Migration membership of users in Catalog Groups

Hello everyone!
I'm trying to migrate users, Catalog Groups and analysis from Oracle BI 11.1.1.3 to Oracle BI 11.1.1.5
I successfully migrated users using Administration Console features. In Oracle BI 11.1.1.5 I can see all users from Oracle BI 11.1.1.3.
After that I copied folder '\root\system\security' and file '\root\system\security.atr' from old webcatalog to new. After restarting BI components I can see all Catalog Groups on new Oracle BI, but they are not contain any users!
What's the problem? What should I copy to migrate membership of all users in Catalog Groups?

When I just copy the catalog from one environment to another I have two problems:
1) Catalog groups still don't contain any users despite I can see them in Weblogic (may be after import users from old Weblogic to new Weblogic they have different GUIDS?)
2) When I try to change any preferences of users in Oracle BI I get error "Exception occurred when saving user preferences to the catalog access denied for user to path /users/weblogic/_prefs/userprefsxmlstore." Besides I can't see folder "My Folders" in web-catalog!

Similar Messages

Catalog group membership not updating

Hi,
I am experiencing a problem with my catalog groups. I have just created a new catalog group and added a user account as a member and also removed that user account from another group by logging in as administrator in answers and using settings - manage presentation catalog groups and users.
If i now log in as that user the membership hasn't updated and when I click on My Account for that user it still shows as a member of the old group and not the new one.
My security for users is done through LDAP and in Tools - Options in Admin console on the repository tab I have the LDAP Cache refresh interval set to 1 minutes.
I know if I restart the presentation services that it will work ok but I don't want to have to do that as I have users using the system.
Any advice would be appreciated.
Thanks
Patricia

hi,
you can try to set in the instanceconfig.xml
the tags
--->
<CacheMaxExpireMinutes>2</CacheMaxExpireMinutes>
<CacheMinExpireMinutes>1</CacheMinExpireMinutes>
<CacheMinUserExpireMinutes>1</CacheMinUserExpireMinutes>
<ClientSessionExpireMinutes>10</ClientSessionExpireMinutes>
<SearchIDExpireMinutes>9</SearchIDExpireMinutes>
<---
they control the cache of the browser
check administrator guide for more informations
--check in other pc or check with an other browser at the same
i hope i helped....
http://greekoraclebi.blogspot.com/
Edited by: eejimkos on Jul 15, 2009 4:52 AM
Edited by: eejimkos on Jul 15, 2009 5:01 AM

Need to migrate Shared services users and groups from 9.3.1 to 11.1.2.2 ver

Hi All,
We need to migrate Shared services users and groups from 9.3.1 to 11.1.2.2 version. Any help would be appreciated. Can we use CSS import export utility?
Thanks in advance!!

Hi John, In my another environment I have to migrate the users and groups from Hyperion HSS 11.1.1.2 to Hyperion shared services 11.1.2.2. I am using LCM for that, when I export the users and gropus from 11.1.1.2, it exports fine but when i import it to my 11.1.2.2 using LCM, I am getting the below errors.
Error when I try to import the groups:
ErrorEPMIE-00051: Failed to perform operation on role. Could not locate role matching filter {0} and filter attribute {1}. Please ensure that a role exists matching the filter with filter attribute.
EPMIE-00024: Failed to import all of the membership info for group test group. Invalid group members encountered. Please ensure the validity of members and its existence in their respective providers.
Errors when i try to import the users:
ErrorEPMIE-00051: Failed to perform operation on role. Could not locate role matching filter {0} and filter attribute {1}. Please ensure that a role exists matching the filter with filter attribute.
EPMIE-00020: Failed to update user 04668162 during import. Invalid identity for user. Please ensure that the user is available in the system with the identity specified in the import file.
Any idea?
Thanks in advance.

