You are on page 1of 9

This short guide will take you through the process of creating new users in Oracle

OBIEE and WebLogic as well as introducing security concepts including the use of
security groups and application roles to control data access.
Before you start
Before proceeding with this tutorial, you will need:

An Oracle 11g database that is installed and running.

A working WebLogic install.

WebLogic/OBIEE credentials with the appropriate level of permissions to


create and administer other user accounts.

A login for the Enterprise Manager Fusion Control panel.

Once you have each of these in place, you are ready to proceed.
Viewing your own user permissions
Log into the OBIEE WebLogic console using your admin credentials and proceed
to the "welcome" screen.
1. Click on your user name in the top right-hand corner of the screen and
select My Account from the drop-down menu:

2. In the My Account pop-up box, select the Roles and Catalog Groups
tab:

This will then show a list of the groups to which your account belongs:

3. Click OK or Cancel to close the dialog box.


At this point you cannot change any of your permissions or group memberships,
but you can at least get an idea of what you are permitted to do with the system.
Viewing other WebLogic user accounts and permissions
Fire up the WebLogin console and login with an administrator-level account.

1. When the Administration Console screen opens, select Security Realm


from the Domain Structure pane on the left-hand side of the screen:

2. The main console pane will now refresh. Click on the relevant realm from
the list displayed. In our example it is called myrealm (which also
happens to be the default realm created when first installing OBIEE).

3. With the details of myrealm loaded, select the Users and Groups tab:

4. You will now be presented with a table containing the registered OBIEE
users:

Bear in mind that the system displays only ten accounts at a time by
default. You can change this by clicking the Customize this table link
and making adjustments as you see fit.
Creating a new WebLogic user
Creating a new WebLogic user account is relatively straightforward too.
1. From within the Users and Groups tab of the myrealm security realm
click the New button:

2. Complete the Create a New User form ensuring that you supply a Name
and a Password at the very least:

Click OK to continue.
3. You are now returned to the list of users where you will see a message
confirming successful creation of the new user account:

You should be able to test the new account by trying to log into the WebLogic
interface with the user name and password you just created. Rememeber that
this new account will have relatively restricted access to WebLogic functions
based on the default new user account settings.
Checking Application Role permissions
Users can also be assigned permissions via Application Roles. Application
Roles apple security group permissions to user accounts, adding an additional
layer of security. Application Roles can be modified by logging into
the Enterprise Manager Fusion Control interface with an admin-level
account.

1. From the left-hand tree-view panel, select Business Intelligence


-> coreapplication

2. Click the Security tab in the main window:

3. Select the Single Sign On sub-tab:

4. Click the Configure and Manage Application Roles link at the bottom
of the page:

5. When the screen reloads you will be able to see a list of the available
application roles. By selecting one, in this case BIConsumer, you will then
see a list of users who are members of that role:

Note that authenticated-role one of the default memberships discovered


above is also a member of the BIConsumer role, helping to explain why
all new users receive both permissions by default.
At this point you can assign users new application role permissions directly using
this screen - this is not however considered best practice. Instead you should be
looking to associate users with groups, and groups with application roles.
Assigning permissions to WebLogic users
Once you understand the difference between security groups and application
roles, changing user group memberships is relatively simple.
1. From the Users and Groups tab of the myrealm security realm click
the Groups tab:

Check for the group that you want to add your new user to - for our
example we will be working with the group that has already been defined
as BIAuthors.
As before the system displays just ten groups by default. You can change
the number of records displayed by clicking the Customize this
table link and making the necessary alterations.
2. Click the Users sub-tab above the tableand then select the new user's
name from the table displayed.
3. When the Settings screen reloads, click the Groups tab:

4. Select the desired Parent Group from the list on the left, then click the
blue arrow to add it to the Chosen column:

Click Save to apply the account changes.


The user will now need to log out of the OBIEE for the new permissions to apply.
Upon next login the new Application Role settings will have been added to the
account and the user will have access to additional functions as defined in
the BIAuthors application role. You can confirm the new permissions have been
applied by checking the My Account settings as detailed above

You might also like