Security question in obiee 11g

Similar Messages

• Data level Security issue in obiee 11g

  Hi,
  We are trying to implement data level security, let me explain the issue
  The requirement is, we have 7 schools and each school has one principle , there will be a Superdintent who has 3 schools under him. so now when each principle logs in to dashboard we have a prompt for school i.e Name of school in that prompt he should see only his school and even the data of that school only which are assigned to him, now when Superdintent logs in he should see all 3 schools in the prompt and data. I have gone through this link (http://www.rittmanmead.com/2012/03/obiee-11g-security-week-row-level-security/) but could not achieve.
  We are able to achieve by writing SQL in BMM layer ( LTS Table) so where ever the table is used in dashboards the security is being applied and we are able to see what we want. We want to achieve this by application role, But when we are creating session variables and applying on Application Role its not working. We want to achieve this by using Application role because suppose in other dashboards when the table is not used or pulled in, it will not work.But if we do it using application role its applies to all dashboards and data is resticted. so that when principle or Superdintent logs in automatically its restricts the data.
  Below is the SQL which we used in BMM LTS, its working fine. But when the same SQL is applied in Application Role it's not working.
  SQL used in session variable -
  select  'SCHOOL_CD1', school_cd1 from w_staff_d where empl_id ='VALUEOF(NQ_SESSION.USER)'
  and job_desc1 = 'Principal High School - KPI'
  Any suggestions please ??
  Thanks,
  VRP

