YOu have all necessary things already in place it's simply a question of managing authorization correctly. Authentication is done by the LDAP. Then your external table(s) bring in the user/group information based on which you then authorize. I.e. only users coming in with a vali group from the external table and get translated into a valid application role have access. Done.
Also as Gianni already said: Do not triple-post!
Yes christian Berg, I cld able to bring the groups in which the user belongs to in external table and apply roles and when that user logins it perfectly working, it shows only the desired dashboards for him.
but other LDAP users who are not part of external tables users or grps , can able to login, due to Active directory pwds and can see the Dashboards
so unable to restrict these users.did i miss any configure settings ...?.
Define a group in your Active Directory with users who should able to login in OBIEE and filter on this from Console.
Furthermore: your security setup doesn't seem correct. It should not be the case that a user belonging to BIConsumer should see all dashboards. Did you setup any securityon dashboard level?
That just means that you didn't clean out the vanilla security and the "Authenticated User" application role is still allowed access rights and privileges.
Or worse: You have some weird inheritance making every authenticated user a BIConsumer.
Basically something's rotten.
Just saw that the other thread is also active...can you PLEASE close one and only manage ONE thread?