Getting list of all users and their group memberships from Active Directory

Hi,
I want to retrieve a list of all the users and their group memberships through JNDI from Active Directory. I am using the following code to achieve this:
==================
import javax.naming.*;
import java.util.Hashtable;
import javax.naming.directory.*;
public class GetUsersGroups{
     public static void main(String[] args){
          String[] attributeNames = {"memberOf"};
          //create an initial directory context
          Hashtable env = new Hashtable();
          env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
          env.put(Context.PROVIDER_URL, "ldap://172.19.1.32:389/");
          env.put(Context.SECURITY_AUTHENTICATION, "simple");
          env.put(Context.SECURITY_PRINCIPAL, "[email protected]");
          env.put(Context.SECURITY_CREDENTIALS, "p8admin");
          try {
               // Create the initial directory context
               DirContext ctx = new InitialDirContext(env);
               //get all the users list and their group memberships
               NamingEnumeration contentsEnum = ctx.list("CN=Users,DC=filenetp8,DC=com");
               while (contentsEnum.hasMore()){
                    NameClassPair ncp = (NameClassPair) contentsEnum.next();
                    String userName = ncp.getName();
                    System.out.println("User: "+userName);
                    try{
                         System.out.println("am here....1");
                         Attributes attrs = ctx.getAttributes(userName, attributeNames); // only asked for one attribute so only one should be returned
                         System.out.println("am here....2");
                         Attribute groupsAttribute = attrs.get(attributeNames[0]); // memberOf
                         System.out.println("-----"+groupsAttribute.size());
                         if (groupsAttribute != null){
                              // memberOf is a multi valued attribute
                              for (int i=0; i<groupsAttribute.size(); i++){
                              // print out each group that user belongs to
                              System.out.println("MemberOf: "+groupsAttribute.get(i));
                    }catch(NamingException ne){
                    // ignore for now
               System.err.println("Problem encountered....0000:" + ne);
               //get all the groups list
          } catch (NamingException e) {
          System.err.println("Problem encountered 1111:" + e);
=================
The following exception gets thrown at every user entry:
User: CN=Administrator
am here....1
Problem encountered....0000:javax.naming.NamingException: [LDAP: error code 1 -
000020D6: SvcErr: DSID-03100690, problem 5012 (DIR_ERROR), data 0
]; remaining name 'CN=Administrator'
I think it gets thrown at this line in the code:
Attributes attrs = ctx.getAttributes(userName, attributeNames);
Any idea how to overcome this and where am I wrong?
Thanks in advance,
Regards.

In this sentence:
Attributes attrs = ctx.getAttributes(userName, attributeNames); // only asked for one attribute so only one should
It seems Ok when I add "CN=Users,DC=filenetp8,DC=com" after userName, just as
userName + ",CN=Users,DC=filenetp8,DC=com"
But I still have some problem with it.
Hope it will be useful for you.

New Request/Service Offerings not displaying on Portal via Catalog Group/ User Role

I have created some new service offerings and request offerings which I have published and are visible on the portal when logged in as an administrator.
I have then added these new items into a catalog group which is tied to a pre-existing user role to target our IT department ( this user role is currently working fine and shows all the other IT related offerings)
The new published items do are not showing up on the portal.
AD sync completed with no errors.
I have done the following to troubleshoot to no avail:
- created a new catalog group and user role to target the new SO RO's to
- targeted directly to a test user rather than the AD group
Some other weird things that I believe to be related to this is that the contents of catalog groups appear empty on local console but when logging on to the SM server to launch console all catalog group items are visible.
we are seeing a lot of error and warning event logs 26319 & 3333
Any suggestions?
Thanks
Pete

did you try to restart the Microsoft Monitoring Agent?
Antoine AL Ibry

Active Directory Migration Tool Moving Users before groups?

How are permissions to resources granted? By user or by group?
It's been so long I can't actually remember, but I think we moved users and groups together.
The SIDs will change if things are moving to a new domain. But the migration tool handles that for you.

What are the draw backs of migration users before groups in a interdomain migration? if any
This topic first appeared in the Spiceworks Community

Cannot delete users from Catalog Manager

We're trying to delete users who no longer have access to OBIEE from the Catalog Manager. When we try we get an error saying access denied for user to path /users/[userid]... I know we can go out to the file system and manually delete the folder but we would like to use the Catalog Manager for this so that we can delegate this to our security staff.
Is a configuration setting wrong somewhere? It fails with users who have been granted admin rights as well as for the administrator id.
Security is configured with Hyperion Shared Services via an initialization block This is working fine. When we add a user to a group in Shared Services, the user catalog is created when the user logs in. We just can't get rid of it after removing the user from the Shared Services group.
We are running everything except the Admin Tool on AIX.
Thanks.
Jerry

I'm not sure I understand.
My system is configured to use Hyperion Shared Services for authentication. We do not create users in OBIEE. We create groups in OBIEE and assign them privileges. We then create the same groups in Shared Services. We add users to the appropriate group in Shared Services. When the user logs in, their user folder is created. When we need to remove a user's access, we take them out of the Shared Services group. We then want to delete their user folder in the catalog. We log in as an admin (we even tried this with the Administrator account), but we get the error.
Is there any way to delete users via OBI Presentation Services > Administration > Manage Catalog?
Thanks.
Jerry

Need to know how to better manage revolving users in a group

I have a new Beehive Online group set up for a external partner collaboration. Members of the group are only from Oracle or that external partner. While the BHO group is new, the collaboration has been in place for a long time (since 2007). Initially at Sun Microsystems, and now Oracle.
In my description here... when I say "collaboration" you can translate that to roughly equivalent to "BHO Group"....
The nature of the collaboration is that both companies move people to/from the collaboration, depending on the work in progress. I'm not saying there are changes daily, but there can be changes every month or so. It also happens that people working on the collaboration may be moved from it for many months or longer, and then get moved back to the collaboration at a later time. Ie, the may revolve in and out of the collaboration. Trouble is, when they are moved from the collaboration there is no guarantee that they ever get moved back to it. When a person is not part of the collaboration, their access to collaboration info is taken away.
So my problem is understanding how to manage this better in BHO.
I need to allow a user to be removed from a group, with the possibility (but not certainty) of adding them again.
-- my understanding that delete user would then require SysAd intervention to add them back.
-- I also am not clear on whether deleting the user affects their other group memberships.
I tried to find out more about locking a user
-- but it seems like that affects more then the group.
Whats the recommended way to deal with this?
Thx!

I tried deleting the "verified" user using the group creation/manage tool.
- click "View members"
- select the checkbox next to the user
- click the button "Delete (non-Verified Users)"
Doing that, the user is not removed AND I get an error message in red at the top of the page that says:
'Only selected non-"Verified" member(s) have been deleted. Go to https://beehiveonline.oracle.com/BOLAdmin.html to delete "Verified" users'
So I went to the Admin tool:
- selected my group,
- selected the user from the list
- clicked the "Delete User" button above the list.
Got the warning pop-up about the user needing to be added back by SysAd, ignored it and clicked "OK".
Got a success pop-up with all kinds of internal response tracking stuff in it. Clicked "OK"
And the user is gone from the group in the Admin tool. HOWEVER, the user still shows up in the group list in the group create/manage tool.
Will the user disappear from that list? If not, the list would be misleading.
Thx!
--Resii

Regarding assigning permission to dashboard to a catalog group in obiee 11g

Hi All,
i have a dashboard : trainee .
i have created one catalog group that is: GroupA
now i have assign some user to it.
now i want to assign permission to the trainee dashboard to the groupA.
i tried to do that but when i am doing login obieee by using any user that has assigned to group A.
but i am not able to see trainee dashboard.
can anyone tell me the steps for doing it.

Hi,
http://www.varanasisaichand.com/2011/03/obiee-11g-security-creating-users-and.html
hope it helps
Thanks,
satya

How can I migrate from one user to another within the same computer?

My main user account in my desktop is becoming buggy after to many migrations from different computers and long time usage. I would like to migrate from one user to another user within the same computer to see if this improves my current problems.
How can I do it in a reasonably safe and quick way?
Thank you very much, cheers, Rui
iMAC, OS 10.6.8... and yes, I love Snow Leopard light and handy... and all my programs work on it...

