Securing Reports 11g or 11gR2 Using Groups Displays REP-177 or REP-56071 "The requested operation is unauthorized" (Doc ID 1542931.1)

Last updated on SEPTEMBER 19, 2015

Applies to:

Oracle Reports Developer - Version 11.1.1.1.0 to 11.1.2.2.0 [Release 11g]
Information in this document applies to any platform.

Goal

Reports 11g or 11g R2

Followed the instructions in the section "JAZN-XML Authorization with Single Sign-On Authentication for Reports Servlet" of the following the manual Oracle Fusion Middleware Publishing Reports to the Web with Oracle Reports Services 11g Release 2 (11.1.2)  ==> 14.5 End-to-End Security Scenarios


Give access to specific users by adding them to the pre-defined reports roles:

RW_ADMINISTRATOR
RW_OPERATOR
RW_MONITOR
RW_DEVELOPER
RW_POWER_USER
RW_BASIC_USER

 

But when you want to grant access using groups it doesn't work. Users member of the group still don't have access. Users and groups are all define in weblogic Security Realms (myrealm).

Why mapping a group to a reports role doesn't give access to users member that group?

Error displayed when using groups:

REP-56071: The requested operation is unauthorized.

or

REP-0177: An error occurred while running in a remote server. Authentication failed.

 
Example of the steps applied to reproduce REP-56071:

1- Adding user1 to reports role RW_OPERATOR

  user1 can run any reports.

2- Removing user1 from reports role RW_OPERATOR
  Adding group1 to reports role RW_OPERATOR (user1 is member of group1)

  user1 can't run reports anymore
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms