Obiee Application Roles

Hi everyone,
89
I have an assignment about sending automatic mail in obiee 11g but only specific users (logged into obiee dashboard). These users can change according to their roles in a company. For examples, mail should be delivered only managers but if one of the manager goes, scheduled job should automatically stop sending mail to that users (because its role changed). It is like a user group contains only managers but can change dynamically. How can I accomplish this taks?
Thank you for your attention,
Regards

Hi,
Try to use Agent/iBot functionality - it allows you to send scheduled OBI request by email.
1. Create a request defining the content you would like to send. If it is just a text, use Narrative view in the Compound layout.
2. Create Agent/iBot to send the request above.
For this agent in the Recipients tab choose only roles suitable for managers.
If you would like to use some personalized information in the content (e.g. manager's name), set Run as Recipient under General tab for the agent.
This would sent email to all managers registered in OBI, not only those who are currently logged in application at the moment of email delivery (if you need it).
Regards

Similar Messages

OBIEE Application Role Migration between environments in WLS

Hi,
Is there a way to migrate Application Roles etc., from one environment like Dev to Prod from WLS. Currently we are manually doing it between environments.
Thanks for your time and help.

Hi,
Can u please try this once..
Just copy the xml file system-jazn-data file from the following path from ur dev environment to prod environment..
D:\MWHOME\user_projects\domains\bifoundation_domain\config\fmwconfig
And restart the services..
Please mark if it correct/helpful....

Error assigning users to application Role in Obiee 11.1.1.7.0

Hello
I installed Obiee 11.1.1.7.0 both on Windows and Linux platform and after that, I successfully set Active Directory integration. I have a problem assigning users to Application Role in EM. When I'm trying to search a user on Display name, the Principal userName returned is blank and the error is : Java Null Pointer Exception
After that I install a fresh copy of 11.1.6.0. After AD Integration, I was able to assign users to Application Role. I made 11.1.1.7.0 upgrade and same error has come. I think this is a bug because same AD settings on 11.1.1.6.0 works.
The error:
ava.lang.NullPointerException
#{viewScope.emas_pagemodel_security_EditAppRole.searchPrincipal}: java.lang.NullPointerException
Hide Additional Trace Information
javax.faces.FacesException: #{viewScope.emas_pagemodel_security_EditAppRole.searchPrincipal}: java.lang.NullPointerException at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:118) at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:103) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:97) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:1086) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:434) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:207) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emSDK.license.LicenseFilter.doFilter(LicenseFilter.java:101) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:128) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446) at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177) at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emas.fwk.MASConnectionFilter.doFilter(MASConnectionFilter.java:41) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:180) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.AuditServletFilter.doFilter(AuditServletFilter.java:179) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.EMRepLoginFilter.doFilter(EMRepLoginFilter.java:203) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.core.model.targetauth.EMLangPrefFilter.doFilter(EMLangPrefFilter.java:158) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.core.app.perf.PerfFilter.doFilter(PerfFilter.java:141) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.ContextInitFilter.doFilter(ContextInitFilter.java:542) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119) at java.security.AccessController.doPrivileged(Native Method) at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324) at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460) at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103) at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171) at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209) at weblogic.work.ExecuteThread.run(ExecuteThread.java:178) Caused by: javax.faces.el.EvaluationException: java.lang.NullPointerException at org.apache.myfaces.trinidad.component.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:51) at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102) ... 67 more Caused by: java.lang.NullPointerException at oracle.sysman.emas.model.security.DialogAdminBean$1.compare(DialogAdminBean.java:567) at java.util.Arrays.mergeSort(Arrays.java:1270) at java.util.Arrays.mergeSort(Arrays.java:1281) at java.util.Arrays.sort(Arrays.java:1210) at java.util.Collections.sort(Collections.java:157) at oracle.sysman.emas.model.security.DialogAdminBean.fetchPrincipals(DialogAdminBean.java:563) at oracle.sysman.emas.pagemodel.security.identity.EditAppRolePageModel.searchPrincipal(EditAppRolePageModel.java:496) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.el.parser.AstValue.invoke(Unknown Source) at com.sun.el.MethodExpressionImpl.invoke(Unknown Source) at org.apache.myfaces.trinidad.component.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:46) ... 68 more
Any suggestion?
Thx
Gabriel
Edited by: Gabbriel on Apr 23, 2013 10:46 PM

