OBIEE 10g – Changing Administrator Passwords – Impact on BI Scheduler and BI Publisher | The Big Data - Business Intelligence by Sandeep Venu

Enter key word

OBIEE 10g – Changing Administrator Passwords – Impact on BI Scheduler and BI Publisher

Oracle BI EE – Changing Administrator Passwords – Impact on BI Scheduler and BI Publisher – Understanding Impersonation

Another common question that keeps circulating in the mailing lists is “How do we ensure that changing Administrator password in BI Server does not impact BI Scheduler or BI Publisher?”. In order to answer this question we need to first understand how the integration between BI Scheduler and BI Server, and BI Publisher and BI Server works. Lets first start with BI Scheduler and BI Server. As you would probably know, BI Server repository contains all the users. Whenever we configure BI Scheduler, we would have to create a BI Scheduler administrator user, by running the cryptotools utility. This user (should be an user within the repository who is part of the Administrators group) details like username and password would be stored in the credentialstore.xml file. So, whenever any user logs into delivers and tries creating a schedule, then BI scheduler uses the user details stored inside the credentialstore.xml file to authenticate/impersonate into the BI Server. Once authenticated by the impersonation user, then the corresponding logging in user’s privilege details are returned back from the BI Server. This is explained in the below diagram
Now, what would happen when we change the Administrator user password in the repository? When we change the Administrator user password in the repository, the crendialstore.xml file would still contain the older password. Hence, whenever any user tries to run a schedule using the BI Scheduler, he would not be able to do so since BI Scheduler will still be using the older password of the Administrator user. So, in order to keep both the passwords in sync one would have to run the cryptotools utility again with the new password as sepecified in the repository.
The integration between BI Server and BI Publisher also works using the same logic. But the general confusion is why do we have to run the cryptotools? By default when we install BI EE, the cryptotools utility would automatically be run for the Administrator user for BI Publisher. But this is not the case for BI Scheduler. Hence, we would have to manually run the cryptotools for scheduler to bring it up.
As shown, whenever the password for the Administrator user alone is changed, then and only then should the cryptotools be run again. For all other users, there is no need for running the cryptotools. For example, lets try changing the password for Administrator in the repository to say “welcome1″. Once that is done, we need to run the cryptotools twice. One for the admin role (used by Bi Scheduler) and the other for the bipublisheradmin role (used by BI Publisher). Run the cryptotools with the new password.
cryptotools credstore -add -infile D:\oracle\OracleBIData\web\config\credentialstore.xml
Also, open up the Job Manager and update the Administrator Password there.
Similarly, run it for BI Publisher using the bipublisheradmin alias.
The next step is to go to {OracleBI}\xmlp\XMLP\Admin\Configuration and open up the xmlp-server-config.xml. Update the Administrator passwords here.
<?xml version=”1.0″ encoding=”UTF-8″?>
<xmlpConfig xmlns=”<a href=””></a>”>
<property name=”SAW_SERVER” value=”vejanaki-lap”/>
<property name=”SAW_SESSION_TIMEOUT” value=”90″/>
<property name=”DEBUG_LEVEL” value=”exception”/>
<property name=”SAW_PORT” value=”9704″/>
<property name=”SAW_PASSWORD” value=”welcome1″/>
<property name=”SAW_PROTOCOL” value=”http”/>
<property name=”SAW_VERSION” value=”v4″/>
<property name=”SAW_USERNAME” value=”Administrator”/>
<property name=”SAW_URL_SUFFIX” value=”analytics/saw.dll”/>
<property name=”SECURITY_MODEL” value=”BI_SERVER”/>
<property name=”BI_SERVER_SECURITY_DRIVER” value=””/>
<property name=”BI_SERVER_SECURITY_URL” value=”jdbc:oraclebi://vejanaki-lap:9703/”/>
<property name=”BI_SERVER_SECURITY_ADMIN_USERNAME” value=”Administrator”/>
<property name=”BI_SERVER_SECURITY_ADMIN_PASSWORD” value=”welcome1″/>
Then restart Presentation Services, BI Scheduler Service and OC4J. This would sync up all the passwords.

About Sandeep Venu

    Blogger Comment
    Facebook Comment


Dina mav said...

Thanks a lot!That was really helpful!

Top Links

Upgrading BI Publisher

Add Google Search


Change Admin Password

Best Practices


Host Files



Bug Fixes

Setting Default

OBIEE Installation failed

OBIEE Installation

Oracle Databse

Oracle In Linux

Loopback Adapter

Weblogic Failed

Yum Commands

Weblogic Admin

Linux Static IP


Admin Paswword


Weblogic Starting Error

Localizing BI

Physical Schemas

Multimedia Dashboard

Video in OBIEE

Variables in OBIEE

Ago 30 Days

Email Link

ODI Installation

AGO Function

Sort Pivote table


Reset Sys password

Date Calculation

Add Row in Report

Increase Row limit

OBIEE with Essbase

Reset Weblogic

BIP Login Error

MDS and BI Platform

ORA 28001 Error

ORA 12560 TNS Protocal Error

ORA 12154 TNS Error


Pre Requsite

AIX Commands