Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 15 Oracle Analytics Lounge
- 208 Oracle Analytics News
- 41 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 76 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
OBIEE 11.1.1.7.140225 - User logs in at home on iPad and hits error [Insufficient Privileges. "Acces
Apologies for the long thread title but I am a bit stumped at this issue.
I have an end user that is saying that when they log into OBIEE while at work on their work desktop - no issues.
BUT
When they try to log into OBIEE when they get HOME on their personal iPad that they are hitting an error [Insufficient Privileges. "Access Home Page"]
If it was something with our OBIEE security set up, I would assume that they would not be able to log in either at home OR at work.
Since they can log in at work but NOT at home, it leads me to believe that it is their home set up that there is an issue, but I am not sure what could be the issue?
Could it be their cache? Network settings?
Outside of going to their house during off hours to test their iPad I am not sure what to say to this user.
Any possible ideas greatly appreciated
Answers
-
Does the user have access to the OBIEE homepage?
If not give him access and ask to test again when at home.
The OBIEE homepage privilege is required for few things (act as if I'm not wrong for example) and it's possible that the iPad app also require it. (I guess the user uses the OBIEE app and not the browser as 11.1.1.7 doesn't work well on mobile devices, that's why they added MAD at that time.)
0 -
More general: "accesses the home page"...
...like how? Just through a browser? No use of the OBI app? Using BIMAD or just plain OBI?
0 -
The user does have access to the OBIEE home page, or at least the security group that we put them in maps to it.
I checked Administration -> Manage Privileges -> Home and Header -> "Access Home Page" has the BI Consumer Role mapped to it.
When the user is able to successfully log in at work, I checked their [My Account->Roles and Catalog Groups] and see BI Consumer.
I had to do a lot of digging and rummaging around to see what the issue could be with this.
I tried to refresh the GUID and validate the catalog but the same issue persisted with the user.
I finally told them to just bring their iPad into work and have them log in so I could see exactly what was happening (it was quite a fight to even get this user to do this).
So it looks like they are using a plain old internet browser (Chrome I believe on their iPad).
When they logged in, I noticed that by default the [User ID] field on the default OBIEE home page capatilized their user id.
So
User ID = Charles
When they were able to log in at work I saw that they had
User ID = charles
I was doing some searching around and it sounds like it is possible that there is some case sensitivity.
We use LDAP as our authenticator - so when someone logs in they need to be part of our directory - otherwise they would get the error "Unable to sign in"
Since my end user is able to log in but then hits the error "Insufficient privileges" its almost as if he does not have his role mapped to the privilege [Access Home Page].
Is it possible that if he logs in with a capatilized user id that our LDAP is case INsensitive - but when OBIEE tries to map his user id to his groups/roles that it gets confused because it is case sensitive?
We have for authentication
LDAP
Weblogic Authentication Provider
Weblogic Identity Assertion Provider
Is there some case sensitivity happening some where?
0 -
I am pretty sure there is something funny going on when we have a user log in using non lower case user id's
So if someone with the login of
charles
Typed in ChArLeS - OBIEE seems to not recognize this and can not map them to the security groups we put them into.
Is there anyway I can enforce all lower case to be POST from the OBIEE login page?
0 -
I finally found an answer here
A lot of googling around and found the above link
Theres basically two places to make a change.
I am on active directory - and was having issues with end users and their login ID being case sensitive.
To turn off, or to make it case insensitive you can follow the above document.
You just need to set PrincipalEqualsCaseInsensitive to True
Log into Weblogic console - click on bifoundation_domain -> Security -> Click on the [Advanced] link to open up more options and check the box for Principa lEquals Case Insensitive to True
Another way is to do this
bifoundation_domain > Security Realms > myrealm > Providers > (Name of your ADSI provider) > Provider Specific >
Use Retrieved User Name As Principal (ticked/checked)Specifies whether we should use the user name retrieved from the embedded LDAP server as the Principal in the Subject.
This option basically takes what the log in is from Active Directory that it gets and uses this to feed into OBIEE and match the ID with the users assigned groups.
Either option will work, just need to do one or the other
Hope that helps anyone else with this same issue
0
