OBIEE 12c: Accessing Analytics Fails From E-BS When Both Init-Blocks and FMw Security Users Are Configured
Last updated on JANUARY 17, 2017
Applies to:
Business Intelligence Suite Enterprise Edition - Version 12.2.1.0.0 and laterInformation in this document applies to any platform.
Symptoms
Your environment is setup using the legacy security model, where users and groups are configured in the RPD using initialization blocks (10g legacy model).
Generic examples | symptoms:
- Setup init block based Authentication and Authorization to populate USER and GROUP variables. However once a default provider user like 'weblogic' logs in, the init block users can no longer access OBIEE because the Roles are not retrieved for the user. The only way to fix the issue is to restart the services.
- OBIEE is setup for EBS security using Init blocks. Users can login fine from EBS but once OBIEE is accessed directly using nquser&nqpassword in URL, the E-BS integration breaks. E-BS users get "Not Signed In" error when accessing OBIEE from EBS . The only way to fix the issue is to restart the services.
Specific example |symptom:
- UserA is set as a member of the database group "OBIAdmin".
- In Enterprise Manager, an application role named "OBIAdmin" is created.
- The "OBIAdmin" role is added as a member in BIServiceAdministrator role.
- Patch 24690636 12212 BI-EBS-AUTHORIZATION INIT BLOCKS IN RPD FAILS is applied to fix the role inheritance issue.
Once you login to OBIEE using weblogic Embedded LDAP users (or any external LDAP user), any subsequent login to OBIEE using the init-blocks users (or from EBS) fail with:
Access Prohibited
You don't have the privilege to access this page. Please contact your system administrator.
The sawlog shows:
Cause
Sign In with your My Oracle Support account |
|
Don't have a My Oracle Support account? Click to get started |
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms