OBIEE 10G/11G - (Group|Security Role|Application Role)


Application role are also called:

  • Group (10g)
  • Security role.

In 10g, they were managed by the BI Server but in 11g, they are managed by Weblogic (Application role).

These are used by both the Oracle BI Server and Oracle BI Presentation Services.

Mapping Example

In 11g, Security is defined in terms of Application Roles that are mapped to directory server groups and users.

The mapping is done in the application role definition.

Example of mapping between Directory Server Group/User and OBIEE Application Role:

Directory Server Group and User Application Role Name Application Role and User Permission
User1, User2, User 3 BIConsumer access reports
User4, User5 BIAuthor create reports
User6, User7 BIAdministrator manage repositories


  • Groups (10g) are stored in the GROUP variable. This is a group repository variable that contains the groups to which the user belongs.
  • Application Roles (11g) are stored in the roles variable.

Naming Convention

The Oracle BI Presentation Services Administrator needs to make sure that the names of Presentation Services groups are different from any user IDs that will be used to log on to Oracle BI Presentation Services. If a user and a Presentation Services group share the same name, the user will receive an Invalid Account message when attempting to log on to Oracle BI Presentation Services.

Powered by ComboStrap