OBIEE 11g &12c: Application Role Assigned to User in Enterprise Manager is Missing in My Account in OBIEE and Permissions are not Applied to OBIEE Objects
Last updated on JUNE 04, 2018
Applies to:Business Intelligence Server Enterprise Edition - Version 18.104.22.168.7 and later
Business Intelligence Suite Enterprise Edition - Version 22.214.171.124.0 and later
Information in this document applies to any platform.
In OBIEE 11g, when you assign an Application Role to a user, without using a group, those settings are not passed to the Presentation Server. The assignment is done in Enterprise Manager Fusion Middleware Control. When checking the identity settings in the repository (rpd) in online mode, the roles are shown properly. But, in the presentation server, the roles assigned to the user directly are not shown in the user profile "My Account", neither are the functionalities bound to those roles accessible or forbidden. An assignment of a group to a role is working properly.
As well as the DefaultAuthenticator and DefaultIdentityAsserter, you have a third provider. This is a Novell LDAP Provider, which you have configured according to the documentation. You changed the DefaultAuthenticator as described in the documentation (control flag => Optional). bidiagnostics (11.1.1) is working properly too. But the roles still do not show correctly.
Excerpt from bidiagnostics log file:
Successfully authenticated user Subject: Principal: DATAWAREHOUSE Principal: dwh2 Principal: authenticated-role Principal: anonymous-role Principal: ApplicationRoleobi/test,uname:cn=test,cn=Application Role,cn=obi,cn=jpsXmlFarm,cn=JPSContext,cn=jpsXmlRoot,guid:4DE81E2096DE11E2BF9C675C8C0780C8 Principal: ApplicationRoleobi/BIConsumer,uname:cn=BIConsumer,cn=Application Role,cn=obi,cn=jpsXmlFarm,cn=JPSContext,cn=jpsXmlRoot,guid:19C2B3505A5011E2BF847B1E29BCCE3A Principal: ApplicationRoleobi/BIAuthor,uname:cn=BIAuthor,cn=Application Role,cn=obi,cn=jpsXmlFarm,cn=JPSContext,cn=jpsXmlRoot,guid:19BE1F705A5011E2BF847B1E29BCCE3A Private Credential: dwh2 Private Credential: Subject: Principal: dwh2 Principal: DATAWAREHOUSE Private Credential: dwh2 via container authentication (NOT full BI logon)
The user dwh2 is assigned to the LDAP group DATAWAREHOUSE, with the application role ApplicationRoleobi/test. The application role BIAdministrators is not listed. It is assigned to the user directly, as shown.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms