Obiee Security Query

Hi All,
Can we have display a Scection in Dashborad Page to One particular User and Another Section of the Dashborad to Another User. If Both the Section are in One Single Dashborad Page.
Many Thanks in Advance

Hi,
pls go through this link for applying the security in OBIEE restricting the users and to add the roles and reponsiblites.
http://obiee2go.wordpress.com/2012/06/14/obiee-11g6-how-application-roles-groups-and-users-work-in-obiee-11g/
Thanks,
Yogi.

Similar Messages

OBIEE Security 10g to 11g: Groups

I had a Security scenario that I wanted to throw out to the forum...
In 10g, we made use of the GROUP system variable to pull a users group membership from a database table. This was a Session Variable initialized upon each login.
Data-level and object-level security was different for each group.
In our environment users had the ability to switch groups, so they could be active in one of the groups and inactive in the others. We provided a form (WriteBack) that allowed them to set what group they wanted to be active for. They would then log out and log back in and have their new group assignments.
In the Session Variable this was done by pulling in only groups that were flagged as Active. This worked great as it was done at the Session level. So I could login once and see Dashboard A, swtich my role, then log back in and NOT see Dashboard A.
I know 11g still has the concept of WEBGROUPS, that would mimic the above, but my understanding is that Oracle is pushing the use of Application Roles.
My question is how would the above behavior be ported over to 11g using Application Roles? I didn't think the population of an Application Role was Session Based, my belief is that it is populated when the Admin Server/Managed Servers are bought up pulling from the applcable Security Provider.
Edited by: DustinC on Jan 19, 2012 1:29 PM
Edited by: DustinC on Jan 20, 2012 3:54 PM
Edited by: DustinC on Jan 22, 2012 12:45 PM
Edited by: DustinC on Jan 23, 2012 11:40 AM

Q1. how deploy external database security(users, groups) to OBIEE 11g.
we used external database security in 10g. all the users and groups maintained in database and obiee rpd has security groups. repository has group information only so it is deployed groups information to obiee 11g by upgrade assistant but how can it deploy users in external database?
Solution:
http://www.varanasisaichand.com/2011/09/external-table-authenticationorder-of.html
http://www.rittmanmead.com/2012/03/obiee-11g-security-week-connecting-to-active-directory-and-obtaining-group-membership-from-database-tables/
http://obieeblog.wordpress.com/2009/06/18/obiee-security-enforcement-%E2%80%93-external-database-table-authorization/
Q2. all the users and roles in LDAP server. in this case how obiee 11g read users and group information?
Obiee11g is intergated with weblogic fusion middleware (Console,EM). in that console have feature to enable mulitiple LDAP authentication
while configuring AD via weblogic console we need to give the users and group info
Solution refer:
http://obieeelegant.blogspot.com/2012/01/obiee-11g-integration-with-ldap.html
http://docs.oracle.com/cd/E23943_01/bi.1111/e10543/privileges.htm#BABCDCFE
Thanks
Deva

Report on OBIEE Security

We use Default Authenticator and implemented the security using Weblogic console. Now my client want to see a report on the OBIEE security implemented; he want to see all the groups, roles, users listed and also interested in seeing what users and roles assigned to various groups for the project.
Is it possible to read Weblogic security Metadata?
Appreciate your thoughts on this.
Thanks
Bees

Was my answer correct? If so, please indicate so (top right of my last post). If not, then what was your answer?

Security - Query - XML Publisher

Hello,
I need some help concerning the security for queries and XML Publisher.
I am on an HR peoplesoft, tools8.49.
When I am with user PS I see my query in query manager and my XML Publisher report.
My query is Public and my report definition for XML Publisher too.
My problem is that I am not able to publish my query to see it in query viewer and I suppose (perhaps I'm wrong) that's why when I'm connecting with another user which have access to the security query tree to see this query, I am not able to see my XML Publisher report definition.
Could you tell me where I should search to publish this query in query viewer ? Or is it something special to do to see my XML Publisher report definition ?
Any ideas are welcome.
Thanks in advance for your help.

Problem solved : I have forgotten to add my role in Reporting Tools > XML Publisher > Setup > Report Category.