We received from Oracle a work-around of this problem.
It seems to be related to the virtualize flag set to true. I f you set it to false the problem disappear (it works for me).
(rif. http://docs.oracle.com/cd/E28280_01/bi.1111/e10543/privileges.htm#BABDCJBH)
There's an open BUG on this problem: Bug 16808088 - 11G JAVA.LANG.NULLPOINTEREXCEPTION ADDING USER TO ROLE AFTER UPGRADE TO 11.1.1.7.
Hope this works.
S.

Can't create Application Role in Obiee 11g Enterprise Manager

Hi All,
I was working on obiee11g enterprise manager. I created some of the groups in weblogic console. Now I wanted to create application roles in enterprise manager for those groups. I am surprised that, the "*Create*" button is inactive on the application role page of enterprise manager. I only i could see tthe actives ones "*Create Like*", "*Edit*" and "*Delete*".
Please assist shoud I need any additional configuration for the same.urgent!!
Thank you in advance,
BK.

Click on Create Like button
Then click cancel on the Create Like dialog box
Go back to the Create button, it now works
But if you log out and log back in, the Create button is disabled again
so may repeat the above process of accessing the 'Create Like' button first to enable the Create button
< Bug:13983399> CREATE BUTTON IS DISABLED IN FUSION MIDDLEWARE CONTROL IN OBIEE 11.1.1.6.0 ENV
Please mark helpful or correct if answered.
Thanks,
- A.Y

OBIEE 11g Custom Application Roles

Hello Experts,
I would need to create our Custom BI Consumer, Author Application Roles. I have followed the steps are
1) Created an Application Role "Revenue Data Access Role" for Data Level Security and added the users into it
2) Selected the existing BI Consumer Role & Created Like "Revenue Dashboard Consumer Access Role" and added "Revenue Data Access Role" into it.
3) Selected the existing BI Consumer Application Policies & Created like "Revenue Dashboard Consumer Access Role"
After Restarting OBIEE, I could see that Data level security is working fine but the users don't have Consumer Level access at dashboard level. am i missing anything here? Please advice.

John,
We can do it in repository level right..Manage---Security-Application Role.... double click the application role there u can set right?Correct me if am wrong?
Thanks,
SN.
Edited by: 926238 on Sep 1, 2012 5:57 PM

Displaying Application Roles / Groups in OBIEE

All,
We followed this blog - http://www.rittmanmead.com/2010/10/obiee-11gr1-security-explained-working-with-the-default-security-configuration/ - to implement security in our reports in OBIEE. We created four AD groups and four corresponding Application Roles for the four organizational segments in the company. This is working really well. However, the business wants to display a message saying "NOTE: You are in Role <Role Name> so you are seeing partial data for that Segment" or something like that. Is there a way to obtain the current users groups and/or application roles so they can be displayed in an analysis or dashboard?
Thanks in advance!

Use VALUEOF(NQ_SESSION.ROLES) as one of column expression and call that column in Narrative view using @n.
where n is the column order from left to right.
You might need to format the values to , separated.
Ref: http://docs.oracle.com/cd/E14571_01/bi.1111/e10540/variables.htm#BIEMG3104
If helps mark as correct.
Edited by: Srini VEERAVALLI on Jan 29, 2013 4:33 PM

Restore the BISystem application role in OBIEE 11.1.1.6.0

I accidentaly deleted the BISystem application role in OBIEE 11.1.1.6.0 from the Enterprise Manager and I need to restore it.
I tried to restore it manually by creating a new BISystem application role and adding the BISystemUser to it. Then I tried to restore related application policies but I did not find the following resources: oracle.bi.server.impersonateUser, oracle.bi.server.queryUserPopulation and EPM_Essbase_Administrator.
Any way to do that?
Thanks

Hi,
When you are adding permissions to policies in "Add permission" window select "Permissions" and "Permission Class" = oracle.security.jps.ResourcePermission (filter leave empty) and click search. You will find required permissions on the list.