Move small groups of files to the /Users/Shared/ folder or another location and see if the problems disappear. Moving everything to a new user account will in all probability transfer the problems.
(119885)

Add user to sharepoint group using REST API

I am trying to add a user to sharepoint group with following code
serviceUrl= Appweb + "/_api/SP.AppContextSite(@target)/web/sitegroups("+GroupId+")/users?@target='host web'";
$.ajax({
url: serviceUrl,
type: "POST",
contentType: "application/json; charset=utf-8",
dataType: 'json',
body: "{'__metadata': { 'type': 'SP.User' },'LoginName':'i:0#.f|membership|'+email }",
headers: {"accept":"application/json;odata=verbose",
"content-type": "application/json;odata=verbose",
"X-RequestDigest":$("#__REQUESTDIGEST").val()
async: false,
success: function (data) {
alert('success');
error: function (data) {
alert('fail');
The request goes to error function. Response of the request is Microsoft.SharePoint.Client.InvalidClientQueryException and message is A node of type 'EndOfInput' was read from the JSON reader when trying to read the start of an entry. A 'StartObject' node was
expected
I tried the sample from following link but fail it
https://msdn.microsoft.com/en-us/library/office/dn531432.aspx

Hi,
Per my understanding, you might want to add an user to a SharePoint group in host web from a SharePoint Hosted App using REST API.
Here is a working demo for your reference:
var hostweburl;
var appweburl;
$(document).ready(function () {
//Get the URI decoded URLs.
hostweburl = decodeURIComponent(getQueryStringParameter("SPHostUrl"));
appweburl = decodeURIComponent(getQueryStringParameter("SPAppWebUrl"));
// Resources are in URLs in the form:
// web_url/_layouts/15/resource
var scriptbase = hostweburl + "/_layouts/15/";
// SP.RequestExecutor.js to make cross-domain requests
$.getScript(scriptbase + "SP.RequestExecutor.js", loadPage);
// Utilities
// Retrieve a query string value.
// For production purposes you may want to use a library to handle the query string.
function getQueryStringParameter(paramToRetrieve)
var params = document.URL.split("?")[1].split("&");
for (var i = 0; i < params.length; i = i + 1)
var singleParam = params[i].split("=");
if (singleParam[0] == paramToRetrieve) return singleParam[1];
function addUsersInGroup() {
var executor;
// Initialize the RequestExecutor with the app web URL.
executor = new SP.RequestExecutor(appweburl);
executor.executeAsync({
url: appweburl + "/_api/SP.AppContextSite(@target)/web/sitegroups(8)/users?@target='" + hostweburl + "'",
method: "POST",
contentType: "application/json; charset=utf-8",
dataType: 'json',
body: "{'__metadata': { 'type': 'SP.User' },'LoginName':'i:0#.f|membership|[email protected]'}",
headers: {
"Accept": "application/json; odata=verbose",
"content-type": "application/json;odata=verbose",
"X-RequestDigest":$("#__REQUESTDIGEST").val()
success: addUsersInGroupSuccessHandler,
error: addUsersInGroupErrorHandler
function addUsersInGroupSuccessHandler(data)
console.log(data);
var jsonObject = JSON.parse(data.body);
console.log(jsonObject);
function addUsersInGroupErrorHandler(data)
console.log(data);
var jsonObject = JSON.parse(data.body);
console.log(jsonObject);
Thanks
Patrick Liang
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected].

Object Level security by creating catalog groups in OBIEE-10G

Hi All,
I have a requirement to display the dashboard based on the user login. Ex. Mike belongs to HR, Smith belongs to Accounts
When Mike logs in he should see only these three dashboards. HR View, Common data1, common data2. When Smith logs in he should see only these three dashboards. Accounts view, Common data1, commondata2.
The commondata1 and commondata2 dashboards has common reports for all the departments. The other dashboards are department specific with all different reports. How can I implement this?
From one of my earlier posts I was advised to do it using Object Level security by creating catalog groups. Can you please provide me end to end instructions on how to create Object level security based on catalog groups.
Thanks for your time and help.

Hi,
Mike to HR
Smit - Account
Yes, You achive by Object Level security by creating catalog groups
1) Create Catalog group and users in RPD part(Ex: Account_grp,HR_grp)
2)assign user to that particular group(let say Ex: Account_grp= Smith and HR_grp=Mike )
3) login (Admin user id ) into dashboard page and --->mange dashboard page -->add users to that particular
dashboard to relevent users and save it then
try to login that mike and smith user it will work
kindly refer below link
http://www.rittmanmead.com/2010/01/obiee-10g-web-catalog-best-practices/
http://www.rittmanmead.com/2007/05/obiee-and-row-level-security/
thanks
Deva

Is user member of group in C#

Hello everyone,
I have to bind our application from ActiveDirectory to eDirectory. Is
there a simple way to determine if the currently logged in user is a
member of a group?
In ActiveDirectory this is really simple but in eDirectory (using the
LDAP C#-library) it seems that I always have to create LDAP strings
which always have to contain username and password (which is an
absolutely no-go in my opinion).
I found many articles to my problem but no one with an easy solution.
Perhaps someone got this running without the novell LDAP library through
Microsoft DirectoryServices-Namespace.
inno1
inno1's Profile: http://forums.novell.com/member.php?userid=109362
View this thread: http://forums.novell.com/showthread.php?t=437637

