytics News
- 43 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 79 Oracle Analytics Trainings
- 15 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
in oracle bi 12c how to get loged in user in the report
Hi All
I am testing Oracle OBIEE 12c fresh installation, I was able to install it and run it fine. I created multiple users from (console > security Realm) and added them to security groups and assigned them to reports folders from analytics screen. and I 'm able to log in them using password assigned to users in console security realm and the user can only see his reports. so far so good.
My challenge now is that I want to find a way to return the logged in username and security group inside the report. so for example if a user named XXX and assigned to security group SSS I would be able to return XXX and SSS as a parameter for the report.
is that possible ? and how ?
thank you all
Answers
-
Have you tried using the USER and ROLES system session variables?
OBIEE - Where can I use a BI Server variable (session/repository) ? [Gerardnico]
You can see it in action here : http://slc02oks.oracle.com:7780/analytics/saw.dll?Dashboard&PortalPath=%2Fshared%2F10.%20Lifecycle%20and%20Admin%2F_port… (prodney/Admin123)
0 -
By the way, I hope you aren't trying to make a row-level security by that. Aren't you?
0 -
Andrew Fomin I didn't understand your question !!
I'm trying to create security on the BI so each user sees only reports assigned to him and nothing else.
0 -
rmoff I will check this link and reply to you, Thanks
0 -
That's what I'm talking about.
1. If you need to assign only appropriate reports to users, you don't need variables: Managing Objects in the Oracle BI Presentation Catalog - 11g Release 1 (11.1.1)
2. And If you need to restrict visible rows in reports: https://docs.oracle.com/cd/E23549_01/bi.1111/e10540/dataaccess.htm#CHDCBICI
None of this scenarios needs username of a current user in a report.
0 -
@Andrew Fomin. Oh, now I got you man.
let me give an example, if I have a salesmen assessment report, for management they will have a parameter to set the sales person who they want to evaluate, but for sales people them selves, each one should only be able to see his own assessment report, so I want the system to be able to get what is the username or catalog group the current user is logged in by and to give him parameters according to that. If I can get the current logged in session username I can use it in parameters LOV query to get what I want done
I hope this clarified it for you
Thanks again
0 -
Hi,
First : you said "catalog group", forget... It's not in 12c from 12.2.1.1.0, everything is done by application roles.
As rmoff posted you can get a variable with the roles (not the security groups in the web logic ldap, so pay attention to that, app roles are the step affer).
Then to join Andrew you do not setup row-level security (which is what you want to achieve) on the report / frontend. You do that on the RPD with data filters (row-level security) or LTS filtering.
Doing it in the front end means anyone allowed to create / edit an analysis can (a will) bypass the security.
0 -
OK, a clear and typical enough requirement.
You should use data filter in a repository (my second link). It will ensure users can't create a report without a filter and bypass your restriction.
A very top-level plan is the following:
1. Create a session init block and use USER and/or ROLES system variables to compute your filter arguments - salesman id/name/no/whatever you need. Put this info into your own session variables.
2. Use these variables for creating a data filters for fact tables.
When you do that, a user can simply create a report "sales by salesmen" without filters, and BI server will add a filter for a salesman. And the user won't be able to remove or change it.
0