OBIEE 11g issue - same user assigned to the multiple application role

Hi All,
We are facing an issue when assigning a user to the multiple application role and applying the data level filter on the different column of the same table.
For example, we have a table Department with three columns Department No, Department name, Department location.
Application Role A1 and A2 are created.
Data Level security Applied on the application role A1: Department Name='Finance'
Data Level Security Applied on the application role A2: Department location='US'
The user "User1" is created in LDAP and is assigned to both the Application roles A1 and A2.
When logged in with "User1", none of the filters of Role A1 or A2 is applied in the report. If this user is assigned to only one role, either A1 or A2, then the filter is applied. It seems the filter will not be applied if a user belongs to multiple roles with data filter applied on the same table across these roles.
Please reply if anyone has faced similar issue.

Hi All,
Regarding the above issue to update the analysis we came up that the user if assigned to the multiple group with the data filter applied on the same column of the table is getting an *"OR"* join.
We had a requirement to get an "AND" in the query condition. Please let us know if any one faced the issue and the resolution of the same.
Regards,
Jyotshna

OBIEE 11g - Application role migration from DEV to UAT or to PROD

Hello All,
there are blogs which mentioned about application role migration from dev to UAT or Prod..
Kindly provide the correct path of below two files which we use for application Role migration
1. system-jazn-data.xml
2. jps-config.xml
I have searched these files but noticed there are 3 or 4 files with same name under different paths.
Kindly help. TIA
Regards

if you mess up these files, your system will get corrupted.
You need to take proper back up and then get it done.
another way where you can avoid this risk is to manually enter the roles. Creating roles is one time effort unless you keep deleting and creating new roles. If you manually do it you will have more control on migration and you can fix if there an issue easily. Note, the migration of roles does not map the groups to roles . You still have to manually map them.
OBIEEHOME\user_projects\domains\bifoundation_domain\config\fmwconfig
1. system-jazn-data.xml
2. jps-config.xml

LDAP user to application role mapping

Hi All,
OBIEE 11.1.1.5
I have a table with ldap username and role. I have also configured external LDAP server in RPD. Users are able to login to portal.
Can some one guide me, how to make sure that when user login to OBIEE automatically by table the role will be fetched and mapped with application role created?
Or, In simple words,
How can I assign an external ldap user to be mapped to application role? One by one?? or Via table as mentioned above?
Anyone can help? All documents are not giving this simple picture to me.
It was easy in 10g, In 11g is it rocket science so that my company can loose the hope to go ahead with 11g?

Hi,
1. Create block to initialize USER variable with user name from LDAP
2. Create block to initialize GROUP variable with role name from external table
3. In initializtion block for GROUP variable add precedence with User init block to make sure that USER variable have value
4. If one user can have few roles you should check row-wise-initialization oprion
Hope it's helpful

