Reg:rpd security

hi,
i have merged two repositories where one is using LDAP server for authentication,initialization block for autorization and portalpath and the second one using rpd security only.now after i merged i will be implementing LDAP authentication and authorization for the new merged rpd.
now, my doubt is that the second rpd using the rpd security has declared some filters for some groups in the permissions in security.so,if i implement ldap server authentication and authorization where the group of an user,portalpath are authorized,the filter in permissions on the group would work normally or should i use authorization init block to get the filters?
thanks

i have used below link for setting authorization
http://obieeblog.wordpress.com/
thanks

Similar Messages

  • Reg:rpd security vs ldap

    hi,
    i have merged two repositories where one is using LDAP server for authentication,initialization block for autorization and portalpath and the second one using rpd security only.now after i merged i will be implementing LDAP authentication and authorization for the new merged rpd.
    now, my doubt is that the second rpd using the rpd security has declared some filters for some groups in the permissions in security.so,if i implement ldap server authentication and authorization where the group of an user,portalpath are authorized,the filter in permissions on the group would work normally or should i use authorization init block to get the filters?
    i have used below link for authorization
    http://obieeblog.wordpress.com/
    thanks

    If the group names are same in both case then filter applied on grps will work normally. Just implement this and perform some unit testing inorder to validate the security after merge. Hope this is clear

  • RPD Security and Migrations

    We have a Subject Area where up to 25 columns in the Presentation Layer have security applied. They are denied to the System-level Everyone group and access is provided to Group1.
    The way our migrations to the environments work is the Developer provides the RPD and we do a 3-way merge. The issue is the security does not get merged correctly. So if Group1 exists in the Master RPD when we do a 3-way merge groing from the Developer's RPD to the Master it creates another security group called Group#1.
    I thought I could use UDML generation to apply the security but UDML does not generate the system-level EVERYONE group so when applying the UDML (nqudmlexec) to the Master the columns have the EVERYONE group defaulted back to Read access.
    I am working with Oracle on their best practice for migrating RPD security but I'd like to see how those on the forum handle the migration of RPD level security. So any permissions applied to Presentation Layer catalogs, tables, columns, Phycial connection pools, etc.
    How do you maintain that security going from a DEV to a Test to a Prod environment?
    Love to hear how others are doing this

    Yeah..... In 11g you have separater password for RPD which is not releated to any user. Unless you share the RPD password with user they can not open it in the offline mode. But still this problem persists if a ProjectA user log in and still he could see the project B details.
    You are looking at object level security on the Tables. I guess you can implement for the presentation layer.

  • Reg: file security in PI

    Hi guys,
    I want to deliver files from PI securely.  which one is the right one and please justify the option.......
    secure file transfer protocol
    or
    file transfer protocol w/ssl.
    Thanks,
    MS

    Hi
    Use SSL security.look How to use Client Authentication with SOAP Adapter
    http://help.sap.com/saphelp_nw04/helpdata/en/86/0222417c22f323e10000000a155106/content.htm

  • Reg: Endeca Security

    Hi All,
             How to enable the security based on org_id in Endeca . Consider the example Vision User can see only vision operations data like that...
    Please , Explain with some sample and steps to implement it... Thanks for advance.

    We havent done something like this but what I have heard is that you would have to build some graph in integrator that would have security in place, then when you create new endeca server connection to data domain you would pass security related parameters, so basically at this connection level your security is applied to filter data as needed.

  • OBIEE Data Level Security - Prompt While logging into the OBI Portal

    All,
    Below is what we are trying to see if it’s possible
    We have a BM say 'Sales and Profits' . This is a simple model built around 1 fact and 5 dimensions. The underlying tables contain data from 5 different geographic segments US-NE, US-SW,US-NW,US-Midwest, US-All Segments.
    The dimension table 'Segments' has all the above said values which are used to build reports related to each segment and all segments etc..
    We have Groups/Users assigned in the repository (Using OBI Rpd security) based on the above segments.
    If we want a user from 'US-NE' group to see only data related to his segment , we can add a filter condition to the group privilege tab ( Using SQL expression segment = 'US-NE') . This is straight forward.
    Now the problem part , if we have a user who should be able to access data from two segments ,how do we handle it ? . We don't want to go and create multiple groups and assign users to them from the RPD groups.
    Other ideas we considered were
    Duplicate the BM and add a filter through the LTS ( based on segment value) . Assign group permissions to the corresponding presentation models. This idea though has a lot of disadvantages. Firstly , it would mean creating several duplicate BM and every time we update the master BM we will have to update all duplicate models
    Another idea was to specify the filter based on presentation model, while assigning the group privileges ( Using the expression from Group permissions). This approach is at least cleaner in the sense we will have to deal with only 1 BM and 1 Presentation model., but we will run into the same problem of having to create multiple groups or assign users to multiple groups ( Users who will have access to multiple segments)
    An ideal solution -
    When a user tries to log in or immediately after he logs , Is there a way we can throw a pop-up that will force the user to select segment(s)? This should enforce the data restriction. I did not find a way to do this especially while using RPD based security model. Any ideas how we can do this ?
    Since the 'Segment' dimension table is applicable to all BM in our systems (All fact tables in our warehouse have a link to the Segment table). We would ideally want this implemented across all dashboards and reports within in the OBI portal
    SK

    Now the problem part , if we have a user who should be able to access data from two segments ,how do we handle it ?
    You handle it on the same way as 'US-NE'. You will create another group called say US-SW then add the filter to it and make sure the user belongs to both groups. OBIEE will translate this into IN('US-NE', 'US-SW').We don't want to go and create multiple groups and assign users to them from the RPD groups.
    You will need to create the groups but you can avoid having to asign them to the group in the RPD by using an init block to populate the GROUPS variable when the user logins.The other options are hacks...

  • Data level security in ldap

    Hi Experts,
    I am new to obiee
    can you any one explain how to give data level security if we use LDAP authentication
    it would be great help for me.
    thanks in advance.
    reg,
    jell

    Hi,
    Security LDAP.
    For Authentication purpose we can use LDAP.
    For Data level security purpose you can use external table.
    Ex: user's comming from LDAP for Authentication purpose
    Please refer the below link.
    http://satyaobieesolutions.blogspot.com/2012/06/dataobjectcolumn-level-security-in.html
    http://satyaobieesolutions.blogspot.com/2012/06/external-table-authentication-and-row.html --- External Table.
    Hope this help's
    Thanks
    Satya

  • BI Publisher - SSO and IIS

    Does anyone happen to know if SSO with the web server as IIS be an issue when trying to use BI Publisher? We are getting an error when trying to log into Publisher with SSO enabled (works fine with RPD Security). I have looked at the documentation and it has a section for updating an Apache file but I can find nothing with using it with IIS.

    Ummm, I am not sure how you are using BIP under IIS since according to the [System Requirements and Supported Platforms|http://download.oracle.com/docs/cd/E10415_01/doc/bi.1013/e10417.pdf] PDF BIP is suported under IIS via the Oracle Application Server Proxy Plug-in:
    Microsoft IIS is supported as an HTTP server for Oracle Business Intelligence Publisher and Oracle Business Intelligence Office Server via the Oracle Application Server Proxy Plug-in. Oracle Business Intelligence Publisher and Oracle Business Intelligence Office Server require a J2EE Application server*
    So you must have OAS installed in your system.

  • Content Filter Problem

    Hello experts,
    I used to do user authorization using Content Filter for each Fact Table and it worked. But Recently after upgrading to 10.1.3.4 Some dashboards adhere to that filter others don't (so one dashboard users see filtered content on other dashboards they see everything) Can you please suggest where lies the problem so I can fix this so that the filter is shown on every dashboard?
    Thank You
    Regards
    After further investigation is appeared that the content filter isn't working on the fact table but it works on the dimensions. Please note that the content filter is more than 200 lines on the fact table, when I reduce it to 10 lines it works but when it goes more than 10 lines it stops from working, Any Suggestions to make this work?
    Thank You
    Edited by: ZaidN on Apr 26, 2009 2:26 AM
    Edited by: ZaidN on Apr 27, 2009 7:29 AM

    ZaidN - you need to reduce the filter size....there's a query limit (not sure how many characters, but 200 lines is probably pushing it) on queries sent to BI server...my advice would be letting RPD Security Model deal with security...

  • OBIEE  SSO  with authorization

    Hi Gurus,
    1)I have instance configured the SSO with windows Active Directory and OBIEE.
    2)I also have another instance ( without SSO configured) with external table authentication( user name and password verification) and authorization( groups , which populate the session variables for data filtering) .
    Now my question is , i want a combination of Scenario 1 and Scenario 2. I want to have OBIEE SSO with Active directory
    and external table groups.
    The reason being , my groups are custom groups in external table, i do not want to maintain users in repository.
    can you please give me pointers if the scenario is possible . Thanks in Advance
    Thanks and Regards
    Satya

    Now my question is , i want a combination of Scenario 1 and Scenario 2. I want to have OBIEE SSO with Active directory and external table groups.I don't what your issue is? Just do SSO with AD and then load the groups in the GROUP init block via SQL. What is your actual issue?
    In order to filter the data in reports you need to have the same group structure in Web Cat i guess ( correct me if i am wrong).Yes, although you don't need to use the same group names. Inm fact I prefer to have completely separate groups names, some for RPD security some for Web Catalog security. As long as the the groups exist in the proper location (RPD or Web Catalog) and they get assigned in the GROUP init block then OBIEE will be happy, they don't need to exist in both places.
    2) Will not SSO populate the Remote_User variable rather than the USER variable by default.No, you have to tell OBIEE where to put the REMOTE_USER value. You can simply do SELECT ':USER' FROM DUAL or if you have your users defined in a table you can also authenticate that the user exists in this table SELECT ':USER' FROM USER_TABLE WHERE USER_ID = ':USER' which adds another layer of authentication to your SSO solution.

  • Authentication errors ..

    Dear colleagues,
    I am trying to put things 100% working here with OBIEE, OBIP (Solaris)... almost getting everything working!
    I have some issues here that probably you can help me...
    1) I am using BI SERVER authentication, with RPD security configuration. In Dash I can see the link to change pass and I can indeed change them perfectly. When I try to change administrator user it changes and works in Dash but not in Publisher? What am I missing here?
    oracle.apps.xdo.security.ValidateException
    2) Can the users change also the user password from RPD's, from Publisher? Inside account i can actually see+change that (it refers success!!!) but nothing happens. Please can u advice here?
    3) Sometimes when getting inside OBIPublisher we go directly into a guest folder.... and the Sign in is visible. If I try again (2nd time) it works perfectly. :S Strange behavior here.
    4) iBots still don't work. I get the authentication error that is referred somewhere inside this forum, but not solved !!!!!!!
    I would appreciate your help.
    Thank you.

    1) OK solved.
    2) Not yet
    3) Not Yet
    4) OK solved.

  • Max time is not triggered

    Hi All,
    Im using initialization block for assigning the group dynamically for users login through external table. Same groups are created in rpd security and max time has been limited to 1 minute. But when i execute query from obiee answer, query is running beyond 1 minute. How to overcome this ? Please help
    Thanks
    Suresh

    HI Rona,
    Could you please try the below workaround mentioned in the below link,
    http://www.cisco.com/en/US/products/sw/custcosw/ps1846/products_tech_note09186a0080b03125.shtml
    Hope this helps.
    Anand
    Please rate helpful posts by clicking on the stars below the right answers !!

