Forum Stats

  • 3,827,089 Users
  • 2,260,740 Discussions
  • 7,897,163 Comments

Discussions

OBIEE login

When I use any name as USERNAME (not in RPD/LDAP) in OBIEE its logs in and says

"Access Prohibited
You are not currently authorized to use Oracle BI Interactive Dashboards."

But I do not want to get this message instead i want to get invalid username/password or something of that sort in the log in screen itself.

I checked the NQSConfig security parameters and all security parameters are commented except for the AUTHENTICATION_TYPE = NQS

Also when I setup a user in RPD the user is not automatically showing up as catalog users, unless they login at least once.

When i use some junk usernames (non existent in RPD) They come up in OBIEE catalog users.

how to solve these issues

Answers

  • 646090
    646090 Member Posts: 898
    edited Jan 12, 2010 4:23PM
    Hi user12210196,

    If you are just doing RPD authentication, and you type in an invalid user name/password combination, you WILL a message saying invalid user name. See screen shot below:

    !http://i48.tinypic.com/25jkosh.jpg!

    If you have LDAP setup and you want to get the same error message if the user does NOT successfully authenticate to LDAP, then you need to make sure your initialization block that populates the OBIEE USER variable has the "Required for authentication" check box checked. See the following screen shot.

    !http://i47.tinypic.com/2i419u.png!

    In your LDAP IB, make sure you've got that check box marked and you should be all set.

    Good luck and if you found this post useful, please award points!

    Best regards,

    -Joe

    Edited by: Joe Bertram on Jan 12, 2010 1:19 PM
  • I just user RPD security and when I type a invalid username/password combination i get this:

    "Access Prohibited
    You are not currently authorized to use Oracle BI Interactive Dashboards."

    That's my problem
  • 646090
    646090 Member Posts: 898
    edited Jan 12, 2010 4:46PM
    Just to make sure, you're seeing this screen?

    !http://i46.tinypic.com/fcuv4.png!

    That screen means that you successfully logged in (authenticated), but the Administrator "Denied" you privileges to the Dashboard Module (no authorization).

    What kind of customization have you performed on your OBIEE instance? In a standard out of the box install, there is no way you can log into OBIEE without having a valid user name and password combo. You would have seen the same error screen that I showed in my previous post.

    Once you start working with LDAP or external authentication, OBIEE will let you login without having valid RPD credentials. If you can walk me through what kind of customizations you have made since your install, I should be able to help you get it back to a point where it will give you the correct error screen.

    -Joe

    Edited by: Joe Bertram on Jan 12, 2010 1:45 PM
  • Yes i get this screen.

    To my knowledge I did not make any customizations (with respect to security) other than adding 100's of reports and modeling the RPD.

    After using a invalid login, I also see them in the list of catalog users!

    This is an alarming catch!

    I don know what is wrong....

    Please help me with some inputs to check....
  • 646090
    646090 Member Posts: 898
    Hi,

    Here are a few things to check

    1) Check your instanceconfig.XML file and paste the contents here (remove any sensitive material that you don't want to share).
    2) In the RPD, go to Manage -> Variables. Look through your initialization blocks and see if any are being used to set the USER variable.

    -Joe
    646090
  • user12210196
    user12210196 Member Posts: 88
    edited Jan 12, 2010 5:27PM
    When I create a user in RPD how to get them in answers/catalog without them logging in at least once?
    Please let me know... this issue is even more severe...
  • 646090
    646090 Member Posts: 898
    I've got an Answer for you, but you're not going to like it. The short Answer is you cannot. The very first time a user logs into OBIEE, there are some automated scripts that setup some data in the catalog/users folder. The only way for you to see a user in the front end is to have OBIEE run these scripts. It's a big pain-point for people who try to manage users within OBIEE.

    The bright side is that most people only need those users to be visible so that they can add the user to a certain group so they can manage permissions. If you do LDAP user groups or external table user groups, then you don't ever need to manage the USER-GROUP membership information within OBIEE. Instead, you can assign groups to a user in initialization block at login time and that way it's all done for you.

    Here's an article by Venkat about doing LDAP user groups. http://oraclebizint.wordpress.com/2007/10/12/oracle-bi-ee-101332-and-oid-user-and-group-phase-2/

    Hope that helps!

    -Joe
This discussion has been closed.