OBIEE 12c: Privilege May Not Work Appropriately When Username and Application Role Name are the Same
Last updated on MARCH 01, 2018
Applies to:Business Intelligence Suite Enterprise Edition - Version 188.8.131.52.0 and later
Information in this document applies to any platform.
Privilege of presentation catalog may not work appropriately when username and application role name are the same.
There is a difference between large alphabet and small alphabet, but privilege of presentation catalog does not distinguish large or small.
1. Create a user (ex. level2 and level3) via WebLogic Administration Console.
2. Create an application role name (ex. Level1 and Level2) via Fusion Middleware Control.
Set user "level2" as a member of Application Role "Level1".
Set user "level3" as a member of Application Role "Level2".
3. Go to Analytics and login with weblogic.
Administration > Manage Privileges > Home and Header [Access Catalog UI]
(application role) BI Consumer Denied
(application role) Level1 Denied
(application role) Level2 Granted
4. Log in with level2 user. Since level2 user belongs to Level1, level2 should not be accessed to Catalog.
Instead, you can see Catalog folders even though application role Level1 has been denied.
It seems as if catalog folders are available since Level2 application role has been granted.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms