For OBIEE 11g, User definitions and group membership are created and maintained in the identity store. The permission grants for a user are derived by determining what groups they are a member of, and then determining which application roles those groups are mapped to in the policy store. Additional permissions can be inherited by nature of the application role hierarchy.
Information maintained in the identity and policy stores is often needed during repository development. To facilitate this development, a copy of objects that have properties specific to metadata is kept in the repository file and can be viewed using the Administration Tool. For example, user information is added to the Administration Tool copy after a data filter, or object permission, or query limit is generated.
Information displayed in the Administration Tool is not in real time and any user, group, or application changes made in the identity and policy stores cannot be seen when working offline. The contents of this copy are updated whenever BI Server is restarted.
To add user attributes used by the repository:
2. Display the Security Manager by selecting Manage then Identity.
3. Select BI Repository and double-click the user name from Users Tab located in the right pane.
4. If you want to log queries for this user in the query log, change the query logging level to 1 or 2.
5. Click OK.
6. To modify permissions for the user, open the Users dialog by double-clicking the user icon you want to modify. If you click Object Permissions, you can change permissions for Presentation objects, Marketing objects, and Connection Pool.
7. You can grant rights to the user individually, through application roles, or a combination of the two. To grant membership in an application role, select as many as you want the user to be a part of in the Application Role Membership portion of the dialog.
8. To specify database logon IDs for one or more databases, type the appropriate user names and passwords for the user in the Logons tab of the User dialog.
If a user specifies database-specific logon IDs in the DSN used to connect to BI Server, the logon IDs in the DSN are used if the administrative user has configured a connection pool with no default database-specific logon ID and password. For information about configuring the connection pools to support database-specific logon IDs, see Oracle Fusion Middleware Metadata Repository Builder’s Guide for Oracle Business Intelligence Enterprise Edition.
9. Set up any query permissions for the user. For more information, see Oracle Fusion Middleware Metadata Repository Builder’s Guide for Oracle Business Intelligence Enterprise Edition for more information.