Alternate method of implementing EBS-OBIEE security

We have tried implementing the EBS-OBIEE security as per Metalink Note ID 555254.1(without SSO). How ever, we realised that for cookie based integration to work, both EBS, OBIEE URL need to reside on the same domain. At client location, the applications are hosted in different domains.
Any tested/proven alternative method, where we can pass the EBS responsibilities (say Operating Unit) to OBIEE?
Regards
KSK

Hi all,
yes, the session variable ':USER' is not picking the user name, but when i hard code it to 'BI_ADMIN" this works fine.
i have tried the following formats in the place of ':USER':
VALUEOF(NQ_SESSION.USER)
VALUEOF(NQ_SESSION."USER")
VALUEOF("NQ_SESSION.USER")
UPPER(VALUEOF(NQ_SESSION.USER))- checking if any problem with case
None of them worked.!!
When I remove the whole " USR.USER_NAME=':USER'
the sql runs fine..please help

Cmc rights to use Security Query Export functionalities

In Cmc when I create a Security Query it shows the list of rights a user has on Business Objects objects, and that's fine, however when I try to export those results I get a message like this:
You don't have rights to 'Schedule document to run' (id:21) for Security Query Export (ID: 1074)
On which folder or object in Cmc should I set that right? I have no idea! I'm using the Admiistrator account so I don't understand why I don't have rights to export the results of the query. I'm using BusinessObjects xi r3.
Edited by: PadawanGirl on Feb 1, 2012 5:09 PM

Hello Erika,
In your CMC > Folders > Administration Tools, make sure Administrators group has Full Control, in particular make sure that the right "schedule Document to run" is granted. If it looks fine, check the same right on Security Query Export object itself.
Frederique

OBIEE Security - How to setup SSO-integrated EBS users & mobile access?

I'm looking for the best approach to solution my company's OBIEE Security requirements, they are:
1) Create a standard authentication/security process at an enterprise level
2) Maintain EBS Roles to provide object-level and data-level security in OBIEE
3) EBS Users must go through the EBS portal to get to OBIEE (ie. single signon integration)
4) non-EBS users must go through the OBIEE portal
5) Both EBS and non-EBS users need ability to use the OBIEE iPad mobile application
So for the EBS users, I've implemented the SSO integration between OBIEE 11.1.1.5.0 and EBS R11 based on the Oracle white paper [ID 1343143.1]. I've also set up an Authorization session init block to read the user's EBS Roles and set up object/data level security.
For the non-EBS users, I've kept the default identity store (WLS-LDAP) and authentication provider.
My question is what's the best approach for providing mobile access to the EBS users? Obviously I can't pass an HTML cookie to the iPad for these guys. Assuming these EBS users are in an corporate-LDAP store, I was thinking to setup a dual authentication store that connects to both corporate-ldap(EBS) and the WLS-integrated LDAP(non-EBS).
Will this work? Does anyone have a better approach they'd like to share?

Please post the details of the application release, database version and OS.
We have a customer, who has upgraded to EBS R12 recently. With EBS R12 there comes a responsibility that enables users to directly open embedded BI in EBS. When people do LDAP authentication to EBS, they can directly open the OBIEE inside the EBS. But, when the EBS is SSO (OAM+WNA) integrated, OBIEE SSO in EBS does not work. What is the error?
It could be related that OAM generated cookies are not recognized by embedded OBIEE.
Is there a way to do a setup with both OAM SSO enabled to EBS, and EBS-OBIEE SSO is enabled inside EBS ? I do not think there is a single document that covers all the above (I believe you are aware of the individual docs).
For urgent issue, please always log a SR.
Thanks,
Hussein

SECURITY query running slow with Prompts!!

Hello All,
Version: PeopleSoft HRMS 9 with PeopleTools 8.49.09
DB Version: 10.2.0.3 (Oracle)
My client is running a security query, given below, with and without prompts. Without prompts it is completing in 35 seconds but with prompts (even if the values in the prompts are blank!), the query is taking more than 4-5 hours but not completing!!
SELECT /*+ OPT_PARAM('_optimizer_mjc_enabled', 'false')
opt_param('_optimizer_cartesian_enabled', 'false') opt_param('optimizer_index_caching', 0) opt_param('optimizer_index_cost_adj', 0)*/ B.OPRID, A.EMPLID, A.PWCUK_LEGACY_ID, A.NAME, A.EMPL_STATUS, A.EMPL_CLASS,
to_char(to_date( TO_CHAR(A.HIRE_DT, 'YYYY-MM-DD'), 'yyyy-mm-dd'), 'dd/mm/yyyy'),
to_char(to_date(decode( TO_CHAR(A.REHIRE_DT, 'YYYY-MM-DD'), '',
TO_CHAR(A.HIRE_DT, 'YYYY-MM-DD'), TO_CHAR(A.REHIRE_DT, 'YYYY-MM-DD')), 'yyyy-mm-dd'), 'dd/mm/yyyy'),
to_char(to_date( TO_CHAR(A.TERMINATION_DT, 'YYYY-MM-DD'), 'yyyy-mm-dd'), 'dd/mm/yyyy'), A.DEPTID, A.DEPT_DESCR, A.PWCUK_BUSINESSUNIT, A.PWCUK_BU_DESCR, A.PWCUK_SUBREGION, A.PWCUK_SR_DESCR,
A.PWCUK_REGION, A.PWCUK_R_DESCR, B.ROWSECCLASS, E.CLASSDEFNDESC, C.ROLENAME, D.DESCR,
Case C.ROLENAME When 'UK_OTG_Query_Access' then 'Y' When 'UK_Self_Service_Query_Access' then 'Y' When 'UK_Prtner_Affairs_Query_Acces' then 'Y' When 'UK_SelfServ_Sens_Basic_Query' then 'Y' When 'UK_ESC_Extra_Query_Access' then 'Y' When 'UK_BCI_Query_Access' then 'Y' When 'UK_Self_Service_Non_Sens_Q Acc' then 'Y' Else 'N' END, TO_CHAR(A.EFFDT, 'YYYY-MM-DD'),
TO_CHAR(A.EFFDT, 'YYYY-MM-DD'), D.ROLENAME FROM PS_PWCUK_EMP_C_VW A, PS_PERS_SRCH_QRY A1, PSOPRDEFN B, PS_ROLEU SER_VW C, PSROLEDEFN D, PSCLASSDEFN E WHERE A.EMPLID = A1.EMPLID
AND A1.OPRID = 'kcooper001a' AND ( B.OPRID = A.PWCE_GUID AND B.OPRID = C.OPRID AND C.ROLENAME NOT IN ('Orbit User', 'PWCUK_LOS_ADMIN_PLANNER', 'Query Designer', 'Query User', 'PWCE_EMEA_AUDIT_RLE_NO_BSE_TBL', 'PWCE_REPORT_DIST', 'EOPP_USER', 'PAPP_USER', 'PWCUK_XMLP_REPORT_DEVELOPER', 'GBR_PEOPLE_MANAGER_CONFIG_UPD', 'PWCUK_EX_EMPLOYEE', 'ReportSuperUser', 'PWCE JOBCODE LOAD UTILITY',
'PWCE EMPLOYEE RVW LOAD ACCESS', 'PwCE Bonus Upload Access', 'GBR_EP_SYSADMIN') AND ( C.ROLENAME NOT LIKE 'PWCUK_EP%' OR C.ROLENAME = 'PWCUK_EP_ADMIN') AND C.ROLENAME NOT LIKE 'PWCUK_SP%' AND C.ROLENAME NOT LIKE 'GBR_PMGR%' AND 0 < INSTR(:1, decode(trim(:2), null, ' ', B.OPRID)) AND 0 < INSTR(:3, decode(trim(:4), null, ' ', B.EMPLID)) AND 0 < INSTR(:5, decode(trim(:6), null, ' ', A.PWCUK_LEGACY_ID)) A
ND 0 < INSTR(:7, decode(trim(:8), null, ' ', C.ROLENAME)) AND 0 < INSTR(:9, decode(trim(:10), null, ' ', E.CLASSID)) AND C.ROLENAME = D.ROLENAME AND E.CLASSID = B.ROWSECCLASS ) ORDER BY 4, 20Below are some more useful information I have gathered from DB level for this query:
+--------------------------------------------------------------------------------------------------+
|Plan HV     Min Snap Max Snap Execs       LIO            PIO            CPU         Elapsed     |
+--------------------------------------------------------------------------------------------------+
|770792495   39602     39747     5           1,181,648,326 6,823          7,433.93    7,481.60    |
+--------------------------------------------------------------------------------------------------+
========== PHV = 770792495==========
First seen from "10/19/12 10:00:44" (snap #39602)
Last seen from "10/25/12 11:00:28" (snap #39747)
Execs          LIO            PIO            CPU            Elapsed
=====          ===            ===            ===            =======
5              1,181,648,326 6,823          7,433.93       7,481.60
Plan hash value: 770792495
| Id | Operation                           | Name               | Rows | Bytes | Cost (%CPU)| Time     |
|   0 | SELECT STATEMENT                    |                    |       |       |    35 (100)|          |
|   1 | SORT ORDER BY                      |                    |     1 |   645 |    35   (6)| 00:00:01 |
|   2 |   NESTED LOOPS                      |                    |     1 |   645 |    34   (3)| 00:00:01 |
|   3 |    NESTED LOOPS                     |                    |     6 | 1122 |    10 (10)| 00:00:01 |
|   4 |     NESTED LOOPS                    |                    |     1 |   165 |     5   (0)| 00:00:01 |
|   5 |      NESTED LOOPS                   |                    |     1 |   122 |     4   (0)| 00:00:01 |
|   6 |       NESTED LOOPS                  |                    |     1 |    81 |     3   (0)| 00:00:01 |
|   7 |        NESTED LOOPS                 |                    |   552 | 29256 |     2   (0)| 00:00:01 |
|   8 |         INDEX FULL SCAN             | PSAPSROLEUSER      |   550 | 15950 |     1   (0)| 00:00:01 |
|   9 |         TABLE ACCESS BY INDEX ROWID | PS_ROLEXLATOPR     |     1 |    24 |     1   (0)| 00:00:01 |
| 10 |          INDEX UNIQUE SCAN          | PS_ROLEXLATOPR     |     1 |       |     1   (0)| 00:00:01 |
| 11 |        TABLE ACCESS BY INDEX ROWID | PSOPRDEFN          |     1 |    28 |     1   (0)| 00:00:01 |
| 12 |         INDEX UNIQUE SCAN           | PS_PSOPRDEFN       |     1 |       |     1   (0)| 00:00:01 |
| 13 |       TABLE ACCESS BY INDEX ROWID   | PSCLASSDEFN        |     1 |    41 |     1   (0)| 00:00:01 |
| 14 |        INDEX UNIQUE SCAN            | PS_PSCLASSDEFN     |     1 |       |     1   (0)| 00:00:01 |
| 15 |      TABLE ACCESS BY INDEX ROWID    | PSROLEDEFN         |     1 |    43 |     1   (0)| 00:00:01 |
| 16 |       INDEX UNIQUE SCAN             | PS_PSROLEDEFN      |     1 |       |     1   (0)| 00:00:01 |
| 17 |     VIEW                            | PS_PERS_SRCH_QRY   |   483 | 10626 |     5 (20)| 00:00:01 |
| 18 |      SORT UNIQUE                    |                    |   483 | 62790 |     5 (20)| 00:00:01 |
| 19 |       NESTED LOOPS                  |                    |   483 | 62790 |     4   (0)| 00:00:01 |
| 20 |        NESTED LOOPS                 |                    |   483 | 49749 |     3   (0)| 00:00:01 |
| 21 |         NESTED LOOPS                |                    |     1 |    67 |     2   (0)| 00:00:01 |
| 22 |          TABLE ACCESS BY INDEX ROWID| PSOPRDEFN          |     1 |    40 |     1   (0)| 00:00:01 |
| 23 |           INDEX UNIQUE SCAN         | PS_PSOPRDEFN       |     1 |       |     1   (0)| 00:00:01 |
| 24 |          TABLE ACCESS BY INDEX ROWID| PS_SJT_OPR_CLS     |     1 |    27 |     1   (0)| 00:00:01 |
| 25 |           INDEX RANGE SCAN          | PS_SJT_OPR_CLS     |     1 |       |     1   (0)| 00:00:01 |
| 26 |         TABLE ACCESS BY INDEX ROWID | PS_SJT_CLASS_ALL   |   482 | 17352 |     1   (0)| 00:00:01 |
| 27 |          INDEX RANGE SCAN           | PS_SJT_CLASS_ALL   | 1158 |       |     1   (0)| 00:00:01 |
| 28 |        INDEX RANGE SCAN             | PS_SJT_PERSON      |     1 |    27 |     1   (0)| 00:00:01 |
| 29 |    VIEW                             | PS_PWCUK_EMP_C_VW |     1 |   458 |     4   (0)| 00:00:01 |
| 30 |     UNION ALL PUSHED PREDICATE      |                    |       |       |            |          |
| 31 |      TABLE ACCESS BY INDEX ROWID    | PS_PWCUK_EMPLOYEES |     1 |   169 |     1   (0)| 00:00:01 |
| 32 |       INDEX RANGE SCAN              | PS_PWCUK_EMPLOYEES |     1 |       |     1   (0)| 00:00:01 |
| 33 |      FILTER                         |                    |       |       |            |          |
| 34 |       NESTED LOOPS OUTER            |                    |     1 |   220 |     3   (0)| 00:00:01 |
| 35 |        NESTED LOOPS OUTER           |                    |     1 |   208 |     2   (0)| 00:00:01 |
| 36 |         TABLE ACCESS BY INDEX ROWID | PS_PWCUK_EX_EMPLS |     1 |   161 |     1   (0)| 00:00:01 |
| 37 |          INDEX RANGE SCAN           | PS_PWCUK_EX_EMPLS |     1 |       |     1   (0)| 00:00:01 |
| 38 |         TABLE ACCESS BY INDEX ROWID | PS_PWCE_EP_ROLES   |     1 |    47 |     1   (0)| 00:00:01 |
| 39 |          INDEX RANGE SCAN           | PS_PWCE_EP_ROLES   |     1 |       |     1   (0)| 00:00:01 |
| 40 |        INDEX RANGE SCAN             | PS_PWCUK_EMPLOYEES |     1 |    12 |     1   (0)| 00:00:01 |
| 41 |       SORT AGGREGATE                |                    |     1 |    23 |            |          |
| 42 |        INDEX RANGE SCAN             | PS_PWCE_EP_ROLES   |     1 |    23 |     1   (0)| 00:00:01 |
                                              Summary Execution Statistics Over Time
                                                                              Avg                 Avg
Snapshot                          Avg LIO             Avg PIO          CPU (secs)      Elapsed (secs)
Time            Execs            Per Exec            Per Exec            Per Exec            Per Exec
19-OCT 10:00        1      374,309,812.00            1,469.00            2,286.32            2,291.32
25-OCT 10:00        3       86,033,085.00            1,567.67              543.68              546.11
25-OCT 11:00        1      549,239,259.00              651.00            3,516.56            3,551.96
avg                        336,527,385.33            1,229.22            2,115.52            2,129.80
sum                 5
                                              Per-Plan Execution Statistics Over Time
                                                                                         Avg                 Avg
      Plan Snapshot                          Avg LIO             Avg PIO          CPU (secs)      Elapsed (secs)
Hash Value Time            Execs            Per Exec            Per Exec            Per Exec            Per Exec
770792495 19-OCT 10:00        1      374,309,812.00            1,469.00            2,286.32            2,291.32
           25-OCT 10:00        3       86,033,085.00            1,567.67              543.68              546.11
           25-OCT 11:00        1      549,239,259.00              651.00            3,516.56            3,551.96
avg                                   336,527,385.33            1,229.22            2,115.52            2,129.80
sum                            5I'm not at all proficient in PeopleSoft.
Please advice how we can get faster runs for this query.
Note: We have already checked all other possibilities, like network, application, web services, etc, and they look normal.
Thanks,
Suddhasatwa

