Shared services security- Is this even possible?
I want to know if the following is possible using shared services security:
I want to set up an MSAD group that will have say 50 sub groups.
I will define this super group as an external directory in SS.
I will then assign security (both roles and filters) to each of the 50 sub groups.
There will be no groups or users in the native directory.
Based on user needs, the MSAD team will move users from one subgroup to another without logging into Shared Services.
My expectation is when they move the users from one subgroup to another, the user will have the security of the group they were moved to.
Is it possible to set up security this way in shared services? I have been experimenting and having a miserable time getting it to work. So just wanted to know if I am doing something wrong or just wasting my time.
I think this will work, but note that you are not really using SS inherited security.
What you might do is something like this:
MasterGroup <--Assign provisioning here
|_Subgroup1 <--Assign filter
|_Subgroup2 <--Assign yet another filter
|_Etc.
With the above layout you define provisioning roles once at the topmost group (MasterGroup) and then assign unique security at the subgroups. The users are in the subgroups and their usernames will go to their ids (which will have no provisioning), then their immediate group (ditto), and then the parent group (which will).
What you have defined for security (as opposed to provisioning) sounds good to me although I have never tried to do this with MSAD groups. I don't see a reason for it not to work.
Regards,
Cameron Lackpour
Similar Messages
-
How can Manage Permissions for DB in Shared Services Security Mode
In shared services security mode, after provisioning users for Essbase applications, only can assign database calculation and filter access. How can I grant permissions "Access Databases" like in native mode?
Essbase will be default be in shared services security mode in 11.1.2, the wizard will not migrate security when in this mode.
It is possible to revert it back but if you don't know the process then it is worth looking at alternatives first.
You could use LCM to export the provisioning and then import into your target environment.
Cheers
John
http://john-goodwin.blogspot.com/ -
Auto Logoff while in Shared Services Security Mode
Pretty simple question but I still haven't found the answer.
My client's essbase server is set up in Shared Services Security Mode, so now the auto logoff options for the server don't apply. Is there a way to set this via shared services? Or is there some other means perhaps?
Thanks for your time.Essbase will be default be in shared services security mode in 11.1.2, the wizard will not migrate security when in this mode.
It is possible to revert it back but if you don't know the process then it is worth looking at alternatives first.
You could use LCM to export the provisioning and then import into your target environment.
Cheers
John
http://john-goodwin.blogspot.com/ -
Shared Services Security during LCM migration in 11.1.2.1
I am migrating a Planning app from 1 environment to another.
I vaguely remember ( from some presentation) that once I export Shared service security I need to modify the file to reflect the correct Essbase server name and than import the Shared service security file.
Is this a mandatory step ? If yes which file should I modify ? Is it just listing.xml or any other file as well ?If you run an export of provisioning then for essbase you should by default see something like "EssbaseCluster-1", if your target environment is configured in the same way it should also be "EssbaseCluster-1" and you will not need to edit any files.
If you don't start marking your posts I am not going to reply to any of your questions in future, hopefully everybody else will take that stance seeing as you have so many unresolved questions.
Cheers
John
http://john-goodwin.blogspot.com/ -
Shared Services Security Migration
Hi All,
I need to migrate Shared Services Security from one server to another server(applications already migrated).
Can you please let me know if we copy essbase.sec file will it work, or any other process we need to follow.
Thanks,
PinkyDear Pinky,
As John just mentioned - it depends a bit on the version that you use as well (11.1.2 is different from 11.1.1.3.x is different from 9.x)
but you may find useful information in these guides:
http://download.oracle.com/docs/cd/E12825_01/epm.111/epm_security.pdf
http://download.oracle.com/docs/cd/E12825_01/epm.111/epm_backup_recovery.pdf
The CSSImportExport utiity is documented within its own zip folder on your installation of HSS (if you are using version 11.1.1.x)
Basically you can think of the process as a backup and restore on a different machine.
The complete list of steps is way too detailed and complex and touches too many sensitive areas to handle it in a thread here.
(especially as I do not know the versions of HSS/Essbase, the OS or the scope of this migration)
best regards
Torben -
How is this even possible? Folders out of sync. Backlog command says in sync.
Two 2008 R2 servers. Been running DFS-R for about a year now. Generally no problems.
If I run the DFSRdiag backlog command on either server, for one particular folder, it says there is no backlog. The only problem with that is; on one server there are 11 files in that folder, on the other server, in the same folder, there are
15 files. How is this even possible!Hi,
Please check if DFS Replication filter some special file from replication. For more detailed information, please refer to the article below:
Exclude files or subfolders from replication
http://technet.microsoft.com/en-us/library/cc758048(v=ws.10).aspx
If the issue still exists, please create a Diagnostic Report to see if there is any error message.
Create a Diagnostic Report for DFS Replication
http://technet.microsoft.com/en-us/library/cc754227.aspx
Best Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Is This Even Possible? eDirectory syncing passwords with external RADIUS servers.
We are currently have a solution that allows us to use a campus RADIUS
server as the authentication mechanism for accessing the Internet. We want
to integrate this so users can authenticate with their campus IDs but gain
access to the Novell server (home directory and printing) using the same
information.
Is this even possible?
So, essentially, we would like the external RADIUS' user/password data to
be synced with the eDirectory data, but have the eDirectory receive updates
from the RADIUS (or LDAP, Kerberos or whatever system is necessary). Or is
an all-Novell solution the only possible way to use RADIUS authentication?
Any input would be greatly appreciated.
-=BryanHi Bryan,
As jim said, you can use idm to do this, but another option for you
might be to use somthing like freeradius and point it back to
edirectory as its authentication source.
Cheers,
Steve
On Thu, 23 Feb 2006 15:50:11 GMT, [email protected] wrote:
>Michael,
>
>Thanks for the info. I really wasn't sure where to post this question. I
>really wasn't sure if I needed to be using Novell's RADIUS server or not to
>do this. Reading the online docs didn't really help me to know which
>solution or solutions to choose.
>
>-=Bryan
>
>> [email protected] wrote:
>>
>> > Is this even possible?
>> >
>> > So, essentially, we would like the external RADIUS' user/password data to
>> > be synced with the eDirectory data, but have the eDirectory receive updates
>> > from the RADIUS (or LDAP, Kerberos or whatever system is necessary). Or is
>> > an all-Novell solution the only possible way to use RADIUS authentication?
>>
>> What you want should be possible with Novell Identity Manager (formerly
>> DirXML) product. This particular forum is for help with the NetWare
>> Radius server, which would not factor into what you are trying to
>> accomplish... you have a non-Novell Radius server that you want to sync
>> eDirectory information with, and that is the realm of identity manager.
>>
>> As to the "hows", you might as in the nsure-identity-manager group here.
>>
>> --
>> Jim
>> NSC SYsop -
I would like to share my photo's titles and descriptions in the photo streams into which I place these carefully labeled photos. I do this so clients can see the names of the things they're swiping through. Is this even possible?
No. Send a feature request to Apple via http://www.apple.com/feedback/iphoto.html.
OT -
I'm no lab geek but I thought I had a 1st gen IPad. Was having difficulty downloading. Went out bought a new ipad3. Took my gen 1 to Apple store and it's running IOS7. Is this even possible???
http://en.wikipedia.org/wiki/IPad
Dope, I deleted link as I pressed add reply. -
Shared services security and essbase security
recently upgraded to sys 9 and now use shared services 931
we used to have security at essbase level previously and now its all Shared services..
now i have so many concerns
Can we automate the security just like I used to automate in essbase earlier...
or can we automate secuirty in essbase and them sync it to Shared services??
I know that we change security settings in SS and then sync it to essbase but is the other way around possible???
IF yes HOW?
IF NOT - can we automate SS security which reflects to essbase...
I have to go through the prod doc and I'll do that very soon but any suggestion on this would really help me out..
Thanks in advanceHi,
can you please write more about which products and version are you using and on which operating system name and version.
Why do you use Shared Services? Are you using only Essbase server or any other server? If you use only Essbase server there is probably no need of using Shared Services.
If you need only Essbase you can see my info about installing Essbase without Shared Services: hyperion essbase installation
Please provide more info, so that we on forum can help you.
Regards,
Grofaty -
Shared Services Security Issue with Financial Reporting - 11.1.1.3
Hi,
So we have some users that are provisioned in some groups. Those groups have Essbase Server Access and Planner access to an application. That access is working great. They have access to the app and they have access via Smartview to the cube.
Now we need them to be able to see all the Financial Reports (FR) created for that application. There are so many provisioning choices under 'Reporting and Analysis', that I'm not sure how to get this done correctly. Right now we have to assign 'Viewer' access and 'Explorer' access under 'Content Manager' tree in order for this to happen. I just think this seems wrong. We just need the user to be able to run and view a report from Workspace.
Any help is appreciated as this is a very green area for me.Hi,
You will need both Viewer and Explorer access for users to run reports.
the reason is that without the Explorer, users will not be able to see any reports or the explorer in Workspace.
Without Viewer, users will not be able to view/open any of the reports. You also have to give report access to users anyway related to the groups.
You can see anll information about different security roles for Reporting and Analysis in the shared Services admin guide.
The documentation is the best place to start for any information needed and confirming what fulfills your needs.
Cheers
RS -
Shared Services Security information not updating in Essbase
Hi,
I have created few users in Shared Services and performed the sync operation. Created users are not reflecting in Essbase server. why?
Also tried by externalizing the users... performed sync from shared services and refreshed the shared security from EAS console...then also... user information not updating in Essbase?
What could be the reason?Have you provided Essbase application access rights to those users in shared services?
If not, then try after providing Essbase access to users. This might be the reason for your issue.
Regards,
NitinGupta -
Hi
I have standalone essbase in 6.5 where users plan their forecasting and budgeting through front end excel vb6 macros
now they want to upgrade to 11.1.2 since the security in the front end application is through a NTID where orcl triggers a common password to log into
essbase which matches the same password in essbase.
severity is when we upgrade to 11.1.2 how does this work as shared services are to be maintained
and how does shared sevrices talk to the front end vb macros ?
any suggestion would be really appreciated.If you are moving to 11.1.2 then it is probably worth moving to Smart View as the excel add-in is pretty much at the end of its life and soon to be retired.
You can configure shared services to add in an external directory such as Microsoft active directory, then the AD users/groups will be available in Shared Services and you can provision them against the essbase applications.
Smart View / Excel add-in will authenticate against Shared Services and shouldn't need to worry too much about the code, if you move to Smart View then you have to prepare for code changes
Cheers
John
http://john-goodwin.blogspot.com/ -
Essbase - Shared services security , User provison
Hi,
I am new to 11.1.1.2 Hyperion version.(worked on 9.3.1) I have some doubts on the user security in 11 version.
We have Distribution environment setup like Essbase on linux and remainng applications on windows 2003 server. Essbase is also registerd with shared services. Here are my questions.
1. If I change the Shared services Admin password (default password) will it effects any other applications?
*2. How to change essbase admin password (default password)?(from foreground we can change first time only)*
3. I am trying to login into EAS as well as essbase admin user but under essbase I am not able to create New User. The Create users option on security is disabled seems like already externalised. I am not able to get those users who are created in shared services evnthought using Refresh from Shared servcies+ option in essbase.
4. If I want to a user with only essbase applicatons provisioned what is the procedure.
Here i followed the procedure. Created xyz user in shared services and provisioned Only Demo applications. trying to loing EAS with xyz credentials login successfull and prompted for essbase credentials with server name , username (Extername authentication) getting failed. If i provide admin password at essbase server leverl i am able to connect and see all applications.
Please help me on this...
Regards
PrakashVHi,
Is it the base install of 9.3.1 or is it a later version like 9.3.1.3
I know there have been a number of security issues being addressed since the base version.
e.g.
Security. Users are not de-provisioned properly, causing Essbase applications to remain accessible to
them. [7197541]
Cheers
John
http://john-goodwin.blogspot.com/ -
Shared Services Security Classes
Hello,
I wanted to know what the real value of having Security classes set up? I understand that having Security Classes on Shared Services is not mandatory. Under which circumstances should you use Security Classes and as I am involved in setting up Shared Services, I was wondering if I should use this option or not. We are currently in the development phase of HFM and Planning.
If anyone can shed light on this issue, it would be greatly appreciated. Thank you.
-- AHey guys,
I really appreciate the response.
The fact that Security Class may be assigned at the Entity level does ring bells. We do want to ensure that certain entities can only see their own data and not others.
I believe I will use Security class at the entity level for our company.
Can you give me some examples of assigning Security classes for HFM?
Wintee's suggestion of assign - ready only and stuff like that is okay but seems a bit generic. Thank you very much for your suggestion though Wintee.
I also wanted to know the exact difference between an administrator, delegated administrator, application administrator. Who assigns who?
If you had to make a hierarchy of users for Shared Services, what would it be: Admin, Delegated Admin, App. Admin, Provisioning Mgr, Directory Mgr? Who comes at the top? Thanks so much for your help so far guys...much appreciated.
-- A
Maybe you are looking for
-
I need help with the settings, General to update my itunes, but there is no word saying software, for me to start the process. Also, need help syncing my music to my Ipad. help?
-
How to change Host directory location?(Problems with host and ed)
Hi I'm having a problem with the commands Host and Ed. The problem being that when I run them they send back an error saying SQL>host /bin/gnome-terminal: No such file or directory or SQL> ed Wrote file /home/joe/Documents/editfile.sql /bin/gnome-ter
-
Is it possible to open synchronized pdf with other reader than iBooks?
Hi all, I just bought and ipod and it seems to be nice little thingy I have troubles with understanding whole logic behind how apps and files work. In iTunes I added few pdfs and synchronized them to my ipod. I got a warning that I have not installed
-
Ole container not supported with Developer 7.0. Is it possible?
Hi I have read on the document "Oracle Forms: Features Obsolescence for Release 7.0" that any support for ole container is removed from the new version of form developer suite because it will not be supported the runtime client/server. I hope is ther
-
Adobe Pro Free Trial - Error message #0
Error #0 - what does it mean - trying to download Adobe Pro trial