  • Row level security in OBIEE 11g: Which is better: VPD or RPD

    We can apply row level security in OBIEE by 2 ways.
    1. by Creating Initialize Block in RPD
    2. or Applying VPD in Database, which restricts source tables
    Which one is more efficient and why?
    Thanks,
    Sunil Jena

    you will have some degree of performance degradation with either approach since you are adding additional filters so I would not use that as the main factor to decide. You need to assess your actual requirements. What is the basis by which you are planning on doing the security. Is LDAP the main basis for the security? Do you plan to use certain roles? if your security is more based on roles at the application level, then it may be easier to define at the Application level (OBIEE)...if its just based on a certain user ID for a set of tables, then perhaps VPD can work. If helpful, pls mark.

  • Data Level Security In OBIEE 11g based on the filters setup in RPD

    Hello All,
    We are trying to implement the data level security on a BI publisher report that is using BI server as the data source. The filters are created in the RPD based on user login ( session variable USER). From the documentation of BI publisher, I see that you have to enable the option Use Proxy Authentication to pass the user information down to BI publisher from OBIEE when using BI server as the data source to implement row-level security. After checking that option, the BI pub report does not render anymore. This is all in 11g. Can anyone help me with where I am going wrong?
    Regards,
    -Amith.

    A.Y wrote:
    Hello All,
    We are trying to implement the data level security on a BI publisher report that is using BI server as the data source. The filters are created in the RPD based on user login ( session variable USER). From the documentation of BI publisher, I see that you have to enable the option Use Proxy Authentication to pass the user information down to BI publisher from OBIEE when using BI server as the data source to implement row-level security. After checking that option, the BI pub report does not render anymore. This is all in 11g. Can anyone help me with where I am going wrong?
    Regards,
    -Amith.Not sure, if anyone has yet ran into this issue, but the workaround we have implemented is to build a report in OBIEE and use the analysis query as the source for BI Publisher.

  • Issue with implementing Object Security in RPD (OBIEE 11g)

    Hello All,
    I am following these steps to implement Object Security, but it doesn't work. Please let me know what am I doing wrong here:
    1. I want to block a few presentation tables for the user 'weblogic'.
    2. I open the RPD in online mode and in the Identity Manager, for the application role 'BIAdministrator', I setup permissions 'no access' to these presentation tables. It asks me to 'Check Out' which I do.
    3. I check in the changes, save the RPD and deploy in back in EM.
    4. I login into OBIEE Answers using 'weblogic' user but alas these presentation tables are still available for me to use.
    I have tried looking for a solution on the internet before posting the solution here. Please don't ask me to read through the security setup guide because I have done that. Any specific answers are most welcome.
    Thanks in advance.

    Try this:
    Double click on the presentation table.
    Go to permissions and then revoke the access to BI Administrators.

Maybe you are looking for

  • Can both my husband and i back up our separate iPhones on his one laptop?

    I have to back up my iPhone and cannot find my laptop. I have to do it now. so I was told I could back up to my husbands laptop by the Apple support person. How do I do that? If I back up to iTunes, will my pictures be there?

  • How many UI components are available in UWL?

    Hi Gurus, As far i Know there are two UI components available to launch the work items in UWL . which is SAP GUI for HTML(Default)               Webdynopro                Weppages(Not sure ,Please confirm this as well). And give me the list of other

  • How to make all web pages not use mobile page

    I don't want to see the mobile web page. I want the desktop view. It seems to be grayed out.

  • Macbook Air i5 vs i7 fr music recording/production

    Hey all.  I have a 2008 Macbook unibody with a 2.0 GHZ processor.  I want something more current so i'm looking at a MBA.  I mainly want it for music recording/production through Logic and Reason as well as daily internet, photo's and converting the

  • Help! iPod won't turn off! Stuck in 'Do not disconnect' mode.

    I plugged in my iPod to update it and charge it. My computer told me there were connection issues. I tried rebooting my computer and the iPod never shut off. At that point I disconnected it from the computer and my iPod by itself will not shut off. I