  Hi,
  I pasted the log view below by applying SET VARIABLE LOGLEVEL=2, DISABLE_CACHE_HIT=1;, ran this report by applying SQL in Session variable. Let me know if you want anything -
  Thanks
  [OracleBIServerComponent] [TRACE:2] [USER-0] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] ############################################## [[
  -------------------- SQL Request:
  SET VARIABLE QUERY_SRC_CD='Report',SAW_SRC_PATH='/shared/Key Performance Analytics/Analysis/Climate and Culture/Analysis for total school suspensions',LOGLEVEL=2, DISABLE_CACHE_HIT=1; SELECT s_0, s_1, s_2, s_3, s_4, s_5, s_6, s_7, s_8, s_9, s_10, s_11 FROM (
  SELECT
  0 s_0,
  "High School KPI"."- Date"."School Year" s_1,
  "High School KPI"."- Grade"."Grade Level" s_2,
  "High School KPI"."- School"."School Name" s_3,
  "High School KPI"."- School Suspensions"."% of Students Suspended" s_4,
  "High School KPI"."- School Suspensions"."Count of Students Enrolled" s_5,
  "High School KPI"."- School Suspensions"."Count of Students with Incidents" s_6,
  CASE WHEN (CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END +(CASE WHEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END)=0 THEN CASE WHEN CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END <0 THEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END *-1) ELSE CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END END ELSE (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END) END /10))<0 THEN 1 ELSE 2 END s_7,
  CASE WHEN (CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END)=0 THEN CASE WHEN CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END <0 THEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END *-1) ELSE CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END END ELSE (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END) END s_8,
  CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END s_9,
  CASE WHEN MIN("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY ) END s_10,
  REPORT_AGGREGATE("High School KPI"."- School Suspensions"."% of Students Suspended" BY "High School KPI"."- Date"."School Year") s_11
  FROM "High School KPI"
  WHERE
  (("- Discipline Action"."Discipline Action Code" = 'Suspension') AND ("- Date"."School Year Desc" = VALUEOF("school_year_desc")))
  ) djm ORDER BY 1, 2 ASC NULLS LAST
  [2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-23] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- General Query Info: [[
  Repository: Star, Subject Area: High School KPI, Presentation: High School KPI
  [2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-18] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- Sending query to database named SPA (id: <<62064>>), connection pool named Initialization Block Connection Pool: [[
  WITH
  SAWITH0 AS (select T30351.SCHOOL_YEAR_DESC as c2,
  T26564.GRADE_LONG_DESC as c4,
  T26686.SCHOOL_NM as c5,
  T29835.STDNT_WID as c6,
  ROW_NUMBER() OVER (PARTITION BY T30351.SCHOOL_YEAR_DESC, T29835.STDNT_WID ORDER BY T30351.SCHOOL_YEAR_DESC DESC, T29835.STDNT_WID DESC) as c7
  from
  W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
  W_SCHOOL_YEAR_D T30351 /* KPI_W_SCHOOL_YEAR_D */ ,
  W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
  W_STDNT_ENROLL_SCHOOL_F T29835 /* KPI_W_STDNT_ENROLL_SCHOOL_F */
  where ( T26564.GRADE_LEVEL_WID = T29835.GRADE_LEVEL_WID and T26686.ORGANIZATION_WID = T29835.ORGANIZATION_WID and T29835.SCHOOL_YEAR_WID = T30351.SCHOOL_YEAR_WID and T30351.SCHOOL_YEAR_DESC = '2011-2012' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
  SAWITH1 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
  D1.c2 as c2,
  count(distinct D1.c6) as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH0 D1
  group by D1.c2, D1.c4, D1.c5),
  SAWITH2 AS (select sum(D1.c1) over (partition by D1.c2) as c1,
  D1.c2 as c2,
  D1.c3 as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH1 D1),
  SAWITH3 AS (select T30647.SCHOOL_YEAR as c3,
  T26564.GRADE_LONG_DESC as c4,
  T26686.SCHOOL_NM as c5,
  T26023.STDNT_WID as c6,
  ROW_NUMBER() OVER (PARTITION BY T30647.SCHOOL_YEAR, T26023.STDNT_WID ORDER BY T30647.SCHOOL_YEAR DESC, T26023.STDNT_WID DESC) as c7
  from
  W_DISCIPLINE_ACTION_D T29975 /* KPI_W_DISCIPLINE_ACTION_D */ ,
  W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
  W_KPI_QTR_DAY_D T30647,
  W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
  W_STDNT_DISCIPLINE_F T26023 /* KPI_W_STDNT_DISCIPLINE_F */