If the hints are there only for the "cost", then I'm sorry to say, but they are useless. Did you say that was not efficient to the Oracle Support ?
I asked earlier if that query already ran in a reasonnable time, is it the case, or always took that time ? Is it a change of behaviour after a db upgrade ?
Have you tried to work with AWR snapshots with a short gap in between ? I mean between the AWR snapshots (every 15 minutes or so), not between the runs of the query.
If there's no values for the bind variables, I assume this is what you mean when you said "no prompts", then Oracle can go much faster because of the few (or no?) data repartition to retrieve.
However, when given values to some (all?) of the bind variables, then all the problem will be on the data repartition. That's why I was asking how you gathered statistics on the involved objects, in other words, the histograms may be wrong somehow.
There's a lot of litterature on this, have a look to the Jonathan Lewis blog for more information.
Anyway, I think there's not enough information here and does not look easy to work on it in that state from the other side of the network.
Nicolas.

BBID - Forgot Password and Answer to Security Query

Hi All,
I forgot my password for BB-ID.
I already tried to recover it by using below link:
https://blackberryid.blackberry.com/bbid/recoverpassword?i=2899178
However as I'm not able to remember the answer to the security query, I have not been able to reset the password.
Does anybody have any idea on how I can reset Password and Answer to Security Query?
I still remember my email-adress for setting up my BB-ID ... unfortunately that's all I remember.
Thanks for your help.

