Alternative to apply dimension security in Planning?

Similar Messages

• Cross Dimensional Security in Planning

  Got a scenario where the customer is asking for cross dimension security in planning and not sure if it's possible
  Simple Example
  Assume 2 dimensions. Account and Entity
  Entity has 2 members E1234 and E1235
  Account has 2 members Axxx1 and Axxx2
  User is User1
  User should have the following access (assume it's all ReadWrite)
  Axxx2 but only for E1234 (so can't ReadWrite for Axxx1 in E1234)
  Axxx1 but only for E1235 (so can't ReadWrite for Axxx2 in E1235)
  Based on the SecFile.txt
  I could write
  User1,Axxx2,ReadWrite,Member
  User1,Axxx1,ReadWrite,Member
  User1,E1234,ReadWrite,Member
  User1,E1235,ReadWrite,Member
  But I have now given him/her access to everything.....
  I'm worried the answer is that you can't do it. I know you could do it in Essbase itself but can't figure out something for Planning.
  My problem is actually far more complicated than this but if I could do understand this simple example I think I can do everything I need.

  One way to get around this issue is to physically merge the dimensions where you need cross-dimensional security. It's not a great solution, and with large dimensions can be completely impractical due to the number of potential combinations. But if one of your dimensions is small, it can work.
  In our case, we wanted cross-dimensional security on Entities and Departments. We didn't have to create a member for every combination of Entity/Department, because not all combinations were valid (or had data), so we were able to limit the combined dimension's size somewhat.
  - Jake

• Shared Services, Export Security on dimensions set in Planning

  We have migrated everything from Planning version 9 to version 11.
  Using Shared Services we are been able to transfer all users and groups.
  By now we have to transfer also the security set on dimensions within Planning.
  With Life Cycle Management we are been able to migrate everything except those dimension security setting sofar.
  Has anyone the same experience and/or can help us with a workaround.
  regards,
  Ed

  Well, have you looked at the Planning utility ExportSecurit.cmd? It works just fine in 11.1.2.1 as well as older releases.
  I had (or I should say my client had) an install issue with SS where LCM security migrations didn't work.
  ExportSecurity pulled everything out and I was able to migrate across environments without issue.
  The docs for it are in the Planning admin guide.
  Regards,
  Cameron Lackpour

• Security on Year dimension in Hyperion Planning.

  Need to enable security on Year dimension on Hyperion Planning for below requirement. I know that we cannot enable security on year dimenison in Hyperion Planning, but want know if there is any custom solution.
  Requirement:
  IT users to have write access to Scenario: FY12FCSTJUN for year FY12 for period JUN to DEC & FY13 for Period OCT to SEP. (Calender year starts at OCT of every year)
  Normall users they want to have read access to Scenario: FY12FCSTJUN for year FY12 for period JUN to DEC and write access to Scenario: FY12FCSTJUN for Year FY13 for Period OCT to DEC
  1)we can modify the start period, end period, start yr and End yr for FY12FCSTJUN Scenario dimension to make FY12 FY12FCSTJUN as read/write for Specific year, but it won't meet the requirement.
  2)I have already tried making modification to the Planning respository table ( changed the value for ENFORCE_SECURITY parameter to 1 for DIM_ID 38 for Year in the HSP_Dimension table)on one of VM environments,but it won't enable security on the Year dimension.
  3)We can create a Budget scenario to achieve above, but it involves too many changes accross all the webforms and B rules, so we want to see if there is any custom solution available.
  Any suggestion/workaround to resolve the issue?

  Oracle will be releasing a patch in dec 2012 to fix/enable the security on year dimension. this patch is applicable for 11.1.2.2 version.

