Thursday, January 21, 2016

OBIEE 12.2.1 controlling VA - data visualization

With the release of OBIEE 12.2.1, we have a new component named Data Visualization (or Visual Analyzer - that what the VA in URL stands for). I will call it VA in this post.  Naturally we want to control who can use it, or disable it. Yet, the control is not at the expected place (Administration/Manage Privileges). By default it is assigned to BI Author Application role and is controlled by the Application policy oracle.bi.tech.visualanalyzer.generalAccess.

If all you want is to enable / disable it, there is a script and guidelines at blogs.oracle.com, by Amarpreet Nagra: How to Revoke/Grant Data Visualizations Permissions using WLST

Since that is covered, there is one more question: How to change the access to VA. In this post I will describe how to allow access to VA by BI Composer Role users. I'm not sure it's a good idea since VA is very much equivalent to BI Author.

Update: To control the VA I advise to follow the guidelines at Oracle support document 2102444.1: How To Remove Or Add Specific OBIEE 12c Data Visualization | Visual Analyzer Permissions and not the described bellow.




--------------------------------------------------------------




In Enterprise Manager, under biinstance / security we see the Application Policies and Roles (the same is available under WeblogicDomain - security).


In the list of policies, under BIContentAuthor we see the oracle.bi.tech.visualanalyzer.generalAccess policy.

Our task is to add that policy to BIConsumer Role. 
I Edit that role.
Press the plus sign of Add Permission.

Option1

Search in the third Permission Class (oracle.security.jps.ResourcePermission) for relevant Resource name, in the bellow example Resource Name that includes the string visual.


I select the oracle.bi.tech.visualanalyzer.generalAccess policy and press continue. In the next screen I mark all and press select.


Option 2

Absolutely equivalent is to search for Resource Type  oracle.bi.visualanalyzer.permission.

 


After I OK the change in Application Role. This is updated.
I had to restart the server for the change to work.


Accessing the VA with unprivileged users returns rather ugly Error 401- Unauthorized:
 After the change I could connect with BIConsumer user.


As BIConsumer Role I can open existing VA projects.
If I try to create a new one, I can't see the subject areas but capable of uploading new files as data source.  


4 comments: