0 Replies Latest reply on Feb 17, 2015 5:05 PM by tluefex

    preventing authenticated-user from MSAD not being in a certain AD Group from accessing OBIEE


      Hi all,


      I am facing same problem as in this archived thread:

      obiee11g upgrade: Preventing authenticated-user from accessing obiee system


      Now with OBIEE (I am on Jan-2015 patch) we have this privilege "Access to Dashboards" in Answers-Privileges. I have put it like below

      Access to DashboardsBI Consumer Role
      Denied: Authenticated User


      Now the users not being in a certain group in AD (and therefore not becoming member of "BI Consumer Role") are getting this ugly message:


      Insufficient Privileges. "Access Home Page"

        Error Details

      Error Codes: C64RS3Z2



      Does anyone know of a more user friendly approach to solve this missing functionality? In my very simplistic view of the world, OBIEE should only come back with successful Authentication if the user is listed in WLS-MSAD-Provider (in my case only about 15 from 1000, but all the other 985 are getting authenticated too).

      Is there i.e. something like a custom message xml solution or something similar, to show another webpage if user is only getting the role "Authenticated user"?


      Thanks for any hints and ideas