What is ‘BISystemUser’
OBIEE System User ‘BISystemUser’
“BISystemUser” is an internal OBIEE system user used as an inter-bi-component communication user, this could also be used when Impersonation is used. This is referenced by an Authenticator (usually Default Authenticator unless changed to different providers like Active Directory or other directory).
Impact on Deleting ‘BISystemUser’
When deleting the ‘BISystemUser’, when default access configuration, OBIEE System will no longer allow any user to login.
Deleting the user causes the system to close down on allowing any connections into the Presentation layer; any user trying to login will be thrown authentication error (“An invalid Username or Password was entered.”).
Step by Step
Weblogic ‘BISystem’ Role Check
- Login to weblogic: http://host:port/em
- Go to Business Intelligence->coreapplication->Security->Single Sign On ->Application Policies and Roles -> Configure and Manage Application Roles
- Select the ‘BISystem’ role from list and check on the Membership section if the ‘BISystemUser’ is still there
- if user is not found in there will need to add it after its re-creation
Weblogic User Check
- Go to Oracle Weblogic Server Security Provider for User Management page (you will need to login again)
- Check in the table for ‘BISystemUser’ user
- If user does not exist go to Recreating User step
- Create new user by clicking new
- Useful tips:
- Make sure Name for the user is exactly ‘BISystemUser’
- For best practice make sure you fill in a meaningful description – to ensure user is not deleted again by mistake (eg. System user, internal OBIEE use)
- Keep in mind password for the ‘‘system.user” Password Check & Change step
‘system.user’ Password Check & Change
- Go to WebLogic Domain->bifoundation_domain->(right click)->Security -> Credentials
- In here, edit the ‘system.user’ and update password to match the one for the re-created user
Delete Cached Credentials
Within the operation system, we need to delete the cached credential files, to make sure our changes are applied.
File name is (there will be 2 files, a cacheduserinfo and a cacheduserinfo.atr – both need to be deleted)
- For Linux OS (make sure you have read/write rights on the oracle files – best use root rights):
- go to root folder (or oracle home): cd / (cd oracle home path)
- search files: find -name cacheduserinfo – this will list up files cacheduserinfo for all user, so you will need to select the path for the bisystemuser (will be something like this ./u01/oracle/mw/i…../root/users/bisystemuser/_prefs/cacheduserinfo)
- delete files: rm path/filename
- confirm delete: Y
- For Windows OS:
- search for files: cacheduserinfo and atr and delete them
(Command line for search: dir cacheduserinfo .* /s – make sure you are searching within oracle home directory. To get there use: cd path)
Finish and Test
In order for changes to be applied, we need to restart the BI server components for system to reload new permissions, configured.
- in weblogic go to Business Intelligence->coreapplication->Overview
- restart all
That’s all. Please test your work now!
Note: Please note this tests were done on OBIEE 188.8.131.52.1.