Shared Services Security Migration

Hi All,
I need to migrate Shared Services Security from one server to another server(applications already migrated).
Can you please let me know if we copy essbase.sec file will it work, or any other process we need to follow.
Thanks,
Pinky

Dear Pinky,
As John just mentioned - it depends a bit on the version that you use as well (11.1.2 is different from 11.1.1.3.x is different from 9.x)
but you may find useful information in these guides:
http://download.oracle.com/docs/cd/E12825_01/epm.111/epm_security.pdf
http://download.oracle.com/docs/cd/E12825_01/epm.111/epm_backup_recovery.pdf
The CSSImportExport utiity is documented within its own zip folder on your installation of HSS (if you are using version 11.1.1.x)
Basically you can think of the process as a backup and restore on a different machine.
The complete list of steps is way too detailed and complex and touches too many sensitive areas to handle it in a thread here.
(especially as I do not know the versions of HSS/Essbase, the OS or the scope of this migration)
best regards
Torben

Similar Messages

  • Shared Services Security during LCM migration in 11.1.2.1

    I am migrating a Planning app from 1 environment to another.
    I vaguely remember ( from some presentation) that once I export Shared service security I need to modify the file to reflect the correct Essbase server name and than import the Shared service security file.
    Is this a mandatory step ? If yes which file should I modify ? Is it just listing.xml or any other file as well ?

    If you run an export of provisioning then for essbase you should by default see something like "EssbaseCluster-1", if your target environment is configured in the same way it should also be "EssbaseCluster-1" and you will not need to edit any files.
    If you don't start marking your posts I am not going to reply to any of your questions in future, hopefully everybody else will take that stance seeing as you have so many unresolved questions.
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • How can Manage Permissions for DB in Shared Services Security Mode

    In shared services security mode, after provisioning users for Essbase applications, only can assign database calculation and filter access. How can I grant permissions "Access Databases" like in native mode?

    Essbase will be default be in shared services security mode in 11.1.2, the wizard will not migrate security when in this mode.
    It is possible to revert it back but if you don't know the process then it is worth looking at alternatives first.
    You could use LCM to export the provisioning and then import into your target environment.
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • Auto Logoff while in Shared Services Security Mode

    Pretty simple question but I still haven't found the answer.
    My client's essbase server is set up in Shared Services Security Mode, so now the auto logoff options for the server don't apply. Is there a way to set this via shared services? Or is there some other means perhaps?
    Thanks for your time.

    Essbase will be default be in shared services security mode in 11.1.2, the wizard will not migrate security when in this mode.
    It is possible to revert it back but if you don't know the process then it is worth looking at alternatives first.
    You could use LCM to export the provisioning and then import into your target environment.
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • Shared services security- Is this even possible?

    I want to know if the following is possible using shared services security:
    I want to set up an MSAD group that will have say 50 sub groups.
    I will define this super group as an external directory in SS.
    I will then assign security (both roles and filters) to each of the 50 sub groups.
    There will be no groups or users in the native directory.
    Based on user needs, the MSAD team will move users from one subgroup to another without logging into Shared Services.
    My expectation is when they move the users from one subgroup to another, the user will have the security of the group they were moved to.
    Is it possible to set up security this way in shared services? I have been experimenting and having a miserable time getting it to work. So just wanted to know if I am doing something wrong or just wasting my time.

    I think this will work, but note that you are not really using SS inherited security.
    What you might do is something like this:
    MasterGroup <--Assign provisioning here
    |_Subgroup1 <--Assign filter
    |_Subgroup2 <--Assign yet another filter
    |_Etc.
    With the above layout you define provisioning roles once at the topmost group (MasterGroup) and then assign unique security at the subgroups.  The users are in the subgroups and their usernames will go to their ids (which will have no provisioning), then their immediate group (ditto), and then the parent group (which will). 
    What you have defined for security (as opposed to provisioning) sounds good to me although I have never tried to do this with MSAD groups.  I don't see a reason for it not to work.
    Regards,
    Cameron Lackpour

  • Shared Services Security Issue with Financial Reporting - 11.1.1.3

    Hi,
    So we have some users that are provisioned in some groups. Those groups have Essbase Server Access and Planner access to an application. That access is working great. They have access to the app and they have access via Smartview to the cube.
    Now we need them to be able to see all the Financial Reports (FR) created for that application. There are so many provisioning choices under 'Reporting and Analysis', that I'm not sure how to get this done correctly. Right now we have to assign 'Viewer' access and 'Explorer' access under 'Content Manager' tree in order for this to happen. I just think this seems wrong. We just need the user to be able to run and view a report from Workspace.
    Any help is appreciated as this is a very green area for me.

    Hi,
    You will need both Viewer and Explorer access for users to run reports.
    the reason is that without the Explorer, users will not be able to see any reports or the explorer in Workspace.
    Without Viewer, users will not be able to view/open any of the reports. You also have to give report access to users anyway related to the groups.
    You can see anll information about different security roles for Reporting and Analysis in the shared Services admin guide.
    The documentation is the best place to start for any information needed and confirming what fulfills your needs.
    Cheers
    RS

  • Shared Services Security information not updating in Essbase

    Hi,
    I have created few users in Shared Services and performed the sync operation. Created users are not reflecting in Essbase server. why?
    Also tried by externalizing the users... performed sync from shared services and refreshed the shared security from EAS console...then also... user information not updating in Essbase?
    What could be the reason?

    Have you provided Essbase application access rights to those users in shared services?
    If not, then try after providing Essbase access to users. This might be the reason for your issue.
    Regards,
    NitinGupta

  • Re:shared services security

    Hi
    I have standalone essbase in 6.5 where users plan their forecasting and budgeting through front end excel vb6 macros
    now they want to upgrade to 11.1.2 since the security in the front end application is through a NTID where orcl triggers a common password to log into
    essbase which matches the same password in essbase.
    severity is when we upgrade to 11.1.2 how does this work as shared services are to be maintained
    and how does shared sevrices talk to the front end vb macros ?
    any suggestion would be really appreciated.

    If you are moving to 11.1.2 then it is probably worth moving to Smart View as the excel add-in is pretty much at the end of its life and soon to be retired.
    You can configure shared services to add in an external directory such as Microsoft active directory, then the AD users/groups will be available in Shared Services and you can provision them against the essbase applications.
    Smart View / Excel add-in will authenticate against Shared Services and shouldn't need to worry too much about the code, if you move to Smart View then you have to prepare for code changes
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • Shared services security mode.

    Hello,
    When you implement shared services model of essbase security, is the essbase userlist picked from LDAP or something + its native users?
    will I connect to essbase servers (through excel addin or EAS or what ever) automatically with the windows authentication provided during log on. OR do I need to give my username and pwd everytime I connect to essbase servers?
    Thanks in advance.
    Ram.

    Depends on your version, if it is before 11.1.2 then usually the native user information is stored in an OpenLdap database, from 11.1.2 it is stored in a rdbms.
    External authentication can be used such as MSAD.
    You will still need to log into essbase with your account information, further information can be found at :- http://download.oracle.com/docs/cd/E12825_01/epm.111/epm_security/cas_help.htm
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • Shared services security and essbase security

    recently upgraded to sys 9 and now use shared services 931
    we used to have security at essbase level previously and now its all Shared services..
    now i have so many concerns
    Can we automate the security just like I used to automate in essbase earlier...
    or can we automate secuirty in essbase and them sync it to Shared services??
    I know that we change security settings in SS and then sync it to essbase but is the other way around possible???
    IF yes HOW?
    IF NOT - can we automate SS security which reflects to essbase...
    I have to go through the prod doc and I'll do that very soon but any suggestion on this would really help me out..
    Thanks in advance

    Hi,
    can you please write more about which products and version are you using and on which operating system name and version.
    Why do you use Shared Services? Are you using only Essbase server or any other server? If you use only Essbase server there is probably no need of using Shared Services.
    If you need only Essbase you can see my info about installing Essbase without Shared Services: hyperion essbase installation
    Please provide more info, so that we on forum can help you.
    Regards,
    Grofaty

  • Integrate active directory with Planning/ Essbase shared services security

    Hi All,
    we try to set up MSAD integration for Planning and Essbase 9.3.1.
    Everyting works fine but the accounts that pop up are first and last name in the user field instead of the userid used in windows to login. so in windows i login with mroest but now in Hyperion i have to use Marc Roest.
    DC=NL, DC=xxxx, DC=Corp
    ID Attribute = ObjectGUID
    User DN: CN=Adm Hyperion, OU=xxxx, OU=Utr
    Can anyone please help how to use the samID as defined in MSAD instead of the full name as is now?
    Thanks very much in advance,
    Marc

    Hi John.
    Do you know why OpenLDAP database would not migrate to the unique identity attribute say if I use sAMAccountName for the ID Attribute field on the MSAD User Configuration screen in Shared Service? It will not update the identity in OpenLDAP when I browse it, even after all the services have been restarted, including OpenLDAP and Shared Services...
    Any help would be appreciated.
    Thanks
    .-a furstrated programmer...

  • Essbase - Shared services security , User provison

    Hi,
    I am new to 11.1.1.2 Hyperion version.(worked on 9.3.1) I have some doubts on the user security in 11 version.
    We have Distribution environment setup like Essbase on linux and remainng applications on windows 2003 server. Essbase is also registerd with shared services. Here are my questions.
    1. If I change the Shared services Admin password (default password) will it effects any other applications?
    *2. How to change essbase admin password (default password)?(from foreground we can change first time only)*
    3. I am trying to login into EAS as well as essbase admin user but under essbase I am not able to create New User. The Create users option on security is disabled seems like already externalised. I am not able to get those users who are created in shared services evnthought using Refresh from Shared servcies+ option in essbase.
    4. If I want to a user with only essbase applicatons provisioned what is the procedure.
    Here i followed the procedure. Created xyz user in shared services and provisioned Only Demo applications. trying to loing EAS with xyz credentials login successfull and prompted for essbase credentials with server name , username (Extername authentication) getting failed. If i provide admin password at essbase server leverl i am able to connect and see all applications.
    Please help me on this...
    Regards
    PrakashV

    Hi,
    Is it the base install of 9.3.1 or is it a later version like 9.3.1.3
    I know there have been a number of security issues being addressed since the base version.
    e.g.
    Security. Users are not de-provisioned properly, causing Essbase applications to remain accessible to
    them. [7197541]
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • Shared Services Security Classes

    Hello,
    I wanted to know what the real value of having Security classes set up? I understand that having Security Classes on Shared Services is not mandatory. Under which circumstances should you use Security Classes and as I am involved in setting up Shared Services, I was wondering if I should use this option or not. We are currently in the development phase of HFM and Planning.
    If anyone can shed light on this issue, it would be greatly appreciated. Thank you.
    -- A

    Hey guys,
    I really appreciate the response.
    The fact that Security Class may be assigned at the Entity level does ring bells. We do want to ensure that certain entities can only see their own data and not others.
    I believe I will use Security class at the entity level for our company.
    Can you give me some examples of assigning Security classes for HFM?
    Wintee's suggestion of assign - ready only and stuff like that is okay but seems a bit generic. Thank you very much for your suggestion though Wintee.
    I also wanted to know the exact difference between an administrator, delegated administrator, application administrator. Who assigns who?
    If you had to make a hierarchy of users for Shared Services, what would it be: Admin, Delegated Admin, App. Admin, Provisioning Mgr, Directory Mgr? Who comes at the top? Thanks so much for your help so far guys...much appreciated.
    -- A

  • Planning and Shared Services security disconnect.

    Hi,
    We have an intermittent problem. We are running 9.3.1 of Planning, Essbase, and Shared Services, etc. We have 6 planning applications on the same server. We use oracle as the database. The problem is at some point in time Planning stops getting updates made in Shared Services. When it happens you can go into the planning application, view the security on any object, and click "Add Access". The "Users and Groups" select box get's populated with "<None Available>". If you bounce the planning service and come back in the "Users and Groups" is populated as expected. It also dosen't affect all of the application or the same applications.
    We have an admin group that makes security updates. Mainly just adding users to native groups. When things are working the changes/additions flow through to the planning tables. (HSP_USERSINGROUP,HSP_OBJECT). We gave this group a query to run that shows the access a specific user has in planning. If a user is added to a group in SS they then run the query to make sure the access is granted in planning. When the query doesn't bring back the information they think should be there we know we have the issue and start scheduling an outage to bounce planning.
    Anyone else seen this behavior and is there another way to fix this besides bouncing planning?
    Thanks for any responses.
    Keith

