My Oracle Support Banner

OBIEE 11g &12c: Application Role Assigned to User in Enterprise Manager is Missing in My Account in OBIEE and Permissions are not Applied to OBIEE Objects (Doc ID 1546778.1)

Last updated on SEPTEMBER 13, 2019

Applies to:

Business Intelligence Suite Enterprise Edition - Version and later
Business Intelligence Server Enterprise Edition - Version and later
Information in this document applies to any platform.


In OBIEE 11g, when you assign an Application Role to a user, without using a group, those settings are not passed to the Presentation Server. The assignment is done in Enterprise Manager Fusion Middleware Control. When checking the identity settings in the repository (rpd) in online mode, the roles are shown properly. But, in the presentation server, the roles assigned to the user directly are not shown in the user profile "My Account", neither are the functionalities bound to those roles accessible or forbidden. An assignment of a group to a role is working properly.

As well as the DefaultAuthenticator and DefaultIdentityAsserter, you have a third provider. This is a Novell LDAP Provider, which you have configured according to the documentation. You changed the DefaultAuthenticator as described in the documentation (control flag => Optional). bidiagnostics (11.1.1) is working properly too. But the roles still do not show correctly.

Excerpt from bidiagnostics log file:

Successfully authenticated user Subject: Principal: DATAWAREHOUSE Principal: dwh2 Principal: authenticated-role Principal: anonymous-role Principal: ApplicationRoleobi/test,uname:cn=test,cn=Application Role,cn=obi,cn=jpsXmlFarm,cn=JPSContext,cn=jpsXmlRoot,guid:4DE81E2096DE11E2BF9C675C8C0780C8 Principal: ApplicationRoleobi/BIConsumer,uname:cn=BIConsumer,cn=Application Role,cn=obi,cn=jpsXmlFarm,cn=JPSContext,cn=jpsXmlRoot,guid:19C2B3505A5011E2BF847B1E29BCCE3A Principal: ApplicationRoleobi/BIAuthor,uname:cn=BIAuthor,cn=Application Role,cn=obi,cn=jpsXmlFarm,cn=JPSContext,cn=jpsXmlRoot,guid:19BE1F705A5011E2BF847B1E29BCCE3A Private Credential: dwh2 Private Credential: Subject: Principal: dwh2 Principal: DATAWAREHOUSE Private Credential: dwh2 via container authentication (NOT full BI logon)

The user dwh2 is assigned to the LDAP group DATAWAREHOUSE, with the application role ApplicationRoleobi/test. The application role BIAdministrators is not listed. It is assigned to the user directly, as shown.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.