7 Replies Latest reply on Jan 30, 2012 10:33 PM by user452039

    obiee11g upgrade: Preventing authenticated-user from accessing obiee system

    user346948
      HI Gurus,

      We have a problem regarding security and request your inputs. Please see the issue below:

      Current Situation:
      We have successfully integrated OBIEE11g with our enterprise MS Active DIrectory. With the current set up, any user in the company will be successfully authenticated by MSAD and he/she is able to login to obiee and reach the new bieehome page. I want to prevent this.

      Expected:
      Only users who belong to certain AD Groups should be able to acess obiee

      How do I prevent this? In our MSAD we have AD groups built to identify OBIEE users. These ad Groups are pre-fixed with OBIEE_ (Ex: OBIEE_Marketing etc). Only the users belong to these groups should be allowed to login.

      In 10g, we made use of privileges to explicitly grant access to obiee. We made use of privileges like 'Access to Dashboard' etc. As a result, even if a user is successfully authenticated by LDAP MSAD , he wont be able to reach obiee dashboards if he is not a member of designated GROUP. In 11g, since there is a new page called 'BIEE HOME', non-authorized users are able to reach this page.

      Any help would be highly appreciated

      --Joe