External Table Authentication

Similar Messages

• External Table Authentication in OBIEE 11g

  Hi ,
  I have a security table, which contains userid,displayname,group . I have imported Security table in Physical Layer. I'm creating session variables based on condition.
  When am trying to logging into analytic s getting an error, invalid username and password . I'm using 11.1.1.6.0 version
  How to handle external table authentication in OBIEE 11g version.
  Regards,
  Malli

  Hi fiaz,
  That links talks about 10g version.
  Step1: We have imported a secutiry table in Physical layer.
  Step2: Creating a session variable by selecting initilazation block.
  Select user_name,group from security_table where user_id=':USER' and pwd=':password';
  step3: created DISPLAYNAME,GROUP & USER VARIABLES in edit target window
  After these modifications i was trying to logging with new user, which is there in security table.
  I am getting an error that is invalid user or password.
  Is there any other changes does it required here.
  Regards,
  Malli
  Edited by: user10675696 on Dec 26, 2012 9:39 PM

• External Table Authentication - Not Able to Login to Presentation services

  Hi ,
  I am trying to setup External table Authentication and in Rpd file I have setup session Variable as described in the OBIEE Server Admin Guide (http://download.oracle.com/docs/cd/E10415_01/doc/bi.1013/b31770.pdf -- Page 326 ) ..
  But when I try to logon to Presentation services Iget the following error.
  State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused. [nQSError: 13024] Successful completion of init block 'TableLDAP' is required. (08004)
  what am I doing wrong ? Please adivce.
  Thanks
  SS

  Hello,
  I Have setup system session User and group variables in a Initialazation block. No LDAP is tied. I have just created a table and added bunch of users and their passwords and their groups they belongs to.When I test my initialization block in rpd by suppling Uid/Pwd I see correct group they belongs to.
  But When I try in Presentation layer it doesn't work and throwing same error I mentioned.I tried various things but no luck .Not sure why intialization block is not firing off.
  Thanks
  SS

• Issue in External Table Authentication and Authorization in OBIEE11G

  Hello Gurus,
  Can anyone help me how to configure External Table Authentication and Authorization in OBIEE11g through weblogic server not like in 10g style(Through INIT Blocks).
  I've followed the (Doc ID 1338007.1) document. But when i'm restart the Managed servers and Admin servers after configuring the SQLAuthenticator all my services are showing down.
  I already raised the SR (SR 3-6286054151) on this issue. But still i didn't get any reply from them.
  Can anyone help me out on this issue or can anyone me send the document for "how to configure External Table Authentication and Authorization in OBIEE11g" . It's really appreciate for your quick response.
  my mail ID [email protected]
  Thanks,
  Syam.
  Edited by: 942658 on Oct 13, 2012 10:55 AM

  Hi John,
  Thanks for your quick response.
  We configured "ReadOnlySQL Provider" by following the Oracle's white paper(Doc ID 1338007.1) Please find the below steps what we configured in weblogic console.
  1. Created the Data Source
  2. In the data source specified the Database driver--> *Oracle's Driver Thin for service connections: Versions:9.0.1 and later.
  3. Defined the connection Properties .
  4. Selected targets as Admin server and bi_server.
  Then Activate changes
  5. Created new provider by using ReadOnlySQL Authenticator
  6. In the provider specific tab we given the SQL statements and saved it.
  7. Restarted the Admin and Managed servers.
  After restarted the services when we open the Enterprise Manager page all the services are showed as Undefined - means red.
  Apart from that we followed your suggested link http://askjohnobiee.blogspot.com/2012/09/how-to-oid-authentication-with-groups.html
  For External table authentication do we need to configure BISQLAuthenticator or ReadOnlySQLAuthenticator ?
  If we configure BISQLAuthenticator we just import Groups from database to Console application. Then how can it Authenticated to the User ?
  Please let me know your ideas on this.
  Thanks,
  Syam

• Query related to external table authentication

  Hi Gurus,
  I am new to OBIEE. When we login to the Oracle Business intelligence, we used to give user as Administrator and password as Administrator.
  At this point, can we authentication the userid and password which is stored in external table in a users schema?
  ~ John

  "Administrator" will always be a user which is registered in the repository. All other users can be authenticated by external table authentication.
  You can create an init block which sets the USER system variable by
  SELECT user FROM users WHERE user = ':USER' and password = ':PASSWORD'

• Obiee 11g external table authentication

  Hi,
  I try to create external table authentication but it is not working.
  I have created this table
  CREATE TABLE OBI_SECURITY_USERS
  USER_NAME VARCHAR2(100 BYTE),
  USER_PASSWORD VARCHAR2(20 BYTE) NOT NULL
  and I defined Initialization Block it is below
  select USER_NAME FROM obi_security_users
  where USER_NAME=UPPER(':USER')
  and USER_PASSWORD=':PASSWORD'
  and I set Variable target for USER
  I restart services but it is not working.
  Anybody help me?

  Thanks for your reply Suman.
  it is ok I login in answer from my OBI_SECURITY_USERS tables.
  I have new problem about user groups.
  My group table like this
  CREATE TABLE OBI_SECURITY_USER_GROUPS
  USER_NAME VARCHAR2(100 BYTE) NOT NULL,
  USER_GROUP VARCHAR2(100 BYTE) NOT NULL
  I insert to this table user and Group and my Initialization Block is here.
  select 'GROUP',user_group from obi_security_user_groups
  where UPPER(user_name )= UPPER(':USER')
  I have created two application role from em.
  I want to define role this group
  how can i do?
  Thanks

• How Can We Achieve External Table Authentication

  Hai Guru's
  I want Know The External Table Authentication By Step By Step
  Thanks

  Hi Friend,
  For External table authentication you can follow this link:
  http://obieeblog.wordpress.com/2009/06/18/obiee-security-enforcement-%E2%80%93-external-database-table-authorization/
  Thanks
  Don

• External table authentication not updating user group changes

  Hello
  I have a question..
  In OBIEE, i am using external table authentication. I have user and user group tables where users and groups are stores.. Every Time I create a new user and assign them to a group, these records get inserted immediately to these tables with the correct user and group ID that matches with each other.. Then in my initialization block I have the query that fetches the user name and psswd as well as groups names..
  All these are working at the initial user creation. For example, when I create user A and assign it to group A, the DB table has all of the records inserted correctly. When I log in to OBIEE using User A login, I see it is assigned to Group B.
  The problem comes when I change the user A from Group B to Group C. When I did that, although the DB table gets updated correctly, OBIEE session seems to still be the previous one. As a result, when I log in the second time, I see the user A is still assigned to Group B instead of Group C.. This seems to be cached..
  I double check these user tables in OBIEE, none of them are cache enabled.. The connection pool setting of the isolation level is set as default..
  When I reinstall OBIEE all over again and re-log in the first time, this User is now assigned to Group C..
  So seems to be that it is caching issue.
  How should I go about solving this issue
  Appreciate in advance

  Make sure you check the box for 'Required for authentication' and also 'Use caching' should not check.
  Edited by: Srini VEERAVALLI on May 15, 2013 9:05 PM

• OBIEE External Table Authentication

  Hi everyone,
  I need to send email to some groups of people in obiee 11g by using agents. (with row level security) Meaning that, the groups data are different ans special for each. In our sistem, the users have been created by using an external table in the database. We use session parameters like USER, GROUP etc... The problem is about mailing to that users. When I log in OBIEE dashboard analytics, there is no configured email address in the delivery options (My Account/Delivery Options/Add Device Email Section) When I manually configure the email address, there is no problem. But it is not possible that adding all users email address manually. How can I entegrate mail addresses, which are already exist in my external table to those users?
  Please help me

  Hi,
  Write Back is the ability to enter or update values directly into a report and have those values stored directly in to the database. In order to
  implement this feature in OBIEE we have to make some changes in the repository as well as in the presentation services layers.
  Steps for Write Back
  <li>Making the table uncacheable from the physical layer of the repository.
  <li>Configuring the write back in the connection pool.
  <li>Granting the privileges of write back to the user from the Presentation Services.
  <li>Creating a XML Template and specifying the insert and update queries for write back.
  <li>Enabling write back from the column properties of the column in the request.
  <li>Specifying the template name in the table view write back properties of the request.
  For more Information refer following links:
  http://oraclebizint.wordpress.com/2007/09/20/oracle-bi-ee-101332-write-back-option-budgetingplanning/
  http://kpipartners.blogspot.com/2009/09/writeback-in-obiee.html
  REG OBIEE WriteBack
  http://gerardnico.com/wiki/dat/obiee/write_back
  Assign Points and close thread, if your question is answered and let me know if any queries....
  UPDATED POST
  After enabling Write Back users able to change their password through report not directly with Change Password on My Account.
  Cheers,
  Aravind
  Edited by: Aravind Addala on May 23, 2011 9:11 PM

• 11g hybrid authentication / authorization: WLS plus external table

  I've implemented external table authentication / authorization in 11g. Now I'd like to add a twist.
  I have an external table containing users B, C, and D. That external table contains all of the columns I need for authentication (including a clear text password) and for authorization (roles, log level, a dynamic table name, and so forth). I have authentication in one initialization block, authorization in another. Everything works fine. I can log in as B, C, or D and see exactly what I'm supposed to see, based on the ROLES.
  The clear text passwords are generally not a problem, because this is a training instance and almost all of the passwords are the same. However, I want to add a user whose password should not be held in clear text. For that reason, I'd like to add that user into WLS. I've done that, and I'm able to log in to OBIEE. After confirming that I could log in to OBIEE with user A from the WLS, I added User A to the external table, left its password field blank, and filled in the other columns (roles, loglevel, etc...) that I need to assign into session variables.
  Here's the problem: the authorization init block properly assigns ALL session variables for users B, C, and D. It assigns all session varaibles EXCEPT the ROLES variable for user A. I've confirmed this by creating an Answers analysis that shows me the values of the session variables. The ROLES session variable for user A shows "authenticated-role;BIConsumer;AuthenticatedUser". For all other users (those who are authenticated using the clear text passwords in the external table) the ROLES variable is populated correctly, based on the values in the ROLES column in the external table. In short, the authorization init block is properly assigning the ROLES session variable only for those users that were authenticated using the authentication init block, but is assigning all other session variables correctly for all users, even the one in WLS.
  Here's my authentication init block code:
  select bi_user
  from bi_auth_ldap
  where bi_user = ':USER'
  and bi_user_pwd = ':PASSWORD'
  Here's the authorization init block code:
  select roles, bi_user_name, to_number(loglevel,0), channel_tbl
  from bi_auth_ldap
  where bi_user = ':USER'
  (returned results are assigned into ROLES, DISPLAYNAME, LOGLEVEL, and CHANNEL_TBL session variables, respectively)
  It feels like the ROLES session variable is populated in conjuction with the user logging on and being authenticated via WLS, and that the initialization block isn't able to overwrite that variable. Can an OBIEE developer confirm that for us, please? Once set in WLS, is it not possible to overwrite the ROLES session variable with SQL from an initialization block? If it IS possible, can you post some code that will accomplish it?
  Thanks!

  It occurs to me that Oracle's support model is a fantastic way to make money. Let's see, I wonder if I could become a billionaire doing this:
  Create some software. Sell that software. Then, charge customers several thousand MORE dollars, year after year, plus about $60 per bug, so that they have the right to report MY bugs to me. Yeah, that's the ticket - people PAYING for the right to report bugs to me. Oh, and if more than one person reports the same bug, I get to keep ALL of the money from ALL of them.
  Let's summarize, make sure I haven't missed something: You buy my software, you PAY ME additionally to report MY bugs to me, I don't necessarily have to fix the bugs (but I keep your money whether I fix it or not), and I can collect multiple times from different people who report the same bug.
  Sweeeeeeet.........
  Billionaire Acres, here I come!

• External Table Auth while Upgrading 11g

  What happens with External Table Authentication When we upgrade RPD from 10g to 11g?
  Please provide some assistance on that.
  Thanks
  NK

  Check these, almost got same content.
  http://www.kpipartners.com/blog/bid/137798/The-Primary-Differences-Between-OBIEE-10g-11g-Security-Models
  http://hareeobiee.blogspot.com/2013/01/compare-features-in-obiee-10g-and-11g.html
  in Rittman's site you might find some article

• External table authorization

  I have done external table authentication by creating user related details in db, but i'm unable to view user specific data (row level data security) ie external table authoriztion. I have not used user groups..It is showing details pertaining to all users
  Looking forward for your valuable suggestion....

  Hi,
  Pls refer to this link. Kumar explained it very clearly
  http://obieeblog.wordpress.com/category/obiee/obiee-security/
  Pls award points, if helpful
  Regards,
  Sarat Nallapati

• External table Authenticaittion

  hi all
  In external table authenticatio, how to authenticate passwords.
  I have usernames and encrypted pwds in an oracle table. How to verify them at user login.
  If my doubt is a childish one, plz excuse me
  Thanks in Advance

  Hi Anand,
  When you use external tables, you pretty much have complete control over the process. All you have to do is make sure you encript the password that is passed in and match it with the stored encrypted password. For example suppose I have the following table
  OBIEE_SECURITY:
  USER PASSWORD
  joe jk4A9M#920
  Then in an initialization block, when I set the USER variable, I'll set it with a custom query like:
  SELECT USER
  FROM OBIEE_SECURITY
  WHERE USER = ':USER'
  AND PASSWORD = ENCRYPT(':PASSWORD')
  John Minkjan has an excellent blog about general External Table authentication. See it here
  Hope this helps!
  Best regards,
  -Joe

• How to Authorize external table users in OBIEE 11g

  Hi All,
  I have created Session System Variables and i am Using External table Data level Authentication and successfully external table Authentication is working.
  My question is i want to Authorize this Extrenal table users in presentation services.e.g. I want to assign some dashboards or Reports to users.
  In 10g when u login with the external table users automatically users will be created in Answers and used to assign this to webcat group.
  In 11g how to achieve this???
  Reply ASAP...
  Thanks and Regards
  Kiran Kumar
  07795980891.

  Hi Kiran,
  Check this link.
  http://www.rittmanmead.com/2010/11/oracle-bi-11g-active-directory-security-using-init-blocks-variables-10g-style/

• Issue With External Table Authentiaction in OBIEE 11.1.1.6.4

  Hi,
  We are trying to implement security through External table Authentication in OBIEE 11.1.1.6.4.As a part of this process,we want to pass the credential values which are entered in login screen to the below query in the GET SQL PASSWORD section of ReadonlySQLAuthentication Provider.
  select encryptfn(:USER,:PASSWORD) from Users where Username=?
  Credential values which we are entering in Analytics Answers login screen are not getting passed into :USER and :PASSWORD.
  Can anybody please help us what is the exact variable we should use in place of :USER and :PASSWORD in the function called from the above select statement?
  Thanks,
  Syam

  Hi,
  We are also facing the same issue. Any suggestions/workarounds are appreciated.
  Thanks,
  Obul