Read this for full information and suggestions to regain access to your BBID >> http://supportforums.blackberry.com/t5/BlackBerry-World/How-to-regain-access-to-your-BBID/td-p/25467...
You have to remember either the BlackBerryID password, or the secret question answer. Without either, you're stuck.
Your choices are:
--Use another email account to create an entirely new BlackBerryID (with which you will lose access to any purchased apps using the "forgotten" first BlackBerryID, or
--Find the initial email you were sent to confirm the initial BlackBerryID, and in it is a link to click to cancel and delete the account. Click on that, delete the account and then you can use that same email to create an entirely new account.
Good luck.
1. If any post helps you please click the below the post(s) that helped you.
2. Please resolve your thread by marking the post "Solution?" which solved it for you!
3. Install free BlackBerry Protect today for backups of contacts and data.
4. Guide to Unlocking your BlackBerry & Unlock Codes
Join our BBM Channels (Beta)
BlackBerry Support Forums Channel
PIN: C0001B7B4 Display/Scan Bar Code
Knowledge Base Updates
PIN: C0005A9AA Display/Scan Bar Code

OBIEE Security

Hi,
I want to know about various types of security provided in OBIEE.
I come across terms like row level security and column level securtiy, I want to know about these two terms wrt OBIEE. and how we provide these type of security.
Thanks
Shashank Gupta

Row level security is implemented by Data Security Groups
There are three kind of groups - data values groups (like UK etc)
data visibility groups (like Sales ) & Security groups like Country Based Security
Object Level Security:
Now for Data Visibilty under the filter you can explicitly select what subject areas a user can query like sales (Data visibility groups - Sales)
Row Based Security:
A Session Initianlization block is fired as a user logs and records the groups he is member of
ex.UK Group, Sales Group & Country Based Security Group.
The group Country Based Security Group under the filter tab has folllowing - value of dimension country = value of NQSESSION.GROUP
Hope this helps !!

Obiee security / Cache management scenarions and solution required

scenario 1: Cache Mechanism implementation
We have to develop a report which will populate the data from Cache for previous months and from database for current month simultaneously.
Scenario 2: Security (users/groups) implementation
We have to implement the authorisation on 20000+ roles (groups) in OBIEE. They want it to be implemented internally in OBIEE using some script/API so that all the roles will be created and as well as updated automatically in OBIEE whenever there are some updations in their database.
Question 1: How is it possible to manage more than 20000 roles (groups) , each role is having different different privileges ?
Scenario 3: How can we switch on or off row-level-security for different reports (As in some reports, data does not need to be restricted)"
Example: A single report has a summary page and a detail level page. Summary page can be seen by everyone whoever logs on to the BI portal and accesses the report but when the user clicks on a figure on summary page to drill to detail he sees only his data that he has access rights to.

scenario 1: Cache Mechanism implementation Can not be done. Either the query comes from the cache or it doesn't, it can not come from two sources.
Scenario 2: Security (users/groups) implementation
Question 1: How is it possible to manage more than 20000 roles (groups) , each role is having different different privileges ? Sure your requirement is to implement a specific security model not to have 20000 roles. You seem to have come with an implementation where you have 20000 roles which to me would seem like you are way off track. Could OBIEE support that? May be. Is it a good idea? Def not.
They want it to be implemented internally in OBIEE using some script/API so that all the roles will be created and as well as updated automatically in OBIEE whenever there are some updations in their database.Whoever is "they" tell them that they are not OBIEE experts and they should not tell you how to implement things. Ask them to give you the actual business requirement rather than the "solution". You as an "OBIEE expert" should decide the best way to implement it in OBIEE. The typical approach is to have all the roles in a Database and populate the GROUP variable via a row-wise init block. Plenty of into in the forums about this. Script/API? Forget about it, not fast enough.
Scenario 3: How can we switch on or off row-level-security for different reports (As in some reports, data does not need to be restricted)" If row-level-security is needed a the report level then you shouldn't implement it in the RPD but you should use filters in the different reports. Do not let the users change those reports.

