OBIEE Roles and Permissions

Similar Messages

• Create Roles and Permissions using API

  Hello,
  I'm new to Java and I'm trying to create Roles and Permissions in LiveCycle using API's. Can someone please check and correct my code below?
              //Create a ServiceClientFactory object
              ServiceClientFactory myFactory = ServiceClientFactory.createInstance(connectionProps);
              // Create an AuthorizationManagerServiceClient object
              AuthorizationManagerServiceClient amClient = new AuthorizationManagerServiceClient(myFactory);
              RoleImpl ri = new RoleImpl();
              ri.setName("Test ES Role");
              ri.setDescription("Test Role via API");
              ri.setMutableStatus(true);
              amClient.createRole(ri);
  Executing the above code throws exception as below;
  com.adobe.idp.um.api.UMException| [com.adobe.livecycle.usermanager.client.AuthorizationManagerServiceClient] errorCode:16385 errorCodeHEX:0x4001 message:Exception thrown is NOT a DSCException : UnExpected From DSC chainedException:java.lang.IllegalStateExceptionchainedExceptionMessage:null chainedException trace:java.lang.IllegalStateException
            at com.adobe.idp.dsc.clientsdk.ServiceClientFactory$1.handleThrowable(ServiceClientFactory.j ava:72)
            at com.adobe.idp.dsc.clientsdk.ServiceClient.invoke(ServiceClient.java:220)
            at com.adobe.livecycle.usermanager.client.AuthorizationManagerServiceClient.createRole(Autho rizationManagerServiceClient.java:159)
            at com.adobe.lc.ManageRolesAndPermissions.main(ManageRolesAndPermissions.java:70)
  Caused by: java.lang.NoClassDefFoundError: javax.ejb.EJBException
            at com.adobe.idp.dsc.clientsdk.ServiceClientFactory.evaluateMessageDispatcher(ServiceClientF actory.java:595)
            at com.adobe.idp.dsc.clientsdk.ServiceClient.invoke(ServiceClient.java:215)
            ... 2 more
  Caused by: java.lang.ClassNotFoundException: javax.ejb.EJBException
  Thank you,
  Sandeep

  Mahesh,
  Refer to your other thread ..
  API to create new items in inventory
  API to create new items in  inventory
  Regards,
  Hussein

• Roles and permissions

  I have a couple of questions.
  1. How would I go about fitting a custom permission resolver for SOA suite ?
  2. Is there a way to print the roles,users and permissions to debug ? My roles could be in LDAP or a database but permissions are in system-jazn-data.xml. Why are these permissions stored in a XML file ?
  Mohan

  Where do the LDAP implementation classes write their logs ?
  My worklist application writes logs to orabpel.log like the following.
  <2009-05-16 16:46:44,954> <DEBUG> <collaxa.cube.services> <LDAPUtil::getJNDIContext> JNDI Connection received
  My bpel console hits openldap but does not write log the same way. It shows that the user does not have enough privileges. So basically I don't see what is being done by my LDAP classes.

• Associate roles and permissions to users that existe on a database

  Hi,
  i want realise a secure authentification i used ADF Configuration but i found out that i cant bring my users from my database. i can just create new users with roles in Jdeveloper.
  do you how we can bring users to Jdeveloper and associate to them roles and permission ?

  i found this tutorial that is that what i did :
  1. Start up weblogic server (Run .. Start Server Instance)
  2. Log on to weblogic console ( http://localhost:7101/console/ )
  3. Use default username/password weblogic/weblogic1
  4. Create a datasource to connect to the schema where the authenticating database tables are (Services .. JDBC .. Data Sources)
  5. Use unique name for datasource. Use JINDI name of jdbc/
  6. Enter database name, schema name and password and test
  7. Add new Authentication provider (Security Realms .. myrealm .. Providers .. New)
  8. Enter datasource name, type SQLAuthenticator click Ok
  9. Going back into provider, change control flag to Sufficient
  10. Select Provider Specific tab and choose Plaintext passwords, password algorithm SHA-1
  11. Shut down weblogic
  12. Edit config.xml file in JDEV_DIR/system11.1.1.2.36.55.36/DefaultDomain/config and replace sql authenticator sql statements with those from web blog
  13. Restart weblogic.
  14. Go to users/groups tab in securty realm and view users and groups imported from database
  15. Set control flag for other providers to "Sufficient"
  source : http://brent.hmdclinical.com/2010/03/using-database-tables-as-weblogic.html
  but the step 12 i dont know what i need to change and with what ?

