My Oracle Support Banner

OBIEE 12c: Privilege May Not Work Appropriately When Username and Application Role Name are the Same (Doc ID 2359081.1)

Last updated on MARCH 01, 2018

Applies to:

Business Intelligence Suite Enterprise Edition - Version 12.2.1.2.0 and later
Information in this document applies to any platform.

Symptoms

Privilege of presentation catalog may not work appropriately when username and application role name are the same.

There is a difference between large alphabet and small alphabet, but privilege of presentation catalog does not distinguish large or small.

For example,

1. Create a user (ex. level2 and level3) via WebLogic Administration Console.

2. Create an application role name (ex. Level1 and Level2) via Fusion Middleware Control.

Set user "level2" as a member of Application Role "Level1".
Set user "level3" as a member of Application Role "Level2".

3. Go to Analytics and login with weblogic.

Administration > Manage Privileges > Home and Header [Access Catalog UI]

(application role) BI Consumer Denied
(application role) Level1 Denied
(application role) Level2 Granted

4. Log in with level2 user. Since level2 user belongs to Level1, level2 should not be accessed to Catalog.
    Instead, you can see Catalog folders even though application role Level1 has been denied. 
    It seems as if catalog folders are available since Level2 application role has been granted.

http://hostname:9502/analytics/saw.dll?Catalog

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.