My Oracle Support Banner

OBIEE 11g: Permissions on Presentation Columns no Longer Work as Expected after Upgrading from OBIEE 10g To (Doc ID 1916418.1)

Last updated on FEBRUARY 15, 2019

Applies to:

Business Intelligence Server Enterprise Edition - Version and later
Business Intelligence Suite Enterprise Edition - Version and later
Information in this document applies to any platform.


In OBIEE, your user belongs to Group1 and Group2 in WebLogic Server.
Group1 is a member of Role1.
Group2 is a member of Role2.
Role1 and Role2 were created like the BiAuthor role.

In the repository, you give Subject Area A - Sample Sales the following permission:

You log into Answers and click on My Account.
In the Roles and Catalogs tab, you see that the user shows as belonging to Authenticated User Role, Role1 and Role2.
However, if you create an analysis, this user does not see the column T05 Per Name Year.

In OBIEE 10g and OBIEE with the same scenario, the user sees the column as the least restrictive security attribute is applied.

If there are multiple application roles acting on a user or application role at the same level with conflicting security attributes, the user or                
application role is granted the least restrictive security attribute.              
However, Oracle requires from onwards that the application role with access to an object also have access to the object's container. For example, if                 
ApplicationRole 1 has permission to access Column A, which is part of Table B, then ApplicationRole1 must also have permission to access Table B.




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.