7 Replies Latest reply: Jul 6, 2012 8:00 AM by Amith Y RSS

    Catalog Security OBIEE 11g

    AnkitR Gupta
      hi Experts,

      we want to implemet some security for BI Consumer Role.
      1. They should have access to Dashboard, ie they can see all reports and Filters on Dashboard and save custimization.
      2. they should not have access to shared folder or any reports in saved folder.



      if this is possible , then let mention the detailed steps to achieve it.

      Regards
      Ankit
        • 1. Re: Catalog Security OBIEE 11g
          SaichandVaranasi
          Hi ankit,
          . They should have access to Dashboard, ie they can see all reports and Filters on Dashboard and save customization.
          its better to create own folder/my folder to save their reports and give respective permissions because in your 2nd point they should not access the shared folder which means u need to remove the access for all the folders(if u do that no other dashboard appears to user).


          Refer below link 17 and 18th steps to set permissions.

          http://varanasisaichand.blogspot.in/2011/03/obiee-11g-security-creating-users-and.html#!http://varanasisaichand.blogspot.com/2011/03/obiee-11g-security-creating-users-and.html



          Thanks,
          Saichand.v
          • 2. Re: Catalog Security OBIEE 11g
            910308
            Hi AnkitR,

            we can achieve the

            1) BI consumer Role should have access to Dashboard, ie they can see all reports and Filters on Dashboard and save custimization : By setting the permission for biconsumer role as Custom and under it select only Read , travers & write so that group user can modify the the reports only

            2) But i ma confused with second requirement BI consumer Role should not have access to shared folder or any reports in saved folder. If we assign the permission for "save custimization" then how can we stop then to access of share folder

            Please, elaborate the security with one scenario..

            Rhishikesh

            Edited by: Rhishikesh on Feb 3, 2012 2:27 AM
            • 3. Re: Catalog Security OBIEE 11g
              user13333269
              Hi Experts

              Is there a way to hide the shared folders from users and only give them access to the dashboards to run the reports?

              Can this be acheived, I guess Ankit it looking for this requirement

              Edited by: user13333269 on Feb 3, 2012 2:25 AM
              • 4. Re: Catalog Security OBIEE 11g
                AnkitR Gupta
                Is there a way to hide the shared folders from users and only give them access to the dashboards to run the reports?
                • 5. Re: Catalog Security OBIEE 11g
                  MRanjan
                  I dont think it is possible. I think your question stems from the way 10g works.

                  In 10g, a "dashboard only" user does not get to see the "Answers" link which forbids him to see the catalogs.
                  In 11g, since the catalog link is provided right on top of the homepage, and various other places, a "dashboard only" users can see Shared folders etc.

                  Fixing it in 11g will happen by fixing the webcatalog permissions.
                  • 6. Re: Catalog Security OBIEE 11g
                    Dhar
                    Hi,

                    Yes, there are some ways to let the users access 'Dashboards' but disable them to view shared folders(code).

                    Approach 1:

                    In 11.1.1.6.2, there is an option to complete take away the 'Catalog' link on the top. So, users do not get to browse the catalog itself.

                    Approach 2:

                    On the shared folders, set the 'BIConsumerRole' a traverse permission but on the dashboards folder give them an 'Open' permission. Travserse lets the user run the dashboards beneath, but do not let them browse the folders. However, there is one issue here which we observed is the approach 2 takes off the dashboards from the 'Dashboards' drop down menu on the top. But, however we can still make it work though with some links etc.

                    Approach 3:

                    Create all the dashboards in one shared folder, but the source reports in another folder. Set 'Open' permission for the dashboards folder, but traverse for the 'Reports' folders for 'BIConsumerRole'.

                    Hope this helps or gives you a hint.

                    Thank you,
                    Dhar
                    • 7. Re: Catalog Security OBIEE 11g
                      Amith Y
                      Yes, Absolutely. Select shared folders, and click on properties, and select the Hidden check box. This will now allow only users that have the privilege to see hidden items see the shared folders and other will no longer see the shared folders but will be able to run the reports/dashboards if they have access to it, based on the permissions setup on the objects.

                      Thanks,
                      -Amith.