  where ( T26023.DISCIPLINE_ACTION_WID = T29975.DISCIPLINE_ACTION_WID and T26023.ORGANIZATION_WID = T26686.ORGANIZATION_WID and T26023.DATE_WID = T30647.DATE_WID and T26023.GRADE_LEVEL_WID = T26564.GRADE_LEVEL_WID and T29975.DISCIPLINE_ACTION_CD = 'Suspension' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
  SAWITH4 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
  count(distinct D1.c6) as c2,
  D1.c3 as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH3 D1
  group by D1.c3, D1.c4, D1.c5),
  SAWITH5 AS (select sum(D1.c1) over (partition by D1.c3) as c1,
  D1.c2 as c2,
  D1.c3 as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH4 D1)
  select distinct case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end as c1,
  case when D1.c4 is not null then D1.c4 when D2.c4 is not null then D2.c4 end as c2,
  case when D1.c5 is not null then D1.c5 when D2.c5 is not null then D2.c5 end as c3,
  case when D1.c3 = 0 then NULL else D2.c2 * 100.0 / nullif( D1.c3, 0) end as c4,
  D1.c3 as c5,
  D2.c2 as c6
  from
  SAWITH2 D1,
  SAWITH5 D2
  where ( nvl(D1.c2 , '1') = nvl(D2.c3 , '1') and nvl(D1.c2 , '2') = nvl(D2.c3 , '2') and nvl(D1.c4 , '1') = nvl(D2.c4 , '1') and nvl(D1.c4 , '2') = nvl(D2.c4 , '2') and nvl(D1.c5 , '1') = nvl(D2.c5 , '1') and nvl(D1.c5 , '2') = nvl(D2.c5 , '2') )
  order by c1, c2, c3
  [2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-18] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- Sending query to database named SPA (id: <<62434>>), connection pool named Initialization Block Connection Pool: [[
  WITH
  SAWITH0 AS (select T30351.SCHOOL_YEAR_DESC as c2,
  T26564.GRADE_LONG_DESC as c4,
  T26686.SCHOOL_NM as c5,
  T29835.STDNT_WID as c6,
  ROW_NUMBER() OVER (PARTITION BY T30351.SCHOOL_YEAR_DESC, T29835.STDNT_WID ORDER BY T30351.SCHOOL_YEAR_DESC DESC, T29835.STDNT_WID DESC) as c7
  from
  W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
  W_SCHOOL_YEAR_D T30351 /* KPI_W_SCHOOL_YEAR_D */ ,
  W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
  W_STDNT_ENROLL_SCHOOL_F T29835 /* KPI_W_STDNT_ENROLL_SCHOOL_F */
  where ( T26564.GRADE_LEVEL_WID = T29835.GRADE_LEVEL_WID and T26686.ORGANIZATION_WID = T29835.ORGANIZATION_WID and T29835.SCHOOL_YEAR_WID = T30351.SCHOOL_YEAR_WID and T30351.SCHOOL_YEAR_DESC = '2011-2012' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
  SAWITH1 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
  D1.c2 as c2,
  count(distinct D1.c6) as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH0 D1
  group by D1.c2, D1.c4, D1.c5),
  SAWITH2 AS (select sum(D1.c1) over (partition by D1.c2) as c1,
  D1.c2 as c2,
  D1.c3 as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH1 D1),
  SAWITH3 AS (select T30647.SCHOOL_YEAR as c3,
  T26564.GRADE_LONG_DESC as c4,
  T26686.SCHOOL_NM as c5,
  T26023.STDNT_WID as c6,
  ROW_NUMBER() OVER (PARTITION BY T30647.SCHOOL_YEAR, T26023.STDNT_WID ORDER BY T30647.SCHOOL_YEAR DESC, T26023.STDNT_WID DESC) as c7
  from
  W_DISCIPLINE_ACTION_D T29975 /* KPI_W_DISCIPLINE_ACTION_D */ ,
  W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
  W_KPI_QTR_DAY_D T30647,
  W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
  W_STDNT_DISCIPLINE_F T26023 /* KPI_W_STDNT_DISCIPLINE_F */
  where ( T26023.DISCIPLINE_ACTION_WID = T29975.DISCIPLINE_ACTION_WID and T26023.ORGANIZATION_WID = T26686.ORGANIZATION_WID and T26023.DATE_WID = T30647.DATE_WID and T26023.GRADE_LEVEL_WID = T26564.GRADE_LEVEL_WID and T29975.DISCIPLINE_ACTION_CD = 'Suspension' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
  SAWITH4 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
  count(distinct D1.c6) as c2,
  D1.c3 as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH3 D1
  group by D1.c3, D1.c4, D1.c5),
  SAWITH5 AS (select sum(D1.c1) over (partition by D1.c3) as c1,
  D1.c2 as c2,
  D1.c3 as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH4 D1),
  SAWITH6 AS (select case when max(D1.c1) = 0 then NULL else max(D2.c1) * 100.0 / nullif( max(D1.c1), 0) end as c11,
  case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end as c12
  from
  SAWITH2 D1,
  SAWITH5 D2
  where ( nvl(D1.c2 , '1') = nvl(D2.c3 , '1') and nvl(D1.c2 , '2') = nvl(D2.c3 , '2') and nvl(D1.c4 , '1') = nvl(D2.c4 , '1') and nvl(D1.c4 , '2') = nvl(D2.c4 , '2') and nvl(D1.c5 , '1') = nvl(D2.c5 , '1') and nvl(D1.c5 , '2') = nvl(D2.c5 , '2') )
  group by case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end )
  select D2.c11 as c1,
  D2.c12 as c2
  from
  SAWITH6 D2
  order by c2
  Edited by: 965968 on Oct 17, 2012 11:49 AM

• Issue with implementing Object Security in RPD (OBIEE 11g)

  Hello All,
  I am following these steps to implement Object Security, but it doesn't work. Please let me know what am I doing wrong here:
  1. I want to block a few presentation tables for the user 'weblogic'.
  2. I open the RPD in online mode and in the Identity Manager, for the application role 'BIAdministrator', I setup permissions 'no access' to these presentation tables. It asks me to 'Check Out' which I do.
  3. I check in the changes, save the RPD and deploy in back in EM.
  4. I login into OBIEE Answers using 'weblogic' user but alas these presentation tables are still available for me to use.
  I have tried looking for a solution on the internet before posting the solution here. Please don't ask me to read through the security setup guide because I have done that. Any specific answers are most welcome.
  Thanks in advance.

  Try this:
  Double click on the presentation table.
  Go to permissions and then revoke the access to BI Administrators.

• OBIEE 11g pivot dumb question - changing order of measure columns

  Hi, dumb question, in OBIEE 11g, if using a table view it is easy for end users to drag and drop the measure columns in any order desired. Is there a way for end users to change the order of measures when using a pivot view?
  Thanks,
  Scott

  Hi Dpka, no, moving to rows doesn't really solve the issue. Dimensions don't allow you to change the order of the members, except by alphabetic sort.
  Lets say the default pivot has three measure columns in this order:
  1. Sales
  2. Revenue
  3. Cost of Goods Sold.
  If a user wants to change the order of the columns to be:
  1. Sales
  2. Cost of Goods Sold
  3. Revenue
  on a table they just drag the columns the way they want them. On a pivot, it appears that there is no way to change this.
  Thx,
  Scott

• OBIEE 11g - Analysis & Administration Tool questions

  Dear Experts,
  I have two question in OBIEE 11g version 11.1.1.5.0:
  1. How can we display timezone in the analysis result, we have formatted the mask "MM_DD_YYYY hh:mm:ss tt z" but the "z" does not apply, it display character "z" in our result.
  2. Can we create Hierarchy Dimension from one more tables ? Example that we have TimeDimension and LocationDimension, we want to create only on Hierarchy Dimension included two both Time and Location dimension.
  Thanks & Regards,
  Hac@

  Dear Devarasu,
  Thanks for your reply !
  We tried the ... on analysis column fomular but occurred error in the result :
  +"State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. [nQSError: 43113] Message returned from OBIS. [nQSError: 43119] Query Failed: [nQSError: 16001] ODBC error state: 37000 code: 8180 message: [Microsoft][ODBC SQL Server Driver][SQL Server]Statement(s) could not be prepared.. [nQSError: 16001] ODBC error state: 37000 code: 195 message: [Microsoft][ODBC SQL Server Driver][SQL Server]'TO_CHAR' is not a recognized built-in function name.. [nQSError: 16002] Cannot obtain number of columns for the query result. (HY000)"+
  Do we make any mistake ?
  Rgrds,
  Hac@

• Not able to import the data in OBIEE 11g

  Hi Gurus,
  I had just build a new development instance from scratch.
  Q1) I am getting database connnection error on the Dashboard and when i tried to update row count from physical layer it also throws me an error, as i test i tried to import but i also got an error " The connection has failed", i am able to connect thru SQL Developer. Where does OBIEE 11g look for the tnsnames.ora file.
  Q2.) Where and what setting do i need to so that i can add the users in the application roles by searching them in the EM, means the LDAP users. I had gone thru most of the stuff in the web but could not get thru.
  Regards,
  Amit

  Ans 1. This is one of the most commonly asked questions on the Forum. I hope you'd search through available posts on the Forum before creating a new discussion. In any case, this might help: http://123obi.com/2011/03/error-the-connection-has-failed-in-obiee-11g/
  Ans 2. Have you set up the integration with the LDAP provider or are you looking for help with that too? These should help:
  http://docs.oracle.com/cd/E21764_01/bi.1111/e10543/privileges.htm
  http://www.rittmanmead.com/2012/03/obiee-11g-security-week-understanding-obiee-11g-security-application-roles-and-applic…
  http://www.rittmanmead.com/2012/03/obiee-11g-security-week-managing-application-roles-and-policies-and-managing-security…

• Security service error in OBIEE 11G LDAP configuration

  Hello
  I've recently set up some OBIEE 11G installations and they appear to work ok.
  I've more recently been using various guides on the internet to configure OBIEE 11G and Active Directory and can see the users and groups within Weblogic that belong the to the Provider that i've configured.
  However, when I attempt to start up OPMN, it always gives me the error like the following: 
  <Jun 24, 2013 1:45:38 PM NZST> <Warning> <oracle.jps.idmgmt> <BEA-000000> <Requested Object Class (user)not found in cache.
  oracle.security.idm.OperationFailureException: Requested Object Class (user)not found in cache.
  <Jun 24, 2013 1:52:20 PM NZST> <Error> <oracle.bi.security.service> <OBI-SEC-00004> <Unable to initialize oracle.bi.security.service.SecurityWebService>
  I initially had the User Object Class as User in the Provider configuration and noticed it wasn't in the LDAP directory so I tried changing it to a Object Class that did exist for one of the users but it made no difference.  It still says the same error message even though I have no reference to User in the configuration.
  Can anyone suggest something I might be doing wrong or missing?

  I have followed the same configuration. However i am getting the following error when i try to login
  Caused by: oracle.bi.security.service.SecurityServiceException: SecurityService::authenticateUserWithLanguage - '<LDAP user>' was authenticated but could not located within the Identity Store.
  I guess some configuration issue, but cannot be able to spot the error. Please let me know your idea
  Thanks

• Data and Dashboard Security using ROLES Variable in OBIEE 11g

  Hi all,
  I'm currently using OBIEE 11g. I'm wondering how to implement the security for data and dashboard in the 11g.
  Below is the sample of how the security matrix requirement when I use the 10g version. In 10g, we usually use GROUP (for the data filter in RPD) and WEBGROUPS (for dashboard objects) variables in my initialization block to read from database. As we have 2 different variables, it is possible to control security separately for data and dashboard.
  GROUP | Country
  G1 | US
  G2 | FR
  G3 | UK
  WEBGROUPS | Dashboard
  WG1 | D1
  WG2 | D1
  WG3 | D1
  WG1 | D2
  WG2 | D2
  WG1 | D3
  WG3 | D3
  WG3 | D4
  Now, in 11g, the recommendation is to use ROLES variable (for application role). So, how would I apply the required security matrix above in 11g using just ROLES variable? Do I still create G1, G2, G3, WG1, WG2, and WG3 as application roles then only use G1-3 in the RPD to filter the data and only use WG1-3 in the analytics to serve as webgroups?
  Any advice on this? Thank you very much.

  "...Could you elaborate more?"
  I mean that role creation and user->role assignment will be managed outside of to the obiee interface - whether that's via the database, LDAP, fmw etc.
  Webgroup creation and assignment is managed within the obiee interface and I think that has a lot of benefits - generally you have people responsible for shared folders and dashboard creation, so having them responsible for webgroups and presentation permissions is preferable for me.
  "are you saying that I use the role G1-3 only in the RPD, while using the role WG1-3"
  Yes .. I'm assuming you have something like
  G1 | US
  G2 | FR
  G3 | UK
  WG1 | Finance
  WG2 | Marketing
  WG3 | Sales
  Which becomes
  R1 | US
  R2 | FR
  R3 | UK
  R4 | Finance
  R5 | Marketing
  R6 | Sales
  And John belongs to R1 and R4, Fred belongs to R2 and R4 etc. So you would set your data filters against R1-R3 and use R4-R6 like webgroups in the presentation services.
  Regards,
  Robert