• Roles and Permissions in Oracle BI Publisher

  Hi,
  I am trying to do Role based access in the Oracle BI reporting.The roles will be in the OVD/OID and OBIR reports access should be controlled as per those roles.
  The document I refered is
  http://docs.oracle.com/cd/E14571_01/bi.1111/e13880/T539768T526688.htm#xdosa_und_users.
  When I clicked on Permissions and added some permissions like Read,Write etc..and clicked Ok,"Failed" message is displaying.
  Any idea why this error is coming?
  Thanks in advance.
  Edited by: Subin Cheruvath on Feb 17, 2013 11:00 PM

  DiscoUser.
  Skulls lays it out well in that a database user has a database name (ie: rproudman). Then they can have a role (ie: cost manager).
  Similarly in Oracle Apps, there is an Oracle Apps user (ie: could be the same - rproudman). And they can have one or many responsibilities (ie: cost manager).
  Where Disco is concerned, is that if you create an Apps mode EUL, when you log in with your Oracle Apps username and password, you are presented with a list of Oracle Apps responsibilities that have been assigned to you in Oracle Apps (unless you only have 1 responsibility where the list won't be presented, but you'll be using that responsibility by default). As security, workbooks, etc. can - AND SHOULD - only be shared with responsibilities, when you log in to Disco as one responsibility, you might see a number of reports you're allowed to run. Go back in with a new responsibility and you may see a different set of reports. Works just like switching responsibility in Oracle Apps.
  Russ

• Query on Roles and permissions in UCM 11g

  Hi,
  I have a query as follows:
  The administrator user can assign multiple roles to a user. If a user has more than one role, the permission becomes ______and ____.
  Is it,
  Addictive
  Less Restrictive
  More Restrictive
  Subtractive
  Please help.

  Sounds like a certification test question :-)
  I think the correct answers are Addictive and Less Restrictive
  (the user will get permissions based on all the roles he or she is assigned to)

• How to create a report of users in ucm about their roles and permission

  Hi All ,
  I need to create a report and it should contain all the users in ucm as well as their roles and permissions. Basically the report would be for the admin who can see all the users in a single report and can know about the roles and access of each and every users.
  How to create such report ?? I have tried from web layuot editor but the default report template i.e stdUserReport in user datasource does not contain more than three fields..Is there any method to get such kind of report???
  Please suggest!!

  There was an example component to demonstrate this kind of function. Under Stellent in version 7.5
  I do not know if they hand it out anymore but it is not on the standard samples page for Oracle. You may want to open a Support SR to ask for it. It should still be around in their servers if they can get permission to hand it out as a sample again.
  Sample CustomReports component to demonstrate how to create customized reports
  CustomReportsBundle.zip
  Date:     October 30, 2006
  Sample Version:     version=2006_10_20 (build 1)
  Product and Version:     Content Server
  Sample Status:     This is a Stellent Sample. Stellent Samples are free and include non-supported add-ons, utilities, tutorials or programming examples. It may require additional configuration or security auditing for maximum effect. It is not supported by Stellent without a consulting engagement.

• Roles included in Roles and how it effects User Content

  I want to have one role which generates a tab called "Budget Development" under this tab depending on the users other assigned roles I want from 1 to 3 addition tabs or selections to appear. Based opn user assigned Roles
  When I create 3 additional roles, and assign them to the Parent Role (Budget  Development) all 3 tabs appear evenif the addional roles are not assigned to the user.
  Role 1 "Budget Development"
              Role 1.1 "Budget Add"
              Role 1.2  "Budget Change"
              Role 1.3  " Budget Delete"
  I have access to all 3 tabs/selection and the functionality when I am assigned the 1 role of "Budget Development"
  How do I selectivly Display Sub-Roles based on Portal Roles and permissions etc.
  Thanks for any help.
  Sarah

  Hi Sarah,
               You can achieve this by the 'Merged Role Concept'.
  1)Create 3 roles with the same name say "Budget Development" which will have different ID's though.
  -Under the role properties set the "Merge ID" for each role. The mergeID has to be the same for all the 3 roles.
  2) Now create 3 worksets say "Budget Add", "Budget Change" and " Budget Delete".
  - and assign each of these worksets to 3 different roles that we have first defined.
  Now depending upon which user needs what access you can assign the roles. The user will see one role but different worksets underneath based upon what he has been assigned.
  -Let me know if you have any further issues with this.

