You just have to change the LDAP queries which pulls the users from the AD.
Dear User 3468775,
To elaborate what Mr. Berg has already said, you will have to create a new AD Group in LDAP and add all users whom you want to give access to OBIEE. Refine your queries in CONSOLE to pull only users from this newly created group and you are all set.
Mainly you will have to update the USER BASE DN.
Yupp. From what he is writig I suppose he has the group already, so getting the query is a simole case of asking the AD team "What's the base DN for users and what's the group?".
At the very least you should remove authenticated-role from the BI Consumer Role to restrict login access to only users with BI Roles instead of anyone who has access to the LDAP.
Thank you all. I just want to confirm that I am understanding correctly. I have the DN for my group CN=IT-OBIEE-Users,OU=Security Groups,DC=win,DC=*****,DC=com
I just need to replace the DC=win,DC=******,DC=com that is set as the user base DN in the settings with the DN for my group.
There are two sections (see screenshot from previous reply):
USER BASE DN
GROUP BASE DN
Please modify these sections with appropriate values.
Please mark the thread as answered if your question has been answered so that other users can benefit.