    This show multiple apps but you could knock it down.
    select
    user_name,
    group_name,
    mart,
    object_name,
    object_type,
    access_mode,
    flag
    from (
    select
    U.Object_Name as User_Name,
    G.Object_Name as Group_Name,
    'PLAN_APP1' as mart,
    O.Object_Name as Object_Name,
    OT.Type_Name as Object_Type,
    Case AC.Access_Mode
    when 3 then 'ReadWrite'
    when 2 then 'Write'
    when 1 then 'Read'
    when -1 then 'None'
    else 'Unknown'
    end as access_mode,
    Case AC.Flags
    when 0 then 'Member'
    when 5 then 'Children'
    when 6 then 'IChildren'
    when 8 then 'Descendants'
    when 9 then 'IDescendants'
    else 'Unknown'
    end as flag
    from
    HYP_PLAN_APP1.HSP_ACCESS_CONTROL AC,
    HYP_PLAN_APP1.HSP_OBJECT U,
    HYP_PLAN_APP1.HSP_OBJECT O,
    HYP_PLAN_APP1.HSP_OBJECT_TYPE OT,
    HYP_PLAN_APP1.HSP_OBJECT G,
    HYP_PLAN_APP1.HSP_USERSINGROUP UG
    where
    AC.user_id = UG.group_id
    and UG.USER_ID = U.object_id
    and AC.object_id = O.object_id
    and UG.group_id = G.object_id
    and O.object_type = OT.object_type
    and O.object_type <> 7
    union
    select
    U.Object_Name as User_Name,
    '' as Group_Name,
    'PLAN_APP1' as mart,
    O.Object_Name as Object_Name,
    OT.Type_Name as Object_Type,
    Case AC.Access_Mode
    when 3 then 'ReadWrite'
    when 2 then 'Write'
    when 1 then 'Read'
    when -1 then 'None'
    else 'Unknown'
    end as access_mode,
    Case AC.Flags
    when 0 then 'Member'
    when 5 then 'Children'
    when 6 then 'IChildren'
    when 8 then 'Descendants'
    when 9 then 'IDescendants'
    else 'Unknown'
    end as flag
    from
    HYP_PLAN_APP1.HSP_ACCESS_CONTROL AC,
    HYP_PLAN_APP1.HSP_OBJECT U,
    HYP_PLAN_APP1.HSP_OBJECT O,
    HYP_PLAN_APP1.HSP_OBJECT_TYPE OT,
    HYP_PLAN_APP1.HSP_USERS UG
    where
    AC.user_id = UG.user_id
    and UG.USER_ID = U.object_id
    and AC.object_id = O.object_id
    and O.object_type = OT.object_type
    and O.object_type <> 7
    Union
    select
    U.Object_Name as User_Name,
    G.Object_Name as Group_Name,
    'PLAN_APP2' as mart,
    O.Object_Name as Object_Name,
    OT.Type_Name as Object_Type,
    Case AC.Access_Mode
    when 3 then 'ReadWrite'
    when 2 then 'Write'
    when 1 then 'Read'
    when -1 then 'None'
    else 'Unknown'
    end as access_mode,
    Case AC.Flags
    when 0 then 'Member'
    when 5 then 'Children'
    when 6 then 'IChildren'
    when 8 then 'Descendants'
    when 9 then 'IDescendants'
    else 'Unknown'
    end as flag
    from
    HYP_PLAN_APP2.HSP_ACCESS_CONTROL AC,
    HYP_PLAN_APP2.HSP_OBJECT U,
    HYP_PLAN_APP2.HSP_OBJECT O,
    HYP_PLAN_APP2.HSP_OBJECT_TYPE OT,
    HYP_PLAN_APP2.HSP_OBJECT G,
    HYP_PLAN_APP2.HSP_USERSINGROUP UG
    where
    AC.user_id = UG.group_id
    and UG.USER_ID = U.object_id
    and AC.object_id = O.object_id
    and UG.group_id = G.object_id
    and O.object_type = OT.object_type
    and O.object_type <> 7
    union
    select
    U.Object_Name as User_Name,
    '' as Group_Name,
    'PLAN_APP2' as mart,
    O.Object_Name as Object_Name,
    OT.Type_Name as Object_Type,
    Case AC.Access_Mode
    when 3 then 'ReadWrite'
    when 2 then 'Write'
    when 1 then 'Read'
    when -1 then 'None'
    else 'Unknown'
    end as access_mode,
    Case AC.Flags
    when 0 then 'Member'
    when 5 then 'Children'
    when 6 then 'IChildren'
    when 8 then 'Descendants'
    when 9 then 'IDescendants'
    else 'Unknown'
    end as flag
    from
    HYP_PLAN_APP2.HSP_ACCESS_CONTROL AC,
    HYP_PLAN_APP2.HSP_OBJECT U,
    HYP_PLAN_APP2.HSP_OBJECT O,
    HYP_PLAN_APP2.HSP_OBJECT_TYPE OT,
    HYP_PLAN_APP2.HSP_USERS UG
    where
    AC.user_id = UG.user_id
    and UG.USER_ID = U.object_id