• Mapping Roles/Groups between OBIEE 11g and Oracle EBS R12

  Hi,
  We are implementing OBIEE 11g with Oracle EBS R12 as source system. Also we are using Out of the box RPD for Oracle EBS R12.
  But we are facing lot of challenges to map OBIEE 11g groups and EBS roles and responsibilities. We do not have prior experience with EBS as source system.
  Can anyone tell how to map between obiee groups with Oracle E-Business suit R12
  Is there any document link or notes regarding this.
  Any help regarding this will really save us.
  Thanks in advance

  Please read:
  Integrating with EBS Suite Security: http://docs.oracle.com/cd/E28280_01/bi.1111/e16364/ebs_actions.htm#BIEIT1321
  As I understand you need to create a Connection Pool to your EBS database. I think that would be a serious security aspect for the integration to work over two different networks. But I don't think it's impossible.
  Domain Prerequisites is another challenge in this scenario.
  More specifically: http://docs.oracle.com/cd/E28280_01/bi.1111/e16364/ebs_actions.htm#CHDHCAFD

• Oracle BI Groups, Roles and permission through external Table

  Hi,
  We are using SSo integration with Oracle BI 10g. We need to fetch the roles , permission and groups through an external table to our Oracle BI Dashboard. Please let me know if this is possible.
  Thanks,
  Aditya Arya

  Thanks a lot shru.
  I have achieved this User authentication through external table but the roles, groups and permissions are assigned inside Oracle BI only. I need to get the roles from an external database table and map the users in that database only. I do not want to use the administration screen in Oracle BI to achieve this.
  Also, I need to know what is the OBIEE variable i can use to override roles, as we use USER for adding a new user and the values that can be used to map the permissions.
  Thanks,
  Aditya Arya

• Sql server agent roles and job's owner issue

  Hi,
  We have a tricky question about agent role and job owner. If I granted sqlagentoperatorrole to a windows account in a sql instance, the account will have permission to create a sql job, the job's owner is the account and he can edit the job. But we want
  to keep all agent jobs' owner as SA. But after I (have sysadmin role) changed the job's owner to SA, the windows account won't be able to edit the job any more. but I don't want to give sysadmin role to the account, Does anybody have solution for my issue?
  so recap my question,
  1. all jobs owners should be SA
  2. Allow some accounts without sysadmin permission can edit these jobs
  3. Which kid of permission shall I grant to these accounts?
  Thanks
  David

  Its not secessary to have SA for all the jobs, normally we avoid using SA...
  Depends if you want to have some sort of security measures in place. If not, doesn't matter much. As for the 'sa' topic, I change the name of that account or disable immediately after install. It practically eliminates that vector of attack.
  If you SQLAgentOperatorRole permissions then you can do the below... this is just a agent role so this comes under MSDB....
  http://msdn.microsoft.com/en-us/library/ms188283.aspx
  Also if you have sql SA access with doamin account or sql account then you can play with sql server completely without any issues, no harm in this...
  Agenet principals are scoped to msdb; make sure you are running the statement from msdb DB. For example:
  use [msdb]
  go
  -- The code where @userName is declared & set
  EXEC sp_addrolemember 'SQLAgentOperatorRole', @userName
  go
  If you still have problems let us know, and please include the error number and message in order to help us understand the nature of the fauilure.
  Best practice...
  http://technet.microsoft.com/en-us/library/cc966485.aspx
  Raju Rasagounder Sr MSSQL DBA

• UME Role and Action

  I am developing a recursive tree in a Web Dynpro App. My tree has some nodes and subnodes. Under the subnodes i have documents. Depending to the permission of the users should be decided what can the user do with the documents, for example, create, upate, delete and so on. I need to check the authorization of users. I want to follow the conzept like the Web Dynpro tutorial RentCar APP with Actions und Permissions. If a user logs on, i can get his UME role and group. My question is: if it is possible to list the permissions behind of one specific role, which is assigned to the user or a group.
  In short I want to list the permissions and not only check if the user has it or not.
  Please help me.
  Regards
  Hairong Zhao

