While auditing our OBIEE security model We’ve stumbled into behavior that we think is a bug. If it’s not, then I hope it’s a feature that would be removed in the future. Here’s a description of how we get this particular Presentation services behavior:
1. Summary – Our goal is to be able to add new users in RPD in online mode, assign them to their respective repository security groups ( based on data-level and row-level security), and during their first login have them automatically assigned to one of 2 appopriate Presentation catalog group (that is used for presentation security, such as prohibiting overwriting of shared reports). We use OS authentication model with Impersonator (OBIEE picks up and strips users’ OS username). However, the problem doesn’t seem to be SSO-related or OS-related.
These’re steps to reproduce:
a) create new user “test_user1″ in RPD “Business Intelligence” group (for Presentation group “Business Intelligence”). Check-in RPD and save it.
b)Â login with the “test_user1″ first time to OBIEE
c) go to My Account. You can clearly see that “test_user1″ is a member of Presentation group “Business Intelligence” (which is good for us and correct at the same time)
d) log-out. close browser. clean cookies. log-in as an administrator (member of Presentation Services Admin). Go to Settings –> “Oracle BI Presentation Services Administration”–>”Manage Presentation Catalog Groups and Users”
Select Edit for the “Business Intelligence” group
Select Edit for the “Business Intelligence” group
as you can see – “test_user1″ isn’t there
e) If we click on “Add New Member”-> “Show Users and Groups” – there’ll be a red-stop symbol (padlock image)
We’ve filed an SR with Oracle Support, and still waiting for an answer. I personally think that in future OBIEE releases – the Presentation Services should be tied closer with BI server – maybe going as far as consolidating those 2 modules.
And have a nice work week!
Posts
