I am trying to accomplish two things related to subject area security. I am not able to accomplish either with the OBIEE Admin tool like I believe it should work but have found a lengthy work around for one using the Administration Manage Privileges in Answers. Here are the two challenges:
(1) Cannot create table based security within OBIEE Admin tools that functions when deployed to OBIEE server:
Situation: In OBIEE admin tool I have:
- Subject Area "GRA" which has the following permissions:
- Authenticated User (Set as Read do not have Default as an option)
- GRA Analytics (Set as Read/Write)
- GRA Secure Analytics (Set as Read/Write)
- All other Responsibilities are set to Default
- Within GRA subject area I have a table named "Global" with the following Permissions:
- Authenticated User (Set as Read do not have Default as an option)
- GRA Analytics (Set as Default)
- GRA Secure Analytics (Set as Read/Write)
- All other Responsibilities are set to Default
- I have a user setup with the "GRA Analytics" responsibility but NOT the GRA Secure Analytics responsibility
- The User is authenticated using LDAP through Siebel (where the responsibilities are assigned
Desire:
- When the User logs into Answers and opens the GRA subject area they would see all tables EXCEPT the Global table
Undesired Result:
- User is able to see the GRA subject area but also sees the Global table
- I view the users Roles/Catalog Groups and they DO NOT have the GRA Secure Analytics role (DO have the GRA Analytics role.
Note: My second issue which I'm including below directly impacts the top issue.
(2) Cannot create subject based security within OBIEE Admin tools that functions when deployed to OBIEE server:
Situation: In OBIEE admin tool I have:
- Subject Area "GRA" which has the following permissions:
- Authenticated User (Set as Read do not have Default as an option)
- GRA Analytics (Set as Read/Write)
- GRA Secure Analytics (Set as Read/Write)
- All other Responsibilities are set to Default
- I have a user setup with the "GRA Analytics" responsibility but NOT the GRA Secure Analytics responsibility
- The User is authenticated using LDAP through Siebel (where the responsibilities are assigned
Desire:
- When the User logs into Answers only Users with the GRA Analytics or the GRA Secure Analytics responsibility would see the GRA subject area
Undesired Result:
- Any User that logs into Answers sees the GRA subject area
Work Around:
- If I log into Answers with my Admin User Account I can select Administration->Manage Privileges
- Find the subject area GRA and then assign the GRA Analytics and GRA Secure Analytics responsibility permissions as "Granted"
- When the User logs into Answers with either the GRA Analytics or the GRA Secure Analytics responsibility they see the GRA subject area but if they do not have the responsibility they do not see it.
Issues with Work Around:
- Makes the assignment of Permissions in OBIEE Admin Tool Obsolete
- Cannot assign table level Permissions here and thus cannot solve the first issue listed
- Still not sure why setting Permissions in OBIEE Admin Tool are being ignored
If you could help me find a solution that gets the Permissions from the OBIEE Admin tool working it would be greatly appreciated.
Thanks...