Fusion Middelware - Application Role

Card Puncher Data Processing

Fusion Middelware - Application Role


Fusion Middelware Application uses a role-based access control model. Security is defined in terms of Application Roles that are mapped to directory server groups and users.

The mapping is done in the application role definition.

Example of mapping between Directory Server Group/User and OBIEE Application Role:

Directory Server Group and User Application Role Name Application Role and User Permission
User1, User2, User 3 BIConsumer access reports
User4, User5 BIAuthor create reports
User6, User7 BIAdministrator manage repositories

An Application role can contain:

  • other application roles,
  • groups,
  • or individual users.

The application role data are stored in the policy store.


Web Interface

Weblogic Em Application Role

Obiee11g Application Role


  • The application roles in the policy store are retrieved by the application (for instance Oracle BI Server) when it starts.

Xml Policy Store

Extract from the XML file that stores the policy store

<?xml version='1.0' encoding='utf-8'?>
            <application locale="en_US">
                <!-- The application stripe -->
                <!-- The application roles -->
                        <display-name>BI System Role</display-name>
                            <!-- The members -->

The application's principal and role classes are Oracle Platform Security Services class names.

Wlst Scripting

With OPSS script





In OBIEE, you can see the Application role with the role system session variables.


Documentation / Reference

Discover More
Weblogic Application Stripe
Fusion Middelware - Policy store

The Policy Store is a repository ofsystem and application-specific policies and roles. The policy store provider provides access (and contains) to: Application Roles (to create functional group) ...
Obiee Upgrade Id Id
OBIEE - Void (Id)

The VoidID (id) is an repository object identifier. It is used in situations where the object type can be used to achieve better performance than the uid. The id is a structure that contains two...
Obi Edition
OBIEE - Privilege package

A privilege package is a container for other privileges. It corresponds to a set of permissions that applies to a particular user or application role object in the repository metadata. The privilege...
Obiee11g System Session Variable
OBIEE - System session variables (reserved variables)

System session variables are session variables that the Oracle BI Server and Oracle BI Presentation Services use for specific purposes. System session variables have reserved names, that cannot be used...
Obi Edition
OBIEE 10G/11G - (Group|Security Role|Application Role)

Application role are also called: Group (10g) Security role. In 10g, they were managed by the BI Server but in 11g, they are managed by Weblogic (Application role). These are used by both the Oracle...
Obiee 11g Bisqlprovider Schema
OBIEE 11G - BISQLProvider

A authentication provider called BISQLGroupProvider that provide the groups through database look-up. This group can then be linked to application role. The database just stores the groups to be associated...
Obiee Bisystemuser Credential
OBIEE 11G - BISystemUser

BISystem User is an internal administrator user created during installation in the Weblogic LDAP store for trusted communication between components. The password is created at random. It owns the Oracle...
Obiee11g Security Overview
OBIEE 11G - Security

Oracle Business Intelligence uses a role-based access control model.Security is defined in terms of Application Roles that are mapped to directory server groups and users. To define a complete security...

Share this page:
Follow us:
Task Runner