• Dimension Security causing SSAS cube to slow down

  Hi,
  Experiencing problems with with the SSAS cube once its processed. Sometimes takes around 20 mins for the excel to load once you drag down any dimension.The cube has got no calc scripts/named sets etc.It has around 17 dimensions and one dimension(Employer)
  has got 46 attributes and another (member)17.Others are pretty small.The Employer dimension is used twice as role playing and the both employer/member have got dimension security applied to it.There are about 6 roles have been set up to restrict access to
  members in these dimensions.
  The SQL profiler shows multiple "Query Dimension" (mostly for Employer dimension)followed by a lot of "Calculate Non Empty Current"s  .Suspect that the delay is due to the dimension security expression evaluation.This only happens
  during first access of the cube within a role and it's relatively quick when I'm accessing via a role which doesn't have dimension security applied to it.Is there anyway to automatically trigger this process right after the cube has been processed so that
  it doesn't cause agony to the first user?

  You could build a cache warmer that connects with EffectiveUserName=YourDomain\user1 on the connection string and loop through each user. But what is your dimension security expression? Maybe we can speed it up.
  http://artisconsulting.com/Blogs/GregGalloway

• Attribute Dimension members in Planning Data form

  Hi All,
  Can we see Attribute dimension members in Planning data form ? Pls. help

  Yes it is possible in 11.1.1.3, for example in your row select a dimension that has attributes associated with it. select dimension properties next to the down drop.
  Tick "Enable custom attribute display (setting applies to all dimensions with associated attributes): "
  Select the attribute dimension
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Shared Members in Dimensions - security question

  Within the dimension security, do shared members take the security based on their base member or on the parent member?
  For example, if we have a base member setup under "Homes" like this:
  Homes > examplehome
  and then a shared member for "examplehome" setup like this:
  Region1 > examplehome(shared)
  And the "Homes" and "Region1" folder have different security setup for iDescendants, will "examplehome(shared)" take the security from "Homes" or "Region1"?

  I've never investigated this but does it really matter? The data for examplehomes is only stored in one place. The share just gives you alternate aggregation paths. My guess is that once you set security for one all instances of the member share the security. After all, if you place examplehomes on a form with no parent, planning has no idea which parent to use.
  Dave

• Group Security in Planning

  Hi All,
  I have a question related to Planning dimensions security using groups. Say there is User-A, User-B, and User-C and I created to 2 groups using these 3 users in Hyperion Shared Services in the following manner
  Group-1 : User-A and User-B
  Group-2 : User-B and User-C
  (User-B is present in Group-1 and Group-2.)
  The question is - in Planning, If I I give following access rights to the above two groups for a member of a dimension, what kind of access would User-B would get that member?
  Group-1 - Read/Write
  Group-2 - None (NoAccess)
  Is it None or Read/Write?
  Any help would be greatly appreciated.
  Thanks,
  Prashanth
  Edited by: HypUser on Mar 29, 2011 8:46 AM

  None takes precedence over Read/Write.

• Unable to load Dimension into Hyperion planning using ODI ?

  Hi All
  We are trying to load Dimension into hyperion planning Ver. 11.1.2 using ODI. We have created the interface and mapped the source csv file to target planmning application using ODI KM.
  LKM file to SQL
  IKM SQL to Planning
  We get success in ODI's Operator but the Dimension is not updated nor new data is insreted.
  We get this message in Error file:-
  +
  Retail Format,Parent,Alias: Default,Data Storage,Two Pass Calculation,Smart List,Data Type,Plan Type (APlan),Error_Reason
  ABC,Total Format,,StoreData,,,,Aplan,Cannot load dimension member, error message is: java.lang.RuntimeException: Fetch of saved member "ABC" failed.
  +
  We get this message in log files:-
  +
  2010-07-22 07:04:06,550 INFO [DwgCmdExecutionThread]: Oracle Data Integrator Adapter for Hyperion Planning - Release 9.3.1.1
  2010-07-22 07:04:06,550 INFO [DwgCmdExecutionThread]: Connecting to planning application [******] on [********]:[11333] using username [admin].
  2010-07-22 07:04:06,597 INFO [DwgCmdExecutionThread]: Successfully connected to the planning application.
  2010-07-22 07:04:06,597 INFO [DwgCmdExecutionThread]: The load options for the planning load are
       Dimension Name: Retail Format Sort Parent Child : false
       Load Order By Input : false
       Refresh Database : true
  2010-07-22 07:04:06,612 INFO [DwgCmdExecutionThread]: Begining the load process.
  2010-07-22 07:04:06,612 DEBUG [DwgCmdExecutionThread]: Number of columns in the source result set does not match the number of planning target columns.
  2010-07-22 07:04:06,659 INFO [DwgCmdExecutionThread]: Load type is [Load dimension member].
  2010-07-22 07:04:06,675 ERROR [DwgCmdExecutionThread]: Record [[ABC, Total Format, null, null, StoreData, null, null, null, null, null, null, null, null, null, Aplan, null, null, null]] was rejected by the Planning Server.
  2010-07-22 07:04:06,675 INFO [DwgCmdExecutionThread]: Planing cube refresh operation initiated.
  2010-07-22 07:04:08,425 INFO [DwgCmdExecutionThread]: Planning cube refresh operation completed successfully.
  2010-07-22 07:04:08,425 INFO [DwgCmdExecutionThread]: Load process completed.
  +
  Please help out .....

  Can you check the error log file as you have posted the log file, it should give more information to why the records were rejected.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Dimension security is not working if user have two roles in SSAS while connecting from Excel

  Hello Genius,
  I am facing the issue when user trying to connect the cube from excel if user have more than one role in ssas db.
  Role 1: Countryuser, I have implemented the dimension security with country
  dimension and  countrycode attribute.
  Role 2: CityUser,   I have implemented the dimension security with
  city dimension and  citycode attribute.
  If user is mapped to any one of above role dimension security is working perfectly according to the logic but mapped to both role, cube is exposing all the data in this case dimension security is not working.
  Please give me the solution to fix this issue or incase I am wrong kindly advice.
  Thanks
  Ganesh

  This is the expected behaviour as allowed sets in roles are unioned together.
  This is not a problem when your roles are restricting across a single attribute.
  eg.
  US_role = {[Geography].[Country].[USA]
  France_role = {[Geography].[Country].[France] }
  as someone in both roles ends up seeing {[Geography].[Country].[USA], [Geography].[Country].[France] }
  But when you have different attributes:
  NY_role = {[Geography].[City].[New York] }
  France_role = {[Geography].[Country].[France] }
  The first role is unrestricted on countries and the second is unrestriced on cities which is effectively:
  NY_role = {[Geography].[Country].AllMembers , [Geography].[City].[New York]  }
  France_role = {[Geography].[Country].[France], [Geography].[City].AllMembers }
  And when you union those two sets together you end up with:
  {[Geography].[Country].AllMembers , [Geography].[City].AllMembers }
  Which means that someone in both roles can see everything.
  So if you want to restrict someone to City = New York and Country = France you have to create a
  single role where both attributes are restricted. So if you have a lot of these combinations you will either have to create a lot of "combination" roles or look at dynamic security.
  The other thing that might work is make sure that you only give some users access to certain cities and others access to certain countries. It's the mixing of the two for a single person that causes the issues.
  http://darren.gosbell.com - please mark correct answers

• Simple Dimension Query in Planning

  Hi Planning Experts,
  I would like to delete some of the dimension from classic planning application (9.3.1). which planning creates automatically when i created Application (unchecked sample application). though i see icon (mark for deletion but unknown about this icon.
  Please help.
  Thanks in Advance for any help
  Regards
  N Kumar

  Hi,
  You can edit the dimension name for all dimensions though you will not be able to edit the dimension member names for the year dimension, you can however you use the aliases functionality to give say FY08 an alias of 2008-2009
  Also you will not be able to delete dimensions through planning once they have been created.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Advanced Security Manager (Planning)

  Hello, I am trying to find a utility which can export all the security from Planning to a *.txt file. Please let me know if its possible. I heard about Advanced Security Manager where i can download this thing. Thanks,Scorpion

  You can download ASM from Essbase.com. Here is the link..http://dev.hyperion.com/download/utilities/Thanks, Ricky - [email protected]

• Maintain attribute dimensions in Hyperion Planning, via ODI

  How can I move/maintain attribute members in Hyperion Planning, preferably via ODI?
  I have been loading an attribute dimension into Hyperion Planning, via ODI. The problem is that some children have been previously loaded to incorrect parents. However, a reload does not seem to move the children to their rightful place in the hierarchy.
  There are no errors being generated.
  Cheers

