OBIEE 11G default System Permissions in Policystore

03 May

In OBIEE 11G the application access and privileges has been ruled by the Application Roles. The OBIEE 11G application has predefined system policies (permissions) which are assigned to application Roles we define in Policy store.

By default we have out of box App roles (BIAdministrator, BIAuthor and BIConsumer) created in EM. But in real world we (may) need to create new roles with different permissions.

Here is the list of available OBI system permissions. We need to choose one/combination of them for new Roles.

Permission Name


Enables the Administration link to access the Administration page and grants permission to set any of the system settings.

Grants permission to create or edit data models.

Grants permission to create or edit reports, style templates, and sub templates. This permission also enables connection to the BI Publisher server from the Template Builder.

Grants permission to open (execute) reports and view the generated document in the report viewer.

Grants permission to create or edit jobs and also to manage and browse jobs.

Grants permission to browse and manage job history and output.

Grants permission to download the Analyzer for Excel and to download data from a report to Excel using the Analyzer for Excel. Note that to enable a user to upload an Analyzer for Excel template back to the report definition, the permission must also be granted.

Grants permission to launch the Analyzer and manipulate the data. Note that to save an Analyzer template to a report definition, the permission must also be granted.

This description is not available.

Grants permission to open, view, and edit repository files using the Administration Tool or the Oracle BI Metadata Web Service.

Internal use only.

Grants permission to use Job Manager to manage scheduled Delivers jobs.

For eg: if you want to create a new role for OBI RPD administration only. Then you need to create a new Application Role in EM with the permission

Hope this post helps you to create a better App Roles with proper permissions.




Posted by on May 3, 2012 in BI Publisher, OBI EE, OBIEE 11g


Tags: , , , ,

4 responses to “OBIEE 11G default System Permissions in Policystore

  1. krishna

    January 21, 2013 at 5:22 am


    your blog is very useful for my work. I have a question, i’m workiing on obiee version and i’m using map viewer, one of my business user don’t want to display the BI DATA LAYER which is associated with the map viewer. How do i disable the BI DATA LAYERS and Legend.


  2. Ramiz

    April 12, 2013 at 7:33 am

    If want to revoke permission ,what should I do?

  3. Srini

    December 23, 2014 at 3:39 pm

    Hi Siva

    I deleted the from the BIAuthor Role for doing some testing. Could you please let me know how I can add this permission back to the BIAuthor Role. When I went to add this Permission its not listed under available Permissions.

  4. Gani

    June 8, 2017 at 5:38 pm

    For example we wanna assign this role “” to weblogic user,

    then how and where we can assign this role. please explain me in detail if possible.

    thanks in advance.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: