Assigning Active Directory User to a particular Role in Oracle Enterprise Manager (EM) does not acquire the Application Role in the OBIEE 12c. This issue can happen when the user Display Name and the sAMAccountName are not the same.
In the Enterprise Manager, a user, Joe Doe, is added to a BIAdministrator Application Role. The user was located using the Display Name option. The Display Name for this user is Joe Doe and the sAMAccountName is jdoe.
When the user logs into OBIEE as jdoe, the user does not acquire the Application Role and an Access Prohibited message is displayed like the one below:
This is identified as Bug 22232288 : OBIEE12C UNABLE TO ASSIGN USERS TO APPROLES WITH SAMACCOUNTNAME IN EM USING MSAD
This issue is fixed in 18.104.22.168.0
For 22.214.171.124.0 and 126.96.36.199, apply Patch 22232288
An alternative workaround is to add a User to an Application Role in the EM using the Advanced Option approach.
- In the EM, Edit the Application Role, and click the Add button to display the Add Principal page.
- In the Add Principal page, select Search: Type = User, and the Advanced Option section will appear at the bottom of the page.
- In the Advanced Option section, check on the “Check to enter principal name here instead of searching from above… ” checkbox, and the Type, Principal Name, and Display Name fields will appear.
- Select Type = User, and enter the Principal Name of the User (for example, jdoe) and click OK. The User will be added as a Member of the Application Role with the correct Principal Name.
- Now you can try logging into OBIEE 12c with the user above and hopefully you should be able to access the dashboard.