Oracle BI Scheduler Error: [nQSError: 68019] Authentication Failed
October 27, 2008
OBIEE and enterprise architecture.
November 17, 2008

While auditing our OBIEE security model We’ve stumbled into behavior that we think is a bug. If it’s not, then I hope it’s a feature that would be removed in the future. Here’s a description of how we get this particular Presentation services behavior:

1. Summary – Our goal is to be able to add new users in RPD in online mode, assign them to their respective repository security groups ( based on data-level and row-level security), and during their first login  have them automatically assigned to one of 2 appopriate Presentation catalog group (that is used for presentation security, such as prohibiting overwriting of shared reports). We use OS authentication model with Impersonator (OBIEE picks up and strips users’ OS username). However, the problem doesn’t seem to be SSO-related or OS-related.

These’re steps to reproduce:

a) create new user “test_user1″ in RPD “Business Intelligence” group (for Presentation group “Business Intelligence”). Check-in RPD and save it.

b)  login with the “test_user1″ first time to OBIEE

c) go to My Account. You can clearly see that “test_user1″ is a member of Presentation group “Business Intelligence” (which is good for us and correct at the same time)

d) log-out. close browser. clean cookies. log-in as an administrator (member of Presentation Services Admin). Go to Settings –> “Oracle BI Presentation Services Administration”–>”Manage Presentation Catalog Groups and Users”
Select Edit for the “Business Intelligence” group

as you can see – “test_user1″ isn’t there

e) If we click on “Add New Member”-> “Show Users and Groups” – there’ll be a red-stop symbol (padlock image)

We’ve filed an SR with Oracle Support, and still waiting for an answer. I personally think that in future OBIEE releases – the Presentation Services should be tied closer with BI server – maybe going as far as consolidating those 2 modules.

And have a nice work week!

4 Comments

  1. Pravin says:

    Is the issue resolved, i am facing the same issue, i am trying to reset password for BI user.

    thanks
    Pravin

  2. Andriy Yakushyn says:

    Pravin,
    I’m sure a work-around was found. It was such a long time ago. I think I re-created all groups , restarted everything. Now it seems to be working fine. I think the problem was that after creating groups, BI needed to be restarted.

  3. Ritesh says:

    Hi Andriy,

    Even I am facing the same issue. Can you please provide more detail on the work around?

    Do you mean here that you created the groups after you created user and bounced everything.

    Appreciate if you can fill in the work around in your reproducible steps. I mean when to do what.

    Thanks for the help.

  4. Andriy Yakushyn says:

    Ritesh ,
    It was confirmed that even though this strange OBIEE behavior took place, the security model worked fine and did what it was supposed to do. Users become member of the group, but in a hidden process, so you would have difficulty managing them on the Webcat level.
    I suggest that:
    1) A new group is created in Webcat first (name test1).
    2) RPD Group should be created with the same name (test1).
    3) Restart both services (BI Server and Presentation Services)
    4) Add a new user and add it to the test1 group in RPD.
    5) First time that user logs in, he should have all privileges that group test1 allows for

    Good luck

Leave a Reply