Part 2 Adding Users to Application Roles in OBIEE

Steps to add users to Application Roles and to resolve issues if encountred

1. Once the LDAP is configured then the next task would be to add users to the Application Roles.

This is to be done in em
Traverse through the path 
Business Intelligence–>coreapplication–>Security–>Application Roles

2. Then click on BI Administration Roles and edit. In that add the user from the LDAP 

3. Once the user is added first check is to see if the user is reflected in the RPD.  For that Open the RPD in online mode and then click Manage Identity and do the following as below in the screenshot

4. Once in Identity click on Synchronize Application Roles and then check for the BI Administration Role to see if the name reflects

 

5.  Here the name reflects, now try loggin in to see if the privileges reflect in the analytics for this users and it is to work.

6. Suppose the authentication fails then its a problem to refresh the GUIDS. Please click the link below on the steps to refresh the GUIDS

Refreshing GUIDS and what to expect for successful Completion

I faced an issue after upgrade and please find the problem description and the steps taken to resolve the issue. Please also check the SR which I had raised to resolve the issue

Problem Description

I configured Microsoft LDAP with OBIEE 11.1.1.7.131017 and the LDAP authentication works. Initially I had Admin privileges and all that is gone after installing LDAP.
I provided myself as a part of default Application roles BI System Role, BI System Administrator but I’m still not able to get the Administration link.

I opened the RPD in online mode and in Identity I did syncronise Application roles and I see my name as a part of all the Application Roles but when I login I do not see my privileges reflecting and in My account Catalog groups and users I see as only Authenticated User and BI Consumer.

I did the LDAP configuration using the oracle docs and authentication works fine but assign roles and privileges do not reflect.

SR Raised with Oracle link (Please click the link below )

SR 3-8062077621 : Ldap users added to Application Roles and not reflecting the privileges


Steps taken to resolve the issue

1. Made sure that the user exist in the RPD in the online mode
2. Refreshed the GUIDS
3. Added another user to check if the issue is with only the existing user or with other users also
4. Cloned the Application Roles and added the role in Analytics with the Privileges.
5. Log in to the Analytics and then in My Account –> Users and Catalog Groups, check for the  Application Roles that you have added recently. The roles which are added should reflect here.
6. Provide Admin access to the respective user. Navigate to Administration -> Issue SQL .
In the edit box, enter the below command and provide the output:-
CALL NQSGetSessionValues(‘NQ_SESSION.GROUP,NQ_SESSION.USER,NQ_SESSION.ROLES,NQ_SESSION.WEBGROUPS,NQ_SESSION.PERMISSIONS’)



After doing the above steps if you still have privilege issues and having issues with authentication then the fix is as mentioned below.



5. The reason is due to case sensitivity of the username when logging in through presentation services. If you do not log in with the same case as is defined for the user in the LDAP repository, then OBIEE cannot reference the roles that have been applied to the user.
The solution can be found in WebLogic Console (http://<>:<>/console). Navigate to Home -> bifoundation_domain -> Security -> General -> Advanced. There is an option called “Enable Principal Equals Case Insensitive. Set this option to true (ticked). Apply changes. You should now be able to log in with the user, without having to worry about case sensitivity, and defined application roles should be applied in presentation services.
6. Once this changes are done Stop BI Services and Restart the BI Services and all the issues will be resolved.
Regards
Jethin
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s