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A few things come to mind. First your authentication problem; binding
anonymously is definitely allowed in eDirectory, and is even allowed by
default, but that doesn't mean the environment you are hitting will allow
it. This is something you'll need to check with whomever setup the
eDirectory environment. The documentation should cover how to set
restrictions like anonymous binds.
Next we have what I'm guessing is how you are searching for the group. I
do not see how you are going to find either your group or your user in the
group using that code so I'll suggest something else that I think is
better taking advantage of the power of eDirectory and LDAP. First a
little more information about eDirectory. By default group memberships
are shown on both the group and user sides so you can either query the
entire directory for groups that have users in their 'members' attribute,
or you can go to the user and simply get a listing of all of the values in
the groupMembership attribute. This is the best way, in my opinion, to
see if a user is a member of a group.
Now, about finding the user. In LDAP environments objects are found by
full DNs, not just their relative DNs or usernames. If you do not have a
full DN (users seldom know the full DN or use them) the first step is to
find these, which you can do with a search like you are doing, although
hopefully you wouldn't need to loop through results. Having a query like
the following should find the user in one shot in a well-designed environment:
(&(objectClass=inetorgperson)(cn=userNameHere))
Once you have found the resulting DN of the user you can find the
groupMembership attribute and either use the full set of values in that
attribute or you can iterate through the values looking for the group DN.
For both user and group you must use the full DN to verify membership.
Good luck.
On 04/28/2011 02:36 AM, inno1 wrote:
>
> ab;2100491 Wrote:
>> The check for is a user is a member of a group does not require the
>> password...I ask because the samples from the LDAP-library (ListGroup.cs, for
> example) all seem to require a password. The samples check the number of
> command line arguments and if something is missing the program does not
> work.
>
> ab;2100491 Wrote:
>> what do you mean[..]
> I need a function like
> Code:
> --------------------
> bool UserIsMemberOf(string groupName) {}
> --------------------
> to determine if a user is a member of a group.
>
> I get the userName from Environment.UserName and the groupName the user
> has to be a member of is configured somewhere in my application.
>
> In ActiveDirectory I just connect to LDAP://RootDSE and everything
> works fine.
>
> ab;2100491 Wrote:
>> [..] and what does your code look like?
> I used the 'Using .NET C# LDAP Library'
> (http://www.novell.com/coolsolutions/...e/11204.html):
>
>
> Code:
> --------------------
> Anonymous Binding
>
> // C# Library namespace
> using Novell.Directory.Ldap;
>
> // Creating an LdapConnection instance
> LdapConnection ldapConn= new LdapConnection();
>
> //Connect function will create a socket connection to the server
> ldapConn.Connect (ldapHost,ldapPort);
>
> //Bind function with null user dn and password value will perform anonymous bind
> //to LDAP server
> ldapConn.Bind (null, null);
> --------------------
>
> After this ldapConn.Bound is false. Is this correct? It could be
> correct because I didn't really authenticate when doing anonymous
> binding but it could be also wrong because even an anonymous bind should
> be a form of authentication.
>
> I also tried Identity Bind:
>
>
> Code:
> --------------------
> Binding using an Identity
>
> // C# Library namespace
> using Novell.Directory.Ldap;
>
> // Creating an LdapConnection instance
> LdapConnection ldapConn= new LdapConnection();
>
> //Connect function will create a socket connection to the server
> ldapConn.Connect(ldapHost,ldapPort);
>
> //Bind function will Bind the user object Credentials to the Server
> ldapConn.Bind(userDN,userPasswd);
> --------------------
> After this, ldapConn.Bound is true but the user has to give a password.
> I don't want the user to have to use a password because in this case the
> user has to configure it somewhere in the configuration of my
> application.
>
> Then - for testing purposes - I wrote a function to get the users of a
> group:
>
>
> Code:
> --------------------
> LdapSearchResults lsc=ldapConn.Search("ou=Users,o=DomainAdmins", LdapConnection.SCOPE_ONE, "objectClass=*", null, false);
>
> string result = String.Empty;
>
> while (lsc.hasMore()) {
> LdapEntry nextEntry = null;
>
> try {
> nextEntry = lsc.next(); // <--- EXCEPTION: see [1]
> } catch(LdapException e) {
> result = String.Concat(result, "Error: ", e.LdapErrorMessage, Environment.NewLine);
> // Exception is thrown, go for next entry
> continue;
> }
>
> result = String.Concat(result, nextEntry.DN, Environment.NewLine);
>
> LdapAttributeSet attributeSet = nextEntry.getAttributeSet();
> System.Collections.IEnumerator ienum = attributeSet.GetEnumerator();
>
> while(ienum.MoveNext()) {
> LdapAttribute attribute=(LdapAttribute)ienum.Current;
> string attributeName = attribute.Name;
> string attributeVal = attribute.StringValue;
> result = String.Concat(result, attributeName, "value:", attributeVal, Environment.NewLine);
> }
> }
> --------------------
>
>
> [1] "00000000: LdapErr: DSID-0C090627, comment: In order to perform
> this operation a successful bind must be completed on the connection.
>
> I think this is the problem:
>
>
> Code:
> --------------------
> LdapSearchResults lsc=ldapConn.Search("ou=Users,o=DomainAdmins", LdapConnection.SCOPE_ONE, "objectClass=*", null, false);
> --------------------
>
>
> So, how does this have to look for a domain named "MyDomain.com" for a
> group named "DomainAdmins" if I want to get all members of this group?
>
> And how does this have to look if I want to know if a user named
> "myuser" is member of a group "mygroup" in domain "MyDomain.com"?
>
> I think this would help me a lot.
>
> ab;2100491 Wrote:
>> There may be a need for authentication that would require a
>> username/password but that depends on the rights you assign to your
>> tree
>> to allow (or deny) anonymous access.So, this is someone the customer has to configure I think. Since I only
> want to read from a domain it has to work some way without giving a
> password.
>
> ab;2100491 Wrote:
>> Good luck.Thank you very much!
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJNujvFAAoJEF+XTK08PnB5Vn4QAJ8wDKZw5h Q5AWWkeMhKZ57U
DctNKO9Wl1xU3agTp+PjgFFCQMHTiME7/UFU7/KR+eyY0hgp9R6r0k2lK3iX1TFd
1Zwg0rkEjV+Pydy7vHk/LvqpoyWYKhrSGHhvkj/RChiIj1yEKR0rgAXGZG8NPemO
nIXJtPHQ8ZkH8ZrEGfL+25abIc5b0Ch5KXN76nSFRGORgqPRvO 2gpQW36KKj+Tfq
RZARJgBKyKaG4MOlatnS2ZNuAy1meI/1oTN/ouO8K1MR+Hey2ZvI85VUSlg3nG/z
fgj6QdIMj80KRnpgJCO4K7SFO6effHQaijRUIszz5xHxSEaPXv FcB/xPhRdedzxb
NKZu/rti0Jt3PABCG3nibbUcA05vbb6mLbufwDISJGXyUp5PK3533yT xoGFjkt1I
PL+p7ZpL4Q5s4wHBGME0y579V5EfncqqUsFh2aONzhIAmOSxu0 huaqcLG5QWmQnQ
HMn8+npkdlyGGJy4hslpyoTQefYNsn7PdXig1KAMEZjQHGlI1S WJf/hsztcP4/jM
Zf8oKMZz/35+EphCgRgXl0h5gOFk+WpxHRJ8NyAVLZioV4mcUwBzLDD7d9z lW47/
SZxxlIOKpFB1c0FokkFR2SBteDsd4dzfMPgD7MTDBNj174u7wn y3LkSvWfPTDjBS
12SwchOZ+PPL3PxfsUNc
=/n4u
-----END PGP SIGNATURE-----

Problem with tab access after user deleted from group

9ias version 9.2.0.1
There seems to be a problem (potential bug???) when deleting a user from a portal group. I have a portal page set up with multiple tabs. These tabs can only be accessed by users belonging to certain portal groups. When i add a user to a group, the user sees the necessary tabs when authenticated. However, if i delete this user from the group there is a problem. When the user re-logs into portal, they will see all the tabs belonging to the group they were deleted from. However, when they select this tab nothing happens and the portal goes into a state of flux (doesn't navigate). One way to resolve this is to go in as a portal admin, edit any tab and select apply. The portal then seems to refresh.
This solution isn't practical. Is this a bug? Is there a patch or another solutions??? Thanks

Hi Turloch! Thanks for your help!
Those SQL Statements were extracted from the MS Access application that we will continue to use to access the data , now on an Oracle Database.
I don't know what I can do to make this kind of statements works as it is on Access database. The first query, that I called Query1 works fine on Oracle, I just mentioned it because the 2nd Query , named Query2, use it.
I'm not able to understand why when I change the 1st. query to a "make-table" query the Query2 works as desired, but if I keep the Query1 and Query2 as it is on the MS Access Application I got the ODBC error message and the ORA-00904 error message , related (I think!) to the FieldTmp field used on the LEFT JOIN statement (AND).
As I told before, if I change the AND clause to compare to another field, as instance, field1 :
FROM Query1 LEFT JOIN Table3
ON (Table3.field1=Query1.Field2) AND
(Table3.field5 = Query1.Field1)
it works.
Please, is there anything that I can do to keep the MS Access Application unchanged?
Oracle = 8.1.6
Oracle ODBC Driver = 8.1.6.4
Oracle Migration Workbench = 1.3.1
Thanks in advance,
Elaine Viel Denadai

OBIEE Groups - RPD Groups, Catalog Groups, LDAP Groups

Greeting Experts
I am trying to get a clear understanding of how these different groups play out in the OBIEE world. Ideally I am looking to get clarity around what the boundaries are for these groups (what they control and don't). Really appreciate if someone could enlighten me
Thank you very much.

will LDAP Group security takes precedence over Catalog Group security
Yes
when it comes to LDAP security, can it be extended to control Authorizations besides, just User Authentication ?
Basically LDAP groups are associated with the users and those groups are again associated to Application Roles so Authorization and authentication can be done using Application role rather than a group
But if you have catalog groups (default 10g security model) you can still assign application roles for those catalog group and enable the object level security (Goto Administrator ---> Manage Catalog Groups ---> select any default 10g group there you can search and add applicatoin roles)
thanks,
Saichand

Migration membership of users in Catalog Groups

Similar Messages

Maybe you are looking for