• Data level security in OBIEE 11g

  Hi all,
  I am using OBIEE 11g. I have a table called "USER_ACCESS_T" which has four columns user_name,Access_level_name,Access_level_type,status_flag.
  User_Name Access_Level Access_Type Status_Flag
  XX Project ABC Project Group Yes
  YY Project DEF Project sub Group Yes
  ZZ Project GH Project Yes
  My requirement is
  When user XX logs in BI answers, he has to access only Project group ie.., Project ABC.
  When user yy logs in BI answers, he has to access only Project sub group ie.., Project DEF.
  Kindly Guide me.
  Thanks and regards
  Haree
  Edited by: Haree on Dec 23, 2011 11:44 AM

  Hi Haree,
  Please follow the follow steps to restrict users on the project dimension.
  1) Create an init block to populate the list of project a user belongs to. You have to do this row - wise initialized as a user can belong to multiple projects.
  Select 'PROJECT_NUMBER', project_number from w_project_d where UPPER(user_name)=UPPER(':USER');
  2) Now as you have all the project numbers for a particular user in a variable, you can use that to filter on the dimension table.
  3) In the rpd, go to the group/role - Permissions - Select the dimension table project - and put the following filter.
  "Core"."Dim - Project.Project Number" = VALUEOF(NQ_SESSION.PROJECT_NUMBER)
  That's it. Your security is now in place for projects.
  i think this will give you an solution.

• How to provide Responsiblity level security in OBIEE 11g

  Hi all,
  Can any one tell me how to provide the responsibility level security in OBIEE 11G.

  Hi,
  You need to create group of users and then apply filters over that groups.
  you should establish an additional filter for group1 (user1 belongs to group1 in your example). Follow next steps:
  - Manage -> Security...
  - Groups -> click right group1 and select propierties.
  - Select button 'Permissions...'
  - Select tab 'Filters' -> add new filter.
  - On the column name select the metric you need filter, in your example, customer sales. On the column 'Business model filter' put table.division=division1
  you should add the Customer table to your Sales-fact LTS add apply the filter to this combined LTS as well
  For more:
  http://oraclebizint.wordpress.com/2008/06/30/oracle-bi-ee-1013332-row-level-security-and-row-wise-intialized-session-variables/
  also try http://www.biblogs.com/1969/12/31/obiee-11gr1-security-explained-an-11g-security-overview/
  http://forums.oracle.com/forums/thread.jspa?threadID=1120336
  Thanks
  Deva
  Edited by: Devarasu on Oct 11, 2011 6:08 PM

• Basic questions about Mapviewer for OBIEE 11G

  Hello All..
  I am pretty rookie in OBIEE and I have never worked with Mapviewer before.. I am going some POC right now in my environment and I want to experiment map reports in OBIEE.. My current OBIEE version is 11.1.1.6.5, Oracle DB version is 11.2.0.3.0 64 bit and OS is Linux 86-64 and I see that there are many versions of mapviwers to download from oracle website.
  I have read a few articles on Mapviewer integration with OBIEE, but I still have a few questions about using mapviewers at the very basic level:
  1. What versions do I download from Oracle website? I see there are many versions of mapviewers. Do I decide the version based on my OBIEE version or DB version?
  2. What files do I download from Oracle website? I see there is mapviewer zip files and mapbuilder zip files. Which one do I download and how does installation works?
  3. My OBIEE 11G and DB are running on linux environment, but in the Mapviewer download page, I don't see Oracle differentiating the OS environments. Does that mean Mapviewer is only either Unix/Linux or Windows? How do I determine in which environment I should install the files I downloaded?
  I know these are very basic questions, perhaps too basic to blog about, that's why I can't find them online..
  Please advise here..
  Thanks

  Hello All..
  I am pretty rookie in OBIEE and I have never worked with Mapviewer before.. I am going some POC right now in my environment and I want to experiment map reports in OBIEE.. My current OBIEE version is 11.1.1.6.5, Oracle DB version is 11.2.0.3.0 64 bit and OS is Linux 86-64 and I see that there are many versions of mapviwers to download from oracle website.
  I have read a few articles on Mapviewer integration with OBIEE, but I still have a few questions about using mapviewers at the very basic level:
  1. What versions do I download from Oracle website? I see there are many versions of mapviewers. Do I decide the version based on my OBIEE version or DB version?
  2. What files do I download from Oracle website? I see there is mapviewer zip files and mapbuilder zip files. Which one do I download and how does installation works?
  3. My OBIEE 11G and DB are running on linux environment, but in the Mapviewer download page, I don't see Oracle differentiating the OS environments. Does that mean Mapviewer is only either Unix/Linux or Windows? How do I determine in which environment I should install the files I downloaded?
  I know these are very basic questions, perhaps too basic to blog about, that's why I can't find them online..
  Please advise here..
  Thanks

• OBIEE 11g Map question

  Hi all,
  We are using OBIEE 11g Mapviewer to display some results. We have point as well as polygon location geometries which combined with other dimensions display scores on the map.
  It seems there is a restriction on the display graphics that can be used based on a geometry type. It is something like the following table:
  Geometry Type - Graphic Format
  Polygon - Color Fill, Bubble, Pie Graph, and Bar Graph
  Point - Bubble, Variable Shape, Image, and Custom Point
  We display a pie graph of scores on a given polygon and would like to keep it standard irrespective of the underlying geometry.
  I was wondering if its possible to force use a Pie Graph on Point geometry?
  Please let us know if there is a way to solve this. Really appreciate your time.
  Thanks!

  Hi
  Your best bet is to follow the Security Guide:
  http://docs.oracle.com/cd/E20490_01/bia.7963/e19042.pdf
  Really you just need to make sure the Responsibility names are the same as the Application Roles. So either you create new responsibilities in EBS to match the existing (seeded) roles or you create new roles in OBI Apps to match your existing responsibilites. Both ways round are valid and it all depends on your security solution.
  Thanks
  Robin

• Question regarding GO URL link with &Action=Navigate in OBIEE 11g

  Hello All,
  Actually I am working with the GO URL Links in OBIEE 11g.When I am trying to use the link as
  &Action=Navigate&p0=3&p1=bet&p2="Time%20Periods".Date&p3=2+ '01/01/2011'+'01/31/2011'
  The data is not getting filtered.It is giving me all the data which I don't need also..Is this a bug or am I doing any mistakes..Please let me know..

  Actually I have a few parameters or filters and I am using those filters in the GO URL Link but that filters when I am applying in
  &Action=Extract it is working properly.But When I am trying the same with &Action=Navigae it is not gining me the results what I want..

• OBIEE 11g caching question - cross database joins

  Hi, I'm seeing something strange (a.k.a. not wanted) in OBIEE (11g, not sure that version matters).
  I have a simple data mart that contains spend information. The supplier dimension contains keys that can be used to join it to detailed supplier information and supplier address information in our ERP system (that sits in a different database / on a different box). In the OBIEE physical layer I've created a cross database join between the supplier dimension table and the ERP tables that contain the address info.
  Here's the odd behavior I'm seeing. If I write an answers request to select the supplier, some address info, and total spend for fiscal year 2010, I'm seeing OBIEE fire off two queries (this I expect):
  A) Select supplier, address key, and total spend for fiscal year = 2010 against the spend mart
  B) select address_key and associated address info against the ERP system (no limit on this query, it pulls back all rows from the address table)
  OBIEE then does an internal join itself and serves up the results, everything is correct. But here's what's "wrong" - if I then run the exact same answers request, but change the fiscal year to 2009, I again see OBIEE firing off the two queries. What I expected and/or want to see is that, since the entire result set from query #B doesn't change at all, that it wouldn't have to rerun this query. However, it seems to be.
  Is there any way to get #B to cache so that, for any subsequent query that contains supplier address info, OBIEE can pull it from cache instead of rerunning the query (which is pretty slow)? I really thought it would do that, but it doesn't seem to be.
  Thanks!
  Scott

  Hi,
  Could you give a bit more of context for this case? The table in SQL server; Is it a dimension and the one in Oracle DB is a fact? I am guessing, you have set up the driving table here. Have you given a try taking it off, and let BI Server do the filter in memory?
  -Dhar

• OBIEE-11g Double columns question

  Hi guys, on my pc i've installed business intelligence suite 11.1.3 and now I need support about double columns feature. In the business model I've this hierarchy
  Region -> Province -> Municipality
  where the keys for each level are represented by the name of the element, the problem is that this keys are used to map geometric shapes to enable the map views features and the Municipality values are ambiguous in their domain (could exist two municipality with the same name but different province) in the official documentation is wrote that to unique identify a shape should be used a double columns field but when I 'apply the double field feature to the hierarchy levels the drill feature doesn't work properly and I get a strange filter error (seems that the system filter the value by id on the wrong field). Somebody could help me to understand if I can define a hierarchy where the keys have a descriptor id associated ?
  Thanks a lot Regards

  I 've also come up with the same issue. I am using OBIEE 11G (11.1.1.5.0) and Oracle Mapviewer Ver11_1_1_4_B110225.
  On the RPD, My hierarchy is defined as: District -> Quarter -> Neighbourhood.
  For each hierarchy level I am using:
  District Logical Level keys:
  District Id: Primary Key
  District Name: Use for Display
  Quarter Logical Level Keys:
  Quarter Id: Primary Key
  Quarter Name: Use for Display
  Neighbourhood Logical Level Keys:
  Neighbourhood Id: Primary Key
  Neighbourhood Name: Use for Display
  I need to associate each Mapviewer theme's ID (District ID, Quarter ID, Neighbourhood ID) with a relevant BI column, because the theme names are not distinct.
  I have set the double column (Descriptor Id) feature: (District ID, Quarter ID, Neighbourhood ID) on each BI name column (BI Distict Name, BI Quarter Name, BI
  Neighbourhood Name) of the business model and associated the layer key (ID) of each Mapviewer theme with the corresponding BI name column.
  On the map view, drilling down from District to Quarter works properly, but I get the following action error while drilling down from quarter to neighbourhood:
  An error occurred while trying to generate drill down query.
  Odbc driver returned an error (SQLExecDirectW).
  State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. [nQSError: 43113] Message returned from OBIS. [nQSError:
  46036] Internal Assertion: Condition rowValues.size() == numColumns, file server\Query\Src\SQNavigatorAccess.cpp, line 495. (HY000)
  SQL Issued: {CALL NQSGenerateDrillDownQuery('SELECT District Name saw_0, Quarter Name saw_1, DESCRIPTOR_IDOF(District Name) saw_2, DESCRIPTOR_IDOF(Quarter Name)
  saw_3 FROM "Subject Area" WHERE DESCRIPTOR_IDOF(District) = 5','1','''5'',''31'',31','-1 -1 -1 -1 -1','0,2,3')}
  However, if I add a table view on my analysis and click on the table view's quarter link, drilling down works ok both for the table and for the map view.
  Moreover, I tried removing the double column (descriptor Id) feature from the business model while maintaining the hierarchy as described above.
  I then associated the layer key (ID) of each Mapviewer theme with the corresponding BI ID column instead of the BI name column.
  On the map view while drilling down from District to Quarter, a filter to a specific District is applied, but the associated Quarters theme is not displayed.
  Finally, if I enable the "Use for Display" checkbox for each hierarchy level's primary key on the RPD, and maintain the association between the layer key (ID) of
  each Mapviewer theme with the corresponding BI ID column, drilling down works correctly but only on the ID.
  I need drilling down to work while clicking on the each name BI column of the hierarchy while defining the association on the layer key ID of each mapviewer
  theme. Is this possible? Any ideas?