Problem with OBIEE generated query

Hi All,
I'm working on OBIEE 10.1.3.4 version. For generating one report am using five tables , in thses five tables 2 are the fact tables and remaining all are dimensional tables.
In these five tables am using one or more colums in each table and we joined properly for these five tables(we are not getting any error on these joins). The problem is when ever i get query from OBIEE (Administration--->Manage sessions) its not generating a single query , instead of single query its splits into more queries..
Why its not generating the single query ,we are assuming that beacause of these reports are taking time to show the results.
Could you pls suggest me why i'm facing these and also i have these problem for only one report for remainig reports OBIEE is generating sine query.

Hi,
Please refer : multiple queries for single report
Why multiple queries ?
when we can find the multiple queries in view logn
Thanks,
Saichand.v

OBIEE 11g : query log not found

Hi,
I am not able to see the query log in 11g answers manage session throwing error query log not found.
I am using obiee 11g. 11g admin client is installed in local machine and I upload the rpd through enterprise manager. But I can not able to open the rpd in online mode that's why cannot change the query log level=2 (as in obiee 10g) for seeing the query log in Answers. Usually after making changes in 11g rpd, I upload that in server via enterprise manager console.
Can anyone please tell me what should be correct option to see the query log and how I can open the rpd in online mode and how I can set the query log level in obiee 11g????
Please help.
Thanks
Titas

Hi,
Its known bug and it can be done by below methods,
Method1:
If you enabled loglevel for each users wise it may be override with below place also can you confirm both places.
enabled Tools-->Options-->Repository-->
System log level by default will be 0 just try to increase to 2 or 3 and save it.
Method1:
by each report wise enabling loglevel
try putting the below syntax in prefix section of advanced tab.
SET VARIABLE LOGLEVEL=2,DISABLE_CACHE_HIT=1;
It should generate the log with database sql as well.
Method 3:
Create Session variable(LOGLEVEL) with initblock
in your init block --> datasource place put it like below query
select 3 from IW_POSITION
Note:just point any existing physical table from u r RPD.
Then try to save it and test it.
Refer screen
http://bidevata.wordpress.com/2012/03/03/no-log-found-error-in-obiee-11g/
Thanks
Deva
Edited by: Devarasu on Oct 11, 2012 11:44 PM

Folder Security Query

BOE XI R2
I need help extracting rights information on folders. I have an Excel spreadsheet that I currently get a list of folders in the system. I need to extend this to show which groups have access rights to each folder. Can this be done using a Query that I can replicate in the Query Builder? If not, how do I accomplish it? I am not a full time programmer so more detailed explanations are better. I do have extensive experience administering BOE, so I understand the how it all works.
Thanks
Brian

Hi Brian,
I suggest reading the BusinessObjects Enterprise SDK Documentation.
The SDK documentation is found on the following site:
https://www.sdn.sap.com/irj/boc/sdklibrary
For XI R2, please scroll down to the bottom of this page.
The "Developer Guide" contains several tutorials that may help you with understanding how to use the SDK.
I do not have a COM based sample but below is a Java based sample.
The workflow is basically the same.
Hope this helps.
Regards,
Dan
<%@ page import = "java.util.*"%>
<%@ page import = "com.crystaldecisions.sdk.framework.*"%>
<%@ page import = "com.crystaldecisions.sdk.occa.infostore.*"%>
<%@ page import = "com.crystaldecisions.sdk.occa.security.*"%>
<%@ page import = "com.crystaldecisions.sdk.exception.*"%>
<%@ page import = "com.crystaldecisions.sdk.properties.*"%>
<%@ page import = "com.crystaldecisions.sdk.plugin.*"%>
<%@ page import = "com.crystaldecisions.sdk.plugin.desktop.user.*"%>
<%
IEnterpriseSession es = null;
//Get html form values
String user = request.getParameter("username");
String password = request.getParameter("password");
String apsName = request.getParameter("apsname");
String apsAuthType = request.getParameter("authType");
//Logon and get the iStore back
es = CrystalEnterprise.getSessionMgr().logon( user, password, apsName, apsAuthType );
IInfoStore boInfoStore = (IInfoStore) es.getService("", "InfoStore" );
out.println("<TABLE BORDER='1'>");
out.println("<TR WIDTH='300' ALIGN=CENTER BGCOLOR=KHAKI><TD COLSPAN=2>Folder</TD><TD COLSPAN=4>Rights</TD></TR>");
out.println("<TR ALIGN=CENTER BGCOLOR=KHAKI><TD>ID</TD><TD>Folder Name</TD><TD>ID</TD><TD>Principal</TD><TD>Inherited</TD><TD>Role</TD></TR>");
out.println(getFolders(boInfoStore, 0, 0));
out.println("</TABLE>");
%>
<%!
String getFolders(IInfoStore boInfoStore, int parentId, int level) throws SDKException {
     String output = "";
     String query_folder = "Select * From CI_INFOOBJECTS Where SI_KIND = '" + CeKind.FOLDER + "' AND SI_PARENTID=" + parentId + " ORDER BY SI_NAME";
     IInfoObjects boInfoObjects_folder = (IInfoObjects) boInfoStore.query( query_folder );
     IInfoObject boInfoObject_folder = null;
     IObjectPrincipals boObjectPrincipals = null;
     int iPrincipalCount = 0;
     String levelPad = "";
     for ( int i = 0; i < level; i++ ) {
          levelPad += "     ";
     for ( int i = 0; i < boInfoObjects_folder.size(); i++ ) {
          boInfoObject_folder = (IInfoObject) boInfoObjects_folder.get(i);
          boObjectPrincipals = boInfoObject_folder.getSecurityInfo().getObjectPrincipals();
          iPrincipalCount = boObjectPrincipals.size();
          output += "<TR><TD ROWSPAN=" + iPrincipalCount + ">" + boInfoObject_folder.getID() + "</td>";
          output += "<TD ROWSPAN=" + iPrincipalCount + ">" + levelPad + boInfoObject_folder.getTitle() + "</td>";
          if (iPrincipalCount > 0) {
               output += getPrincipals(boObjectPrincipals);
          } else {
               output += "<TD COLSPAN=2>No rights associated with this folder.</td></TR>";
          output += getFolders(boInfoStore, boInfoObject_folder.getID(), (level+1));
     return output;
String getPrincipals(IObjectPrincipals boObjectPrincipals) throws SDKException {
     String output = "";
     IObjectPrincipal boObjectPrincipal = null;
     Iterator iterator_principals = null;
     boolean firstPrincipal = true;
     iterator_principals = boObjectPrincipals.iterator();
     firstPrincipal = true;
     while (iterator_principals.hasNext()) {
          boObjectPrincipal = (IObjectPrincipal) iterator_principals.next();
          if (firstPrincipal) {
               firstPrincipal = false;
          } else {
               output += "<TR>";
          output += "<TD>" + boObjectPrincipal.getID() + "</td>";
          output += "<TD>" + boObjectPrincipal.getName() + "</td>";
          output += "<TD>" + boObjectPrincipal.isInherited() + "</td>";
          output += "<TD>" + boObjectPrincipal.getRole().getDescription(Locale.ENGLISH) + "</td>";
          output += "</TR>";
     return output;
%>

OBIEE Security Using VPD

I`ve read Venkat`s blog http://oraclebizint.wordpress.com/2007/08/29/obi-ee-10133-and-vpd/
I have an working policy on my table:
personal_history(district_id,city_id,company_id,department_id,job_id,employee_id, salary)
For example on my policy the chiefs of department see only information on his employees, the managers for their own department.
My policy function is far more complicated than Venkat`s Executive_Apply. I`ve checked VPD in database connection.My shared connection is based on vpd_admin which i gave him dba role.
I put "select set_context_function(':USER') from dual" on before query in OBIEE Connection script, still in Answers there is no difference between managers and chiefs of department in number of rows.
Why? What i`ve done wrong?
Thank you!
Razvan.

I succeded with setting context and policy, in Aswers appears different rows for managers and chiefs of department but there is another problem :
I have two connection pool , one with user dba owner of time dimension and fact table and the other with vpd_admin (context owner).
I also have a role in which vpd_admin has select wrights on personal_history and other tables who`s owner is dba2 (another dba user).
The two connection pools are in the same vpd database directory in Physical Layer.
When i gave "update rowcount" on personal_history and the other`s tables which vpd_admin has select wrights it works.Policy works. BUT after i created the role and give it to manager and chief users in Answers none of the joins with other presentation tables doesn`t work with error table not found for dimension different from personal_history dimension.
I modified just added vpd_admin to role and checked qualified table in second connection pool (the one with vpd_admin as user) .The query from each table without joining with each other works but in combination the error is table not found!
Any idea?
Thanks!

Obiee Security Query

Similar Messages

Maybe you are looking for