Wednesday 16 September 2015

Creating users in OBIEE 11g

User authentication is the important part in OBIEE security. For any user we need to assign some kind of security levels in the sense of read, write and modify application roles.

The default application roles are grouped into broad categories of functional usage: administrator (BIAdministrator), author (BIAuthor), and consumer (BIConsumer). 

Following are the default application roles provided by the OBIEE system:

1. BIAdministrator Role

              The BIAdministrator role grants administrative permissions necessary to configure and manage the Oracle Business Intelligence installation. Any member of the BIAdministrators group is explicitly granted this role and implicitly granted the BIAuthor and BIConsumer roles

2. BIAuthor Role

              The BIAuthor role grants permissions necessary to create and edit content for other users to use, or to consume. Any member of the BIAuthors group is explicitly granted this role and implicitly granted the BIConsumer role.

3. BIConsumer Role

              The BIConsumer role grants permissions necessary to use, or to consume, content created by other users.

4. BISystem Role

              The BISystem role grants the permissions necessary to impersonate other users. This role is required by Oracle Business Intelligence system components for inter-component communication.

5. Authenticated Role

               Oracle Business Intelligence uses the authenticated application role to grant permissions implicitly derived by the role and group hierarchy of which the Authenticated role is a member. The Authenticated role is a member of the BIConsumer role by default and, as such, all Authenticated role members are granted the permissions of the BIConsumer role implicitly.

You can see all these roles in em using following path:

Coreapplication --->Configure and Manage Application roles--->Application Roles

See screen shot for application roles:


Steps for creating new user and assigning application roles:

1. Login to the console using weblogic user credentials.


2. Select Security Realms from Services as marked in the screen shot.


3. Select Myrealms as shown in screenshot.


4. Select User and Groups, you will find total no of system users. For creating new user you have to select New option as marked in the screen shot.


5. Enter user details like user name, description and password and click OK.


6. New user is created admin with default authentication role. To assign new roles to user. Click on admin user. 


7. Assign new role and save changes i.e BIAdministrators and Administrators.

8. New user is created with administrator application role. To Verify user login to analytics with admin user name and it's password. Before login to the system restart services to get changes.



9. User is logged in successfully and we have observed assigned application roles are available for admin user.



In this way we learned to create new user. Keep visiting for new posts.

Thanks...!!










No comments:

Post a Comment