  Hi Sudhir,
  thank you very much for your quick answer. But it can't resolve our problem really.If we only use hasPermission() method to check if the user has right, the efford to check user in our case is too great .
  I try to describe our problem exactly. In our case, thers is possible that tausend documents can be attached to a node. we can't create a permission for every document. We create for every node a role, but for document we haven't role.  If we don't use the conzept with Actions and Permissions, how can we check the permission of the users, have you another idea?
  Regards,
  Hairong Zhao

• Implementing roles and rules based authorisation with Azure AD

  Hi all,
  I would greatly appreciate some input on feasibility and patterns I should look at for a complex technical requirement that I am currently tasked with designing.
  We have a system that comprises a web and mobile app. In the past we have implemented session based authentication through ADAM and authorisation through custom business rules contained within the applications. The authentication mechanism is in the process
  of being migrated to Azure AD and authorisation is planned to be moved to Azure AD for our next release.
  Existing authorisation within our web application is already complex. We have users that belong to different groups with a range of permissions such as read, write or admin. Additionally each user is granted access to N customers and also N locations within
  each customer. We have a requirement that any number of combinations of customers and locations be supported. Users also need to have different permissions for each entity, i.e. read access to customer 1 location 2, write access to customer 4 and administer
  customer 7. Currently these privileges are maintained within a relational database and enforced as part of each PageLoad(). Essentially this is a combination of roles and rules based authorisation.
  We are struggling to represent this complex matrix structure within Azure AD and efficiently implement the authorisation decision in Azure AD. The driver for this technical requirement is to provide re-usability of the authorisation component to other (as
  yet unidentified) applications.
  Currently the best option we have come up with is implementing custom attributes for each class of permissions and storing within this 2048 bit field a bitmask that represents whether this permission is granted for a given location (which has a many to one
  relationship with customer).
  Any help or comment would be gratefully received,
  Phil

  Hi
  When "Advance routing" is used for Task assignment; the task service asserts the folllowing fact types : Task, PreviousOutcome and TaskAction to the rules engine. These facts gives all the reqd info about the task (like outcome of the participant, task stage .. etc)
  Now in the defined ruleset; we can have rules as per our requirement that can extract info from the asserted fact types and assign task to the required/next participant.
  Also note that we write the advance rules for exception cases only.
  For example; let's say all participants have 2 possible Outcomes [COMPLETE, RECHECK]. We have defined the ideal task routing flow as :
  Participant A -> Participant B -> Participant C. This is the flow when all participant selects "COMPLETE"
  Now suppose B selects outcome as "RECHECK" then the task shld move back to A. So for this case only we need to write a advance rule.
  Pls refer to the code sample at : http://download.oracle.com/technology/sample_code/hwf/workflow-106-IterativeDesign.zip
  Also dev guide : refer to section 28.3.7.2 http://download.oracle.com/docs/cd/E14571_01/integration.1111/e10224/bp_hwfmodel.htm#BABBFEJJ
  Thanks
  Edited by: Kania on May 19, 2010 2:41 AM

• OBIEE Role-based visibility

  HI Experts,
  I have come across few questions about the Role-based visibility for OBIEE reports and Dashboards. Can anyone please let me what exactly is this and if possible provide some pointers.
  Thanks in Advance.
  VR

  have a look on page 137 and further http://download.oracle.com/docs/cd/E10415_01/doc/bi.1013/b31770.pdf

• Roles and Entitlements -11g release2

  Hi ,
  I have the following requirement :
  1. Define a role sach as, users who has this role can edit other users information(the attribute of users that I will specify ) and user who does not have this role will not be able to edit other users information..
  How I can achive that? Where I define this type of rights? Any help is really strongly appreciated..
  BR,
  Aliye

  normally we deal with Admin roles for permissions. But, in your case you have to achieve this using OES as your requirement at attribute level. second option is to use EL expression on the attribute using OIM11gR2 UI. But again it will be difficult if you have to do for 50-100 attributes.
  OES:
  http://docs.oracle.com/cd/E27559_01/admin.1112/e27153/toc.htm
  EL Expression:
  http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/uicust.htm#OMDEV5176