RSS

OBIEE 11G default System Permissions in Policystore

03 May

In OBIEE 11G the application access and privileges has been ruled by the Application Roles. The OBIEE 11G application has predefined system policies (permissions) which are assigned to application Roles we define in Policy store.

By default we have out of box App roles (BIAdministrator, BIAuthor and BIConsumer) created in EM. But in real world we (may) need to create new roles with different permissions.

Here is the list of available OBI system permissions. We need to choose one/combination of them for new Roles.

Permission Name

Description

oracle.bi.publisher.administerServer

Enables the Administration link to access the Administration page and grants permission to set any of the system settings.

oracle.bi.publisher.developDataModel

Grants permission to create or edit data models.

oracle.bi.publisher.developReport

Grants permission to create or edit reports, style templates, and sub templates. This permission also enables connection to the BI Publisher server from the Template Builder.

oracle.bi.publisher.runReportOnline

Grants permission to open (execute) reports and view the generated document in the report viewer.

oracle.bi.publisher.scheduleReport

Grants permission to create or edit jobs and also to manage and browse jobs.

oracle.bi.publisher.accessReportOutput

Grants permission to browse and manage job history and output.

oracle.bi.publisher.accessExcelReportAnalyzer

Grants permission to download the Analyzer for Excel and to download data from a report to Excel using the Analyzer for Excel. Note that to enable a user to upload an Analyzer for Excel template back to the report definition, the permission oracle.bi.publisher.developReport must also be granted.

oracle.bi.publisher.accessOnlineReportAnalyzer

Grants permission to launch the Analyzer and manipulate the data. Note that to save an Analyzer template to a report definition, the permission oracle.bi.publisher.developReport must also be granted.

oracle.bi.server.impersonateUsers

This description is not available.

oracle.bi.server.manageRepositories

Grants permission to open, view, and edit repository files using the Administration Tool or the Oracle BI Metadata Web Service.

oracle.bi.server.queryUserPopulation

Internal use only.

oracle.bi.scheduler.manageJobs

Grants permission to use Job Manager to manage scheduled Delivers jobs.

For eg: if you want to create a new role for OBI RPD administration only. Then you need to create a new Application Role in EM with the permission oracle.bi.server.manageRepositories

Hope this post helps you to create a better App Roles with proper permissions.

Thanks,

Shiva

Advertisements
 
4 Comments

Posted by on May 3, 2012 in BI Publisher, OBI EE, OBIEE 11g

 

Tags: , , , ,

4 responses to “OBIEE 11G default System Permissions in Policystore

  1. krishna

    January 21, 2013 at 5:22 am

    Hi,

    your blog is very useful for my work. I have a question, i’m workiing on obiee 11.1.1.6 version and i’m using map viewer, one of my business user don’t want to display the BI DATA LAYER which is associated with the map viewer. How do i disable the BI DATA LAYERS and Legend.

    Thanks
    Krishna

     
  2. Ramiz

    April 12, 2013 at 7:33 am

    If want to revoke oracle.bi.publisher.scheduleReport permission ,what should I do?

     
  3. Srini

    December 23, 2014 at 3:39 pm

    Hi Siva

    I deleted the oracle.bi.publisher.developDataModel from the BIAuthor Role for doing some testing. Could you please let me know how I can add this permission back to the BIAuthor Role. When I went to add this Permission its not listed under available Permissions.

     
  4. Gani

    June 8, 2017 at 5:38 pm

    For example we wanna assign this role “oracle.bi.publisher.developDataModel” to weblogic user,

    then how and where we can assign this role. please explain me in detail if possible.

    thanks in advance.

     

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: