Following up on my last post it turns out that the conundrum is nothing but Enterprise Manager currently displaying things in a somewhat sub-optimal manner. The permissions etc are all there but they are just not being displayed under their respective permission class.
WLST confirms this when listing things with listResources(appStripe=”obi”)
So conundrum = just a hick-up 🙂
So we know that 12c made some small changes in the security area – the most well known being “BI Administrator” being renamed to “BI Service Administrator”.
This can cause some issues when importing 11g BAR files with old “BI Administrator” roles but set “security model=false” during import. Well this isn’t what this post is about but still something you may want to remember 😉
What this post IS about is the little weirdness which is happening in Application Policies and the Permissions you can grant to a policy and its principals.
Let’s look at the permissions granted to “BI Service Administrator”. There’s two set of rights which look suspiciously similar:
Can you spell “redundant”?
Ok let’s turn this upside down and create a new application grant for a “close to Admin”-type set of rights:
Searching by “Permission Class” oracle.security.jps.ResourcePermission yields 14 results.
Funny enough we don’t find all four of the permissions in the screenshot above. Two catalog permissions are present – “oracle.bi.presentation.catalogmanager.manage” and “*” for the oracle.bi.catalog permission type. “*” for oracle.bi-repository isn’t there though. Hmmm. Let’s search by “Resource Type” and try to find the four in question one by one.
Why hello there. Not only do we find all four but also a nice little remark on the two known ones: Legacy Permission from BI 11g
So it seems that those two are about to get dropped and be replaced by the new “*” resources. But why is only one of the two new permissions visible when searching by “Resource Class” when it seems to actually HAVE the correct resource class assigned to it?
Smells like something needing a little fix. Most important though: going through permissions by resource type and checking the ones labeled as “Legacy 11g” is a good idea in order to not be relying on things on their way out of the product…
The ODTUG KScope16 speaker evaluations just arrived in my inbox and I wanted to take a moment to express my gratitude to everyone who came to listen to my sessions and for their magnificent feedback.
Thank you from the bottom of my heart – this is why I do these conferences!
Thanks also to everyone from ODTUG and all my friends from the community. I hope to see you all next year in San Antonio for KScope17.
A new functionality has been introduced in the latest release of OBI – 126.96.36.199.0 – which has gone a bit unnoticed since it hasn’t been included in the documentation anywhere. This is surprising since it’s been requested since a long time.
As of this release the usual 3-level dashboard hierarchy has been transformed into a 4-level one:
- Dashboard group
- Dashboard page
- Dashboard subpage
Configuration is very straight-forward. Just click the usual “Add” button which will give you two options as of now:
Working on a system without full access can often be a pain and prevent you from being able to get information necessary for your work. One of those areas is access to system variables. Good thing is. that bits and pieces are flying around all over the web and can be found for example both Oracle’s own SampleApp or this little gist here from @rmoff.
I’ve started mixing and matching together as much as possible of “things you can potentially get out of the system” without having anything else than Answers access and combined it into a single analysis. You can find the gist here. To put it into your system all you need to do is create a new analysis, copy over the XML and reference any of your Subject Areas (two locations; top and bottom of the file). Doesn’t matter which one as long as it parses correctly. Not a single query against actual data sources is run.
I’ll keep adding to this and expand it with whatever hack I can find to circumvent the pesky “you’re not an Admin” situations.
Next week from June 26 to 30 it’s time again for the epic ODTUG KScope16 which is happening in Chicago, Illinois this time. After unfortunately missing last year’s KScope15 in Florida I am happy to be back with two presentation slots of my own plus a joint presentation.
You can find the full agenda here including my three sessions in the BI and Data Warehousing stream of the event:
- 50 Shades of #Fail: OBI Worst Practices in Real Life
- Back2Basics: A Day in the Life of an Oracle BI Query
- OBIEE Security: It’s a Jungle Out There(joint presentation with @G_Ceresa)
This year I had the pleasure and privilege to be a member of the content committee for the BI/DWH stream in order to do my part of making the event as epic an experience as possible for all participants.
Looking forward to seeing all my friends and fellow Oracle ACEs again.
“If you have a tool and arn’t aware if what it can do, its dangerous. A jedi can do amazing things with a lightsaber. A roomful of chimps with lightsabers… would get messy. “
I am currently in the process of moving all assets over from blogger and it seems that a miraculous multiplication of blog posts is happening – once with and once without images as it seems. Will clean up in the coming hours.
Update: So it seems that even after trying 3 different import tools not all images have made it over. A pity but that’s life – you’ll still be able to see the original posts including all images under the old URL: hekatonkheires.blogspot.com
Date: Monday 7th December – Wednesday 9th December
Location: ICC Birmingham
UKOUG Apps15 is the must attend event for Oracle Apps professionals, with over 120 sessions there is something to suit everyone.
My session will take place on Wednesday, 9th from 10:00-10:50 and is entitled
“50 Shades of #Fail – OBI worst practices in real life”
I look forward seeing you at Apps15!
OBIEE 188.8.131.52 went GA yesterday and is available for download on OTN here.
Oracle Documentation for 184.108.40.206 is here.
And most importantly the 2 “New Features Guides” in detail: