OBIEE 12c: Application Roles Do Not Take Effect for Active Directory Users when the User Name Attribute is sAMAccountName
Last updated on JUNE 19, 2017
Applies to:Business Intelligence Suite Enterprise Edition - Version 220.127.116.11.0 and later
Business Intelligence Reporting and Publishing - Version 18.104.22.168.0 to 22.214.171.124.0 [Release 12c]
Information in this document applies to any platform.
Unable to assign user membership to the Application Roles in Fusion Middleware Control ( EM ).
The users appear with different ID's, but not actual names that appear in Weblogic Console.
In EM, a user, Jane Doe, is added to an Application Role (for example, BIAdministrator). The User was located using the Display Name option (for example, Display Name > Starts With = Jane).
When the user logs into /analytics as 'jdoe', which is the sAMAccountName value, the user does not acquire the Application Role (for example, in My Account > Roles and Catalog Groups.
The users only sees Authenticated User and BI Consumer listed, and there is no Administration link in the Global Header.
Should be able to assign users to the Application Roles
The issue can be reproduced at will with the following steps:
- Install OBI 12c
- Migrate 11g Repository to 12c -
- Configure AD as provider using sAMAccountName user attribute
- Try adding users to Application Roles in FMW Control.
- Login to Analytics and check the Roles assigned to the user in FME Control do not appear under My Account page.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms