BI Publisher report access denied for billing management after security upgrade

ERP Oracle JD Edwards
, , , , , , , ,
1

After applying the latest security patches to our JD Edwards 9.2.0 environment, users in the billing department are getting ‘Access Denied’ errors when trying to run BI Publisher reports. These are standard billing reports that worked fine before the upgrade.

The error appears when they click on any report in the BI Publisher catalog under the Billing Management folder. Same users can still access regular JDE forms and inquiries without issues. We’ve verified their user profiles haven’t changed and they’re still assigned to the BILLING_USER group.

Report security seems to have become stricter but we can’t figure out what changed. Is this related to BI Publisher report security settings or JDE row security rules? The reports need to filter billing data by business unit based on user assignments.

2

Have you checked the report-level security in BI Publisher? After certain patches, individual reports need explicit user group assignments even if the folder has permissions. Go to each report’s properties in BI Publisher Catalog Manager and verify the ‘Granted Users and Roles’ section includes BILLING_USER. Also check if the data model security was reset - the data model needs separate permissions from the report template.

3

I remember dealing with this exact issue after a 9.2.0 security update last year. The problem is usually a combination of factors. First, verify in Enterprise Server Manager that the BI Publisher server connection is using the correct JDE user credentials - sometimes patches reset this to a default account that lacks billing access. Second, check the BI Publisher security configuration file (xmlp-server-config.xml) for any changes to the security realm settings. The patch might have switched from JDE authentication to local BI Publisher authentication mode.

4

I’ll walk you through the complete solution covering all three security layers that control BI Publisher report access in JD Edwards.

BI Publisher Report Security Layer: The security patches likely reset report-level permissions. For each affected report in the Billing Management folder:

  1. Log into BI Publisher as administrator (typically JDE/JDE)
  2. Navigate to Catalog > Browse Catalog > Billing Management
  3. For each report, right-click and select ‘Edit’
  4. Go to the ‘Permissions’ tab
  5. Add BILLING_USER group with ‘Read’ and ‘Execute’ permissions
  6. Click ‘Apply’ then ‘OK’

Critically, you must also check the data model permissions separately:

  1. In the same folder, find the .xdm files (data models)
  2. Edit each data model’s permissions
  3. Grant BILLING_USER group ‘Read’ permission on data models
  4. Save changes

Without data model permissions, users get access denied even if they can see the report template.

Row Security Rule Setup: Even though P00950 shows no active rules, the security patch may have enabled row security validation by default. You need to explicitly grant access:

  1. Run Row Security Workbench (P00950)
  2. Create new row security entries for billing users
  3. Set Table Name: F4812 (Billing Detail Workfile)
  4. Set User/Role: *PUBLIC or BILLING_USER group
  5. Set Column: MCU (Business Unit)
  6. Set Value: * (all business units) or specific BU codes
  7. Set Operation: SELECT, INSERT, UPDATE based on needs
  8. Activate the rule

Repeat for related billing tables: F4801, F4802, F03B11. Row security now acts as a filter even for BI Publisher queries.

User Group Permissions in JDE: Verify the BILLING_USER security group has proper application security:

  1. Run User Overrides (P98OWSEC)
  2. Search for BILLING_USER group
  3. Verify Action Security includes:
    • *ALL authority for application P04312 (Billing Inquiry)
    • *ALL authority for application P91300 (BI Publisher Reports)
  4. Check Processing Options security for P91300
  5. Ensure ‘Report Folder Access’ includes ‘/Billing Management’

The security patch may have added granular processing option security that wasn’t enforced before. Users need explicit folder access in P91300’s processing options.

Additional Configuration Check: Verify the BI Publisher integration settings in JDE:

  1. Run BI Publisher Configuration (P95620)
  2. Check ‘Security Mode’ setting - should be ‘JDE Integrated’
  3. Verify ‘Default Report Role’ is set to allow execution
  4. Ensure ‘Enable Row Security’ checkbox matches your intended security model

If ‘Enable Row Security’ was turned on by the patch, that explains why row security suddenly matters even though you had no rules configured.

Testing Approach: After making these changes:

  1. Have users log out and back into JDE completely
  2. Clear BI Publisher cache: run ‘Clear BI Publisher Cache’ from Server Manager
  3. Test with one report first before rolling out to all users
  4. Check BI Publisher logs (xmlp-server.log) if issues persist

This three-layer security model (BI Publisher + Row Security + JDE Application Security) all needs proper alignment after security patches. The most commonly overlooked item is the separate data model permissions in BI Publisher - that’s usually the culprit when folder permissions look correct but reports still fail.

5

I checked the BI Publisher folder permissions and they look correct - BILLING_USER group has read and execute rights on the folder. Also looked at P00950 but there are no active row security rules for billing tables in our system. The error is definitely happening at the BI Publisher level before it even tries to query JDE data.