0 Replies Latest reply on Feb 17, 2015 5:05 PM by tluefex

    preventing authenticated-user from MSAD not being in a certain AD Group from accessing OBIEE

    tluefex

      Hi all,

       

      I am facing same problem as in this archived thread:

      obiee11g upgrade: Preventing authenticated-user from accessing obiee system

       

      Now with OBIEE 11.1.1.7 (I am on Jan-2015 patch) we have this privilege "Access to Dashboards" in Answers-Privileges. I have put it like below

      Access to DashboardsBI Consumer Role
      Denied: Authenticated User

       

      Now the users not being in a certain group in AD (and therefore not becoming member of "BI Consumer Role") are getting this ugly message:

       

      Insufficient Privileges. "Access Home Page"

        Error Details

      Error Codes: C64RS3Z2

       

       

      Does anyone know of a more user friendly approach to solve this missing functionality? In my very simplistic view of the world, OBIEE should only come back with successful Authentication if the user is listed in WLS-MSAD-Provider (in my case only about 15 from 1000, but all the other 985 are getting authenticated too).

      Is there i.e. something like a custom message xml solution or something similar, to show another webpage if user is only getting the role "Authenticated user"?

       

      Thanks for any hints and ideas