Shared services security and essbase security

Similar Messages

• EPM 11 - Issue with Shared Services Registration and DB configuration

  Hi,
  Im installing Oracle EPM 11.1.1...
  I have successfully installed Foundation Services and Essbase Server/Client...
  But I'm facing two issues...
  1. I couldnt able to register any products to the Shared Services except for Essbase Server
  I tried restarting the services (1) Hyperion Foundation OpenLDAP, (2) Hyperion Foundation Shared Services - Web Application in the same order...
  2. I couldnt able to configure Oracle 10.2.0.1.0 for Essbase Administration Services...
  It shows the below error...
  "com.hyperion.cis.config.CmsRegistrationUtil, ERROR, register operation failed in CMS:
  com.hyperion.interop.lib.OperationFailedException: Registeration failed: null.Registeration failed: null.
       at com.hyperion.interop.lib.helper.RegistrationHelper.register(Unknown Source)
       at com.hyperion.interop.lib.CMSClient.register(Unknown Source)
       at com.hyperion.cis.config.CmsRegistrationUtil.registerApplication(CmsRegistrationUtil.java:200)
       at com.hyperion.cis.config.wizard.RunAllTasksWizardAction.executeHubRegistrationTask(RunAllTasksWizardAction.java:427)
       at com.hyperion.cis.config.wizard.RunAllTasksWizardAction.execute(RunAllTasksWizardAction.java:212)
       at com.installshield.wizard.RunnableWizardBeanContext.run(Unknown Source)
  com.hyperion.cis.config.wizard.RunAllTasksWizardAction, ERROR, Error:
  java.lang.Exception: Registeration failed: null.Registeration failed: null.
       at com.hyperion.cis.config.CmsRegistrationUtil.registerApplication(CmsRegistrationUtil.java:212)"
  But I could use the same version of Oracle database successfully for Shared Services and Essbase Studio database configuration...
  Please help me to resolve this issue....
  Thanks & Regards,
  dmaze

  Hello!
  During your first configuration of the EPM System Fusion Edition, configure the two conponents first - COMMON SETTINGS and CONFIGURE DATABASE. Never configure other components together with these two (especially Workspace). After you have configured these two, then you can rerun the configuration utility and configure the components that you left out.
  Hope this helps.
  Cheers!

• Need to migrate Shared services users and groups from 9.3.1 to 11.1.2.2 ver

  Hi All,
  We need to migrate Shared services users and groups from 9.3.1 to 11.1.2.2 version. Any help would be appreciated. Can we use CSS import export utility?
  Thanks in advance!!

  Hi John, In my another environment I have to migrate the users and groups from Hyperion HSS 11.1.1.2 to Hyperion shared services 11.1.2.2. I am using LCM for that, when I export the users and gropus from 11.1.1.2, it exports fine but when i import it to my 11.1.2.2 using LCM, I am getting the below errors.
  Error when I try to import the groups:
  ErrorEPMIE-00051: Failed to perform operation on role. Could not locate role matching filter {0} and filter attribute {1}. Please ensure that a role exists matching the filter with filter attribute.
  EPMIE-00024: Failed to import all of the membership info for group test group. Invalid group members encountered. Please ensure the validity of members and its existence in their respective providers.
  Errors when i try to import the users:
  ErrorEPMIE-00051: Failed to perform operation on role. Could not locate role matching filter {0} and filter attribute {1}. Please ensure that a role exists matching the filter with filter attribute.
  EPMIE-00020: Failed to update user 04668162 during import. Invalid identity for user. Please ensure that the user is available in the system with the identity specified in the import file.
  Any idea?
  Thanks in advance.

• Even after set Mo:Security and HR:Security,user not able to restrict require Inventory Org.

  Hi All,
  Even after set Mo:Security and HR:Security,user not able to restrict require Inventory Org.
  Both the profile option have set at responsibility level.
  Reagrds,
  Sandesh

  2785222 wrote:
  Hi All,
  Even after set Mo:Security and HR:Security,user not able to restrict require Inventory Org.
  Both the profile option have set at responsibility level.
  Reagrds,
  Sandesh
  Hi Sandesh,
  First note that HR:Security Is for HRMS module for restricting data for respective OUs
  MO:Security is for other Modules such as Inv, PO, AR, AP etc., for restricting data
  Change the inventory Org to the one you want and then query data...
  Hope it helps.
  Regards,
  Shahzad.H.Magsi

• Flash causes "page contains secure and non-secure..."

  Hi All,
  I have a flash menu on my web store .php pages and am getting
  a "this page contains secure and non-secure items..." in IE7 in
  Vista. I think this is because of the Flash menus, but thought I
  had taken care of this by making the codebase embedding to
  "https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0"
  Any suggestions on how to deal with this?
  Thanks, Scott

  Thanks so much ShadowKnyte for the reply. Turns out it wasn't
  the Flash menu, after all, as it did have the embedding links set
  to https. In fact, it was my Google analytics call at the end of
  the page. It needed to be changed to:
  <script src="https://ssl.google-analytics.com/urchin.js"
  type="text/javascript"></script>
  In case that helps anyone else out.
  Cheers, Scott

• Clarification regarding Shared services and essbase security

  Hi,
  Sorry for the silly doubt. We have shared services to manage security, essbase v 9
  1. to assign calc access for users, do i assign calc scripts under databases in group security and assign users to groups in shared services or do it via access control in shared services?
  2. If in shared services i havent given calc access but in eas user belongs to a group with that particular calc script access, which would take precedence?
  Regards,
  N shah

  In shared services, when i click on a particular application under the essbase server under the projects folder, there are cases where there are no users or groups under the 'available users and groups'. Why is this so? groups and users are supposed to be there.
  Also, in a different application, i saw one available user. however when i try to provide calc access. its not changing anything. I select the calc script and then click the check mark. however nothing changes. The calc access for the user is specified as none. When i login to excel with the same user id, i can see all the calc scripts available for the user. Where are the details being picked up from.??
  Edited by: 862089 on Jul 13, 2011 9:55 PM

• OBIEE and Essbase security pass through

  Hi All,
  I'm using Essbase as a data source for OBIEE. Right now I'm trying to use Hyperion security to pass through OBIEE. I've setup OBIEE to use Hyperion Shared Services as custom authenticator and Hyperion users can log in. However, I'm having problem passing through the users to Essbase. I've changed the Essbase connection pool to use :USER and :PASSWORD. When I tried to check for global consistency, I'm getting the following error
  [38098] The password in the Connection Pool '"server"."Connection Pool"', associated with the Repository Initialization Block '"SUB_VAR_BLOCK_server"', contains the use of :USER or :PASSWORD.
  When I tried to open any existing Essbase reports from OBIEE, I'm getting this error (as expected)
  State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. Essbase Error: Login fails due to invalid login credentials (HY000)
  Any ideas on how to get around this issue? Thanks
  Regards,
  Gerd

  Hi Gerd,
  Could you please explain in detail how you have setup OBIEE to use Hyperion Shared Services as custom authenticator so that Hyperion users can log into OBIEE?
  Please provide the steps and custom authenticator function?
  we would need to implement it fromm scratch. So, your help will be greatful.

• Shared Services access to Essbase cubes

  I'm having several problems with user access to Essbase (non-Planning) cubes. The first problem is that I have granted Read access to the users (using a group) to these Essbase cubes in Shared Services. The security has been refreshed, and if you view the properties of any of the databases to which I've granted access, it shows that the group has read access. However, the users do not see these applications in Smart View Data Source Manager. Does anyone know why they are not showing up in Smart View? Using my own id, I added all of these applications to the pre-defined view, and if the users use the pre-defined view, they can see the databases, but if they try to connect it says they don't have access.
  The second issue is that only the Essbase cubes that existed at the time that we upgraded to version 11 are showing up in Shared Services. We have since created several more cubes, but I am unable to get them to show up in Shared Services. What am I missing? Shared Services Help is not particularly helpful in either of these instances.
  Thanks,
  Sabrina
  P.S. Just venting, but I hate Shared Services.