Migrate Application Role from uat to prod in 11.1.1.6.10

Hi All,
We have to migrate the UAT Application Roles to Prod instance. I followed Rittman Mead policy store migration. servers in LINUX
http://www.rittmanmead.com/2011/04/oracle-bi-ee-11g-migrating-security-policy-store-part-2/
But at MigrateSecurityStore step, I am facing an issue with the wlst script which is throwing below error.
I am getting bellow error
wls:/offline> migrateSecurityStore(type="appPolicies",srcApp="obi",configFile="/ usr/app/MW/SecurityMigration/jps-config-policy.xml",src="sourceFileStore",dst="t                                                                                                         argetFileStore",overWrite="false")
Oct 17, 2013 11:41:27 AM oracle.security.jps.internal.config.xml.XmlConfigurationFactory initDefaultConfiguration
SEVERE: org.xml.sax.SAXParseException: The XML declaration must end with "?>".
Command FAILED, Reason: The XML declaration must end with "?>".
Traceback (innermost last):
File "<console>", line 1, in ?
File "/usr/app/MW/oracle_common/common/wlst/jpsWlstCmd.py", line 955, in migrateSecurityStore
File "/usr/app/MW/oracle_common/common/wlst/jpsWlstCmd.py", line 927, in migrateSecurityStoreImpl
        at oracle.security.jps.internal.tools.utility.source.JpsInitializerSource.getSources(JpsInitializerSource.java:155)
        at oracle.security.jps.internal.tools.utility.JpsUtility.<init>(JpsUtilty.java:62)
        at oracle.security.jps.internal.tools.utility.JpsUtilMigrationPolicyImpl.migrateAppPolicyData(JpsUtilMigrationPolicyImpl.java:151)
        at oracle.security.jps.tools.utility.JpsUtilMigrationTool.executeCommand(JpsUtilMigrationTool.java:231)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
oracle.security.jps.JpsException: oracle.security.jps.JpsException: The XML declaration must end with "?>".
This is config.xml file
<?xml version='1.0' encoding='utf-8'? standalone='yes'?>
<jpsConfig xmlns="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd">
   <property name="oracle.security.jps.jaas.mode" value="Off"/>
   <propertySets>
<propertySet name="sam1.trusted.issuers.1">
<property name="name" value="www.oracle.com" />
</propertySet>
</propertySets>
   <serviceProviders>
      <serviceProvider type="POLICY_STORE" name="policystore.xml.provider" class="oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider">
         <description>XML-based PolicyStore Provider</description>
      </serviceProvider>
   </serviceProviders>
   <serviceInstance name="srcpolicystore.xml" provider="policystore.xml.provider" location="/usr/app/MW/SecurityMigration/uat/system-jazn-data.xml">
<description>File Based Policy Store Service Instance</description>
</serviceInstance>
<serviceInstance name="policystore.xml" provider="policystore.xml.provider" location="/usr/app/MW/SecurityMigration/prod/system-jazn-data.xml">
<description>File Based Policy Store Service Instance</description>
</serviceInstance>
   </serviceInstances>
    <jpsContexts default="default">

<jpsContext name="sourceFileStore">
<serviceInstanceRef ref="srcpolicystore.xml"/>
</jpsContext> <jpsContext name="targetFileStore">
<serviceInstanceRef ref="policystore.xml"/>
</jpsContext>
</jpsContexts>
</jpsConfig>
Please let me know if i need to provide further inputs.Appreciate your help.

make sure you are running the wlst.sh from this path /MWHOME/Oracle_BI1/common/bin/wlst.sh
you can take a look at this too Migrating Security Policies from Development to Standalone WLS 11g
http://ssssupport.blogspot.com/2013/02/obiee-11g-application-role-migration.html
Obiee11g: Migrating application role from DEV to Prod server in obiee11g

Need help with data filtering on groups/application roles

Hello,
I have a situation where I have to apply security on objects (reports, prompts etc) and dimension members (Essbase cube). So the idea is like this:
Report 1: access to three users (U1, U2, U3), but for dimension Company they have separate rights:
U1: Company A, Companies A.1-A.7 (children of A) and Companies A.1.1-A.1.9 (children of A.1);
U2: Company A.1 and Companies A.1.1-A.1.9;
U3: Company A.1.1
same for Report 2, but users must have access to different companyes, like Company B, B1...
In WebLogic Console I created three groups (G1-G3) and placed each user to a group (U1-> G1, U2 ->G2, U3->G3). Then in WebLogic EM I created three application roles (R1-R3) and added for each, corresponding user (R1-> U1, R2->U2, R3-> U3).
My approach was to use application roles like this:
R1: include User1 and filter data on repository by application role to each generation of the cube ("Data_Source_Name"."Dimension_Name"."Generation2,Dimension"='Company A',"Data_Source_Name"."Dimension_Name"."Generation3,Dimension"='Company A.1', "Data_Source_Name"."Dimension_Name"."Generation4,Dimension"='Company A.1.1')
R2: include User2 and filter data on repository by application role to each generation of the cube ("Data_Source_Name"."Dimension_Name"."Generation3,Dimension"='Company A.1', "Data_Source_Name"."Dimension_Name"."Generation4,Dimension"='Company A.1.1')
R3: include User3 and filter data on repository by application role to each generation of the cube ("Data_Source_Name"."Dimension_Name"."Generation4,Dimension"='Company A.1.1').
I've noticed that, by default, each role inherites BIConsumer and "localmachineusers" application roles, so I set in repository these both roles to filter data as the role 3 (the lowest level of acces), in order for my roles (Roles 1 to 3) to have the highest privileges.
In repository I cannot see any of my users (U1-U3), but just the application roles they are in.
For Report 1 I set the access to Roles 1-3 and when I am logged on as U3 this report should display only the data for Company A.1.1, but it doesn't (displays data also for Company A, Companies A.1-A.7).
In fact it seems, that the data isn't filtered at all, which drives me to the conclusion that my data filter is override by another role, maybe ?
Could you please give me a clue about what I am missing here ?
Thank you.

Amith,
Please bear this with me - see my comments below (search for petresion_Comments):
So, we have three users who have access to a report called Report1. But the data that they see in the report needs to be different. The report has a dimension company, and each user needs to see different companies data. So the filtering needs to be done on company dimension.
petresion_Comment: That's my case to solve.
Now the groups in weblogic has no purpose in OBIEE 11g unless you are using an LDAP authenticator who has groups defined in the active directory. By this I mean the network people are maintaining the users and group relation necessary for OBIEE. So keeping the weblogic groups apart for a minute, lets deal with users and roles only.
The three users are assigned to three different roles R1, R2 and R3. By default, all the roles inherit the BIconsumer role, and localmachineusers role you mentioned is not an OTB role. This is something that is probably causing the data filtering to fail. Do a test like create a user in weblogic, assign him only to the localmachineusers role, and go to analytics, and check your roles and groups by going under my account. Make sure this role is not inheriting any other roles like BIAdministrator, BIauthor etc. So in conclusion, when one of your users login, they should inherit only their custom Role (R1 for instance), BIConsumer, Authenticated User, and your custom role localmachineusers.
petresion_Comment: That is what I checked on the first time (few days ago) and is exactly as you say (BIConsumer, localmachinerole and Role1).
Do not apply any data filters on the BIConsumer role. This is not a good practice because the filters get applied to every single user that logs into the system.
petresion_Comment: I know that, but appliyng filters on BIConsumer role I tried to make sure that its privileges doesn't overrides any of my Roles (1,2 or 3). I will remove the filter on BIConsumer.
Now create the data filters on your custom roles (R1, R2, R3). Save the RPD. Deploy the Rpd through Enterprise Manager.
petresion_Comment: Only difference in my case is that I stopped BI services, applied changes to rpd in Offline mode and then restarted BI services.But also tried as you mentioned (by the book in fact) and same result. The problem is the same, my roles(1,2,3) don't filter the companies at all.
Once you are done with all the work above, you should login into analytics as user1. After logging in go to my account, roles and groups, and make sure you see the R1 in the list of groups. Now run the report, and your filters should get applied no matter what. If they are still not getting applied, grab the physical sql and see if the filters are existing in the where condition.
petresion_Comment: Where can I capture the physical SQL (probably an MDX sent to the Essbase cube ?) ?
One other reason could be, one of the roles that are assigned to the user1 by default, is overriding the filters. Like for example, if a user is assigned to BIAdmin role, and no matter if you assign him to a different role that has 100's of filters, he will still see all of the data.
petresion_Comment: As I said before, each of my users are members of their roles, BIComsumer and localmachinerole, so no other privileges (no BIAdmin role).
Thank you for the patience.
John