    and AC.object_id = O.object_id
    and O.object_type = OT.object_type
    and O.object_type <> 7
    Union
    select
    U.Object_Name as User_Name,
    G.Object_Name as Group_Name,
    'PLAN_APP3' as mart,
    O.Object_Name as Object_Name,
    OT.Type_Name as Object_Type,
    Case AC.Access_Mode
    when 3 then 'ReadWrite'
    when 2 then 'Write'
    when 1 then 'Read'
    when -1 then 'None'
    else 'Unknown'
    end as access_mode,
    Case AC.Flags
    when 0 then 'Member'
    when 5 then 'Children'
    when 6 then 'IChildren'
    when 8 then 'Descendants'
    when 9 then 'IDescendants'
    else 'Unknown'
    end as flag
    from
    HYP_PLAN_APP3.HSP_ACCESS_CONTROL AC,
    HYP_PLAN_APP3.HSP_OBJECT U,
    HYP_PLAN_APP3.HSP_OBJECT O,
    HYP_PLAN_APP3.HSP_OBJECT_TYPE OT,
    HYP_PLAN_APP3.HSP_OBJECT G,
    HYP_PLAN_APP3.HSP_USERSINGROUP UG
    where
    AC.user_id = UG.group_id
    and UG.USER_ID = U.object_id
    and AC.object_id = O.object_id
    and UG.group_id = G.object_id
    and O.object_type = OT.object_type
    and O.object_type <> 7
    union
    select
    U.Object_Name as User_Name,
    '' as Group_Name,
    'PLAN_APP3' as mart,
    O.Object_Name as Object_Name,
    OT.Type_Name as Object_Type,
    Case AC.Access_Mode
    when 3 then 'ReadWrite'
    when 2 then 'Write'
    when 1 then 'Read'
    when -1 then 'None'
    else 'Unknown'
    end as access_mode,
    Case AC.Flags
    when 0 then 'Member'
    when 5 then 'Children'
    when 6 then 'IChildren'
    when 8 then 'Descendants'
    when 9 then 'IDescendants'
    else 'Unknown'
    end as flag
    from
    HYP_PLAN_APP3.HSP_ACCESS_CONTROL AC,
    HYP_PLAN_APP3.HSP_OBJECT U,
    HYP_PLAN_APP3.HSP_OBJECT O,
    HYP_PLAN_APP3.HSP_OBJECT_TYPE OT,
    HYP_PLAN_APP3.HSP_USERS UG
    where
    AC.user_id = UG.user_id
    and UG.USER_ID = U.object_id
    and AC.object_id = O.object_id
    and O.object_type = OT.object_type
    and O.object_type <> 7
    union
    select
    U.Object_Name as User_Name,
    G.Object_Name as Group_Name,
    'PLAN_APP4' as mart,
    O.Object_Name as Object_Name,
    OT.Type_Name as Object_Type,
    Case AC.Access_Mode
    when 3 then 'ReadWrite'
    when 2 then 'Write'
    when 1 then 'Read'
    when -1 then 'None'
    else 'Unknown'
    end as access_mode,
    Case AC.Flags
    when 0 then 'Member'
    when 5 then 'Children'
    when 6 then 'IChildren'
    when 8 then 'Descendants'
    when 9 then 'IDescendants'
    else 'Unknown'
    end as flag
    from
    HYP_PLAN_APP4.HSP_ACCESS_CONTROL AC,
    HYP_PLAN_APP4.HSP_OBJECT U,
    HYP_PLAN_APP4.HSP_OBJECT O,
    HYP_PLAN_APP4.HSP_OBJECT_TYPE OT,
    HYP_PLAN_APP4.HSP_OBJECT G,
    HYP_PLAN_APP4.HSP_USERSINGROUP UG
    where
    AC.user_id = UG.group_id
    and UG.USER_ID = U.object_id
    and AC.object_id = O.object_id
    and UG.group_id = G.object_id
    and O.object_type = OT.object_type
    and O.object_type <> 7
    union
    select
    U.Object_Name as User_Name,
    '' as Group_Name,
    'PLAN_APP4' as mart,
    O.Object_Name as Object_Name,
    OT.Type_Name as Object_Type,
    Case AC.Access_Mode
    when 3 then 'ReadWrite'
    when 2 then 'Write'
    when 1 then 'Read'
    when -1 then 'None'
    else 'Unknown'
    end as access_mode,
    Case AC.Flags
    when 0 then 'Member'
    when 5 then 'Children'
    when 6 then 'IChildren'
    when 8 then 'Descendants'
    when 9 then 'IDescendants'
    else 'Unknown'
    end as flag
    from
    HYP_PLAN_APP4.HSP_ACCESS_CONTROL AC,
    HYP_PLAN_APP4.HSP_OBJECT U,
    HYP_PLAN_APP4.HSP_OBJECT O,
    HYP_PLAN_APP4.HSP_OBJECT_TYPE OT,
    HYP_PLAN_APP4.HSP_USERS UG
    where
    AC.user_id = UG.user_id
    and UG.USER_ID = U.object_id
    and AC.object_id = O.object_id
    and O.object_type = OT.object_type
    and O.object_type <> 7
    Union
    select
    U.Object_Name as User_Name,
    G.Object_Name as Group_Name,
    'PLAN_APP5' as mart,
    O.Object_Name as Object_Name,
    OT.Type_Name as Object_Type,
    Case AC.Access_Mode
    when 3 then 'ReadWrite'
    when 2 then 'Write'
    when 1 then 'Read'
    when -1 then 'None'
    else 'Unknown'
    end as access_mode,
    Case AC.Flags
    when 0 then 'Member'
    when 5 then 'Children'
    when 6 then 'IChildren'
    when 8 then 'Descendants'
    when 9 then 'IDescendants'
    else 'Unknown'
    end as flag
    from
    HYP_PLAN_APP5.HSP_ACCESS_CONTROL AC,
    HYP_PLAN_APP5.HSP_OBJECT U,
    HYP_PLAN_APP5.HSP_OBJECT O,
    HYP_PLAN_APP5.HSP_OBJECT_TYPE OT,
    HYP_PLAN_APP5.HSP_OBJECT G,
    HYP_PLAN_APP5.HSP_USERSINGROUP UG
    where
    AC.user_id = UG.group_id
    and UG.USER_ID = U.object_id
    and AC.object_id = O.object_id
    and UG.group_id = G.object_id
    and O.object_type = OT.object_type
    and O.object_type <> 7
    union
    select
    U.Object_Name as User_Name,
    '' as Group_Name,
    'PLAN_APP5' as mart,
    O.Object_Name as Object_Name,
    OT.Type_Name as Object_Type,
    Case AC.Access_Mode
    when 3 then 'ReadWrite'
    when 2 then 'Write'
    when 1 then 'Read'
    when -1 then 'None'
    else 'Unknown'
    end as access_mode,
    Case AC.Flags
    when 0 then 'Member'
    when 5 then 'Children'
    when 6 then 'IChildren'
    when 8 then 'Descendants'
    when 9 then 'IDescendants'
    else 'Unknown'
    end as flag
    from
    HYP_PLAN_APP5.HSP_ACCESS_CONTROL AC,
    HYP_PLAN_APP5.HSP_OBJECT U,
    HYP_PLAN_APP5.HSP_OBJECT O,
    HYP_PLAN_APP5.HSP_OBJECT_TYPE OT,
    HYP_PLAN_APP5.HSP_USERS UG
    where
    AC.user_id = UG.user_id
    and UG.USER_ID = U.object_id
    and AC.object_id = O.object_id
    and O.object_type = OT.object_type
    and O.object_type <> 7
    Union
    select
    U.Object_Name as User_Name,
    G.Object_Name as Group_Name,
    'PLAN_APP6' as mart,
    O.Object_Name as Object_Name,
    OT.Type_Name as Object_Type,
    Case AC.Access_Mode
    when 3 then 'ReadWrite'
    when 2 then 'Write'
    when 1 then 'Read'
    when -1 then 'None'
    else 'Unknown'
    end as access_mode,
    Case AC.Flags
    when 0 then 'Member'
    when 5 then 'Children'
    when 6 then 'IChildren'
    when 8 then 'Descendants'
    when 9 then 'IDescendants'
    else 'Unknown'
    end as flag
    from
    HYP_PLAN_APP6.HSP_ACCESS_CONTROL AC,
    HYP_PLAN_APP6.HSP_OBJECT U,
    HYP_PLAN_APP6.HSP_OBJECT O,
    HYP_PLAN_APP6.HSP_OBJECT_TYPE OT,
    HYP_PLAN_APP6.HSP_OBJECT G,
    HYP_PLAN_APP6.HSP_USERSINGROUP UG
    where
    AC.user_id = UG.group_id
    and UG.USER_ID = U.object_id
    and AC.object_id = O.object_id
    and UG.group_id = G.object_id
    and O.object_type = OT.object_type
    and O.object_type <> 7
    union
    select
    U.Object_Name as User_Name,
    '' as Group_Name,
    'PLAN_APP6' as mart,
    O.Object_Name as Object_Name,
    OT.Type_Name as Object_Type,
    Case AC.Access_Mode
    when 3 then 'ReadWrite'
    when 2 then 'Write'
    when 1 then 'Read'
    when -1 then 'None'
    else 'Unknown'
    end as access_mode,
    Case AC.Flags
    when 0 then 'Member'
    when 5 then 'Children'
    when 6 then 'IChildren'
    when 8 then 'Descendants'
    when 9 then 'IDescendants'
    else 'Unknown'
    end as flag
    from
    HYP_PLAN_APP6.HSP_ACCESS_CONTROL AC,
    HYP_PLAN_APP6.HSP_OBJECT U,
    HYP_PLAN_APP6.HSP_OBJECT O,
    HYP_PLAN_APP6.HSP_OBJECT_TYPE OT,
    HYP_PLAN_APP6.HSP_USERS UG
    where
    AC.user_id = UG.user_id
    and UG.USER_ID = U.object_id
    and AC.object_id = O.object_id
    and O.object_type = OT.object_type
    and O.object_type <> 7
    Where user_name in ('Obama','McCain')

  • Hyperion Shared Services - Security in excel file

    Hi all,
    Is there a way that we can get security info in an excel format from Shared services and then we can play around with that excel file. Once changes are done, we import it back to Shared services.
    We use active directory for user maintenance.
    Regards,

    They are stored in the Planning application and not Shared Services, export the access permissions from the planning applications using either LCM or the exportsecurity utility.
    Cheers
    John
    http://john-goodwin.blogspot.com/

Maybe you are looking for

  • Adding Attachment in a single Instance BPM Studio 10.3.1

    Hello, I am using Oracle BPM Studio 10.3.1.0 and I am trying to create a process, where there will be an Interactive activity for a user role to upload a file (for example a .doc/docx or .pdf) and after the file is uploaded, another role will be able

  • ITunes 8.2 won't install on WinXP SP2 64bit

    Installed my new computer (WinXP SP2/ 64bit) updated via Windows Update and tried to install iTunes 8.2 for Windows (64 bit). My system meets the requirements for this version, according to the Apple iTunes page. At the beginning of the installation

  • Price Determination in Sales Order - for a Standard product & Custom Produc

    Hi, The price information is not displaying at Item Level in Sales Order for my own product 'SalesProduct1' and to my custom Sales order (z-TA). However, for standard products (Ht-1000, HT-1010, HT-1100 etc.) the price information is getting displaye

  • HT3176 how do you submit wifi password?

    trying to set up apple tv for the first time and I'm on the page that allows you to type in your password for your wifi network.  I don't know how to submit the password though as pressing the middle button just selects another character but doesn't

  • HP QA center sizing

    I cannot find any info about hardware sizing for HP QA center. any recommendation as far as CPU, RAM and storage is concerned on a windows box ? Just planning to use basic functions for about 10 users at a time. also, any sizing recommendation for AR