  John,
  I have two problems with your suggestion. The first is that when I go to the "Assign Access Control" page, I can't select users/groups, but can only select users. I could do each user separately, I suppose, but doesn't that sort of defeat the purpose of having groups? I'm on version 11 - do you know of any reason why I can't choose groups at this point?
  My second problem is that I can't set them as essbase/planning users, if by that you mean there should be a choice that is both. I can do either one, but not both together. They are currently set to Planning. Will it mess anything up with their Planning access if I set them to Essbase?
  Thanks,
  Sabrina

• What are the steps are Shared services backup and schema back

  Hi
  I am new in Hyperion .. can anybody tell me what are the steps are in the shared services back up and schema back up ...
  Regards
  Praetorian

  If it is fora a demo i would advise you to extract all the files (metadata, Rule, Security, Data forms, Grids, ICP reports, Data etc) so that this can be restored on any machine from which you wish to give demo.
  If you which to take database backup it will take backup of all the HFM applications in that server. And when you restore the backup it will refresh all the applications which might result in changes to other applications which you may not want.
  For taking backup of database/schema go to the udl file and identify the schema for which you wish to take backup.
  Then type the command to take DB backup.
  Kindly mark the post helpful if you find so.
  Varun
  Edited by: Varun Kaushal on Apr 24, 2010 9:37 AM

• Secure and non-secure access to the web application in one war

  Say we have one web application (in one war) which includes JSP, servlets and the security intercepter. There is one business requirement to have most of the JSP(s) accessed via HTTPS, but a few JSP(S) accessed via HTTP.
  My questions are:
  a. Is this possible, or a reasonable requirement or a good practice?
  b. if yes, what can we do to make it happen in the security intercepter implementation?
  c. If not, what is the technical reasons?
  Thanks much.

  a) Yes its is reasonable and good practive, there is an overhead using https, so you should only encrypt file you need to. When you use an online store, only account details / payments are https, the shop itself is http
  b) I dont really understand your difficulty. You can define a folder as 'secure' and put all your secure pages in this folder, leaving non secure files in a different folder. Whenever a page in the secure folder is accessed, https is automatically invoked.

• CSSimport.bat error: while migrating the Shared Services groups and users

  Hi,
  I am trying to migrate the shared services native users and group from 9.3.1(on server A) to 11.1.1.3(on server B)
  - I have taken the export in CSV format from 9.3.1 using CSSexport.bat.(export.csv) -Successful.
  - I have copied this on the 11.1.1.3 server and changed lil details like removing the admin user etc.
  - When I am trying the import this on 11.1.1.3, I am getting the below error:
  CSSimport importexport.properties2010-10-11 09:36:41,328 Attempting a import operation
  log4j:WARN No appenders could be found for logger (com.hyperion.css.common.CSSLogger).
  log4j:WARN Please initialize the log4j system properly.
  null
  Aborting program...
  - There are not log or error files geting generated - The only error recieved , is given above.
  - I have made the necessary changes to the impotexport.properties file on 11.1.1.3 before starting the CSSimport utility.
  Can you please let meknow what should I do to overcome this error.
  -thanks,
  Ankit

  First thing I would try would be on the 11.1.1.3, try and run an export, if it works then run the import on the same file, this way you will make sure you have the version 11 utility working.
  Once you have done that then you can move on to the 9.3.1 export file.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Ajax Login both secure and non secure url

  Does anyone know if there is a way to use ajax to log a user in for both the non secure and secure url. Normally if you're submitting a log in form over the secure url with the non secure url in the referrer parameter it will log you in on both domains but not via ajax. Anyone have a good work around?

  Here’s the code I’ve used…
  {% if Settings.Site_Live -%}
  {% assign redirectHTTP = "" -%}
  {% assign redirectDOMAIN = Settings.Site_URL -%}
  {% assign redirectEXTEND = "" -%}
  {% else -%}
  {% assign redirectHTTP = "http%3a%2f%2f" -%}
  {% assign redirectDOMAIN = Settings.System_Name -%}
  {% assign redirectEXTEND = ".fueldesign.co.nz" -%}
  {% endif -%}
  {% capture redirectURL -%}{{redirectHTTP}}{{redirectDOMAIN}}{{redirectEXTEND}}{% endcapture -%}
  <form class="form--box escapeWorldSecureSystems" method="post" action="https://{{Settings.System_Name}}.worldsecuresystems.com/ZoneProcess.aspx?ZoneID=51&amp;Referrer={{ redirectURL}}&amp;OID=&amp;OTYPE=" data-parsley-validate>
  Note: I have a Settings collection that has a lot of data from a Settings web app that controls a lot of settings for the website, such as “Site_Live” checkbox etc. this allows my sign-ins to be generic and editable site to site.
  And here’s the development URL where I’m working on this. (don’t just my site during development stage lol)
  http://astrolift.fueldesign.co.nz/ <http://astrolift.fueldesign.co.nz/>
  username: dev
  password: dev123
  Hopt this gives you some inspiration.
  Let us know if you get the ajax working.
  Cheers guys

• Shared Services Registry and common settings (foundation)

  Hi Experts,
  I am trying to open shared serices regisry but surprisngly it is not available under start>programes>Foundation services>epmsystem (only digonostics is showing).
  Q1) Does we need to enable it from somewhere?
  Q2) if i make some changes under foundation> common settings> (mail conf) etc using config utility; does it require to make changes at all servers in distributed environment.
  Version 11.1.2
  Regards
  Kumar

  Q1 - I am not sure what you are looking for, the shared services registry is accessible through Shared Services web or http://download.oracle.com/docs/cd/E17236_01/epm.1112/epm_install_11121/apgs02s01.html
  Q2 - Probably worth restarting foundation if you make changes even though it should pick them up as they are just stored in the relational databse.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Planning and Essbase Security Issue

  Hi, we just upgraded to 11.1.2 and have been noticing occasional loss of security on LDAP groups. Hyperion SS refreshes the LDAP groups from LDAP periodically and the Workspace/Planning/Essbase servers refresh cache from SS. However, some times, these cache refreshes fail leaving users without any access. We have been working with Oracle to find a resolution, however, haven't had much of a luck so far.
  Just wanted to check if anyone has faced and resolved such an issue. 
  Thank you

  Hi,
  Could you please explain more on "Hyperion SS refreshes the LDAP groups from LDAP periodically and the Workspace/Planning/Essbase servers refresh cache from SS" what kind of refresh is it and what does it provide and what does cache refresh mean from SS?
  Am a beginner but still will try suggesting if you explain things.
  Thanks
  Amith

• Problem with automatic logout between secure and non-secure urls

  On my business catalyst page the user login page is located on a non secure url (our site's domain and not worldsecuresystems). When a user is logged in and then views a page on a secure url (i.e. a page to purchase a subscription to a secure zone) it does not retain their login cookie and it appears they have been logged out. This also creates a problem where I cannot pre populate the secure zone purchase form with a user's information based on their account details. Is there a way to retain have both domains recognize the user is logged in to allow the user to freely pass between these domains without having to login twice? I was considering putting the login page on the secure domain and using relative urls for all my links but for some reason some of my pages appear corrupt when viewed on the worldsecuresystems domain so I'd like to avoid this method. Any help would be appreciated.

  Make sure the referrer paramter is correctly set on the form.
  This is the default BC action. But remember the {module_siteurl} will return the host they are currently on. So if this is used on a secure page you'll need to use {module_sitehost} instead
  action="{module_secureurl}/ZoneProcess.aspx?ZoneID=-1&amp;Referrer={module_siteUrl,true,true}&amp;OID={module_oid}&amp;OTYPE={module_otype}">