Migrate one application role between two systems (keeping guid)

Hi
I know there are ways to migrate the whole policy-store from one environment to another. On the other hand there is a tool to create application roles via command line.
I have only a set of application roles which I want to move to another environment. The guid should stay identical so that the application roles get automatically applied on the copied catalog.
Does anybody know if that is also possible? I need to keep the guid but don't want to migrate the whole policy store.
Thank you

user12068228 wrote:
Hi
I know there are ways to migrate the whole policy-store from one environment to another. On the other hand there is a tool to create application roles via command line.Yes, you can create application roles via WLST. Below are the commands:
connect(“Enter Weblogic's Username Here”,”Enter Password Here″,”Hostname:PortNumber″)
createAppRole(“Enter Applicationstripe Here”,”Enter Role Name here”)
P.S: The Application stripe name is obi for the OBIEE set of roles.
I have only a set of application roles which I want to move to another environment. The guid should stay identical so that the application roles get automatically applied on the copied catalog.If I am not wrong, Althought the GUID's can be different after the migration of the application roles between environments, the permissions still stay the same. and I believe the GUID's are system dependent and might be different across two instances. Correct me if I am wrong here.
Does anybody know if that is also possible? I need to keep the guid but don't want to migrate the whole policy store.
Thank you

Synchronize Application Roles

Hi everyone,
Whenever I open the Administration Tool, then try to "synchronize application roles" under the Identity menu, I get a "Runtime Error". There aren't many details; there is a link to the .exe like "Program C:\Prgoram Files\Oracle Business...".
"The application has requested the Runtime to terminate it in an unusual way".
Now I need to see the latest application roles that have been added so that I can remove some of their permissions to certain fields on a table.
Is there another way to play with application roles? Aside from the admin tool? This extremely vague runtime error is really trying my patience.
Thanks in advance
P.S. We are using Oracle Business Intelligence 11.1.1.6.5.

On the client side, we use Windows 7 64 bit. The server runs on Linux.
Admin Tool... I'm not sure. Could be 32 bit. BI version is 11.1.1.6.5, admin tool version is 11.1.1.6.2.
Is it possible to download just the admin tool and not the whole OBIEE package from Oracle?

Is Distributed Transaction Coordinator services of the application role are required by SQL Server 2012 for clustering and support of SharePoint 2013.

All I want to know is if Distributed Transaction Coordinator services of the application role are required by SQL Server 2012 for clustering and support of SharePoint 2013.
I have been planning and deploying my companies first Windows Server 2012/SQL Server 2012 Always On cluster and Always On Availability Groups Multi-Subnet cluster and instances for SharePoint 2013, and I will be brutally honest, the documentation on either
the MSDN and TechNet leave alot to be desired. Continually finding links in the documentation will take me from a Windows 2012 reference to a page talking about Windows Server 2008 or R2, The differences of which there are so many when it comes to configurations,
settings, roles, services when working with SQL Server 2012. I have been confused, frustrated, screaming mad, with all the misdirection in this documentation. The documentation takes me windows 2008 R2 which is different than 2012!
Tired and trying to pick myself up off the floor!
Greg
Gman

In general, DTC is not required for SQL 2012. But, since you are asking specifically about SharePoint, it would be better to ask in a SharePoint forum. They would be more likely to know those situations where FTC might be needed by SharePoint.
.:|:.:|:. tim

Obiee Application Roles

Similar Messages

Maybe you are looking for