  Are you definitely sure it is not on the planning side the issue lies, I would create a file and then use the outline loader to compare load times to see where the issue is first.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• IIF condition mdx logic in Dimension security

  Hi,
  I have Organization dimension which has multiple attributes like  District , Region, Corporate.
  I want to show all date for Corporate users, region users to see only their region data and district users to see only their district data.
  Users can be either Corporate , Regional or District user. Only one of these attributes will be True.
  I have to implement this logic in dimension security of Organization dimension under advanced tab using IIF conditions. I am getting confused , can some one help
  Logic will be -
  For Current Logged In User - Check if Corporate Flag is set    
  *True - Show all Organization Members    
  *False - Check if Region No is set     
   *True - Show Organization with Region number equal to current user Region number    
    *False - Check if District No is set             
      *True - Show Organization with District number equal to current user Distric number               *False - Show all Organization members (mostly ESTAT case)

  1. If the MDX query worked, I would assume that you have a valid member expression in the "Region Number" property. It should be something like [Region].[Region Number].[Reg1]. If you just have "Reg1" in the property, you will have to change the MDX like
  below:
  strtoset( "{" + "[Region].[Region Number].[" +
  strtoMember("[User].[Login Id].[smv123]").Properties( "Region
  Number" ) + "]" + "}" ) 
  (a).
  strtoMember("[User].[Login Id].[smv123]") will convert member string expression to a member. Same as
  [User].[Login Id].[smv123]").Properties( "Region
  Number" ). i.e. Quotes are gone.
  (b).
  [User].[Login Id].[smv123]").Properties( "Region
  Number" ) will return as string "Reg1"
  (c) "Reg1" is added to "[Region].[Region Number].[" to make a valid member expression. Complete expression would be : "[Region].[Region Number].[" + "Reg1" + "]"
  (d) The above member string expression is converted to a member set by
  strtoset( "{" + "[Region].[Region Number].[" + "Reg1" + "]" + + "}" )
  (e) So, it is equivalent specifying [Region].[Region Number].[Reg1] in the Advanced security tab. But, since the MDX is evalauted at run time, it will change based on the login id returned by the UserName() function.
  (f) Please make sure that you picked [Region] dimension and [Region Number] attribute to enforce dynamic security
  2. I am not sure how to write IIF logic in the advanced tab of dimension security. It may be possible. The end result of the MDX in the advanced tab should be a valid member or member set.
  regards
  Arun

• Dimension security in SSAS

  Hello,
  We are trying to report on assets from a DAM platform in SSAS, for which the taxonomy is pretty embedded, reason why in a parent-child relationship I'm having trouble to drill down to the appropriate level since there are like 17 levels. We are trying to
  restrict access to only 2 members within our Clients classification. I was able to figure it out in VS and to filter in the dimension security (Roles) to restrict access to the particular clients, but it won't drill down to its children and grandchildren.
  I was wondering if there is any MDX which might be able to surface the children and grandchildren. Since the taxonomy is based on GUIDS is really hard to identify which asset stops at which level. Just to make it more descriptive a record can be part of one
  or more classifications but it always belongs to a root classification, within a record there are files that can be part of one or more classifications, as well as a file can have several file versions.  I'm trying to see if there is an MDX code
  which will allow me to uncover the children and grandchildren of the two members in the Clients classification and restrict access only to those two. Also would there be another way in doing this?
  I would appreciate any suggestions.
  Thanks,
  Andrea

  Hi Andrea,
  According to your description, you need to restrict access for two members on the hierarchy, however uncover the access permission for the children and grandchildren of the two members, right?
  Analysis Services provides a role-based authorization model that grants access to operations, objects, and data. In your scenario, you can unckeck the members on the Dimension Data when creating a role, and keep all the children and grandchildren of the
  two members selected.
  Regards,
  Charlie Liao
  If you have any feedback on our support, please click
  here.
  Charlie Liao
  TechNet Community Support