Assigning access for combinations of dimension members

Similar Messages

• Assign access for the database to None with maxl?

  I need to assign access to the database to none with maxl. Any help will be appreciated. <img src="i/expressions/beer.gif" border="0">

  Do you mean setting the minimum access permission on the database?<BR>For that the command is 'alter database 'Sample'.'Basic' set minimum permission no_access;'<BR><BR>If you want to prevent users from logging on to the database then use something like<BR>'alter application 'Sample' disable connects;'<BR><BR>HTH<BR>

• SAP Roles and Access for SAP Implementation team members

  Hi,
  Is it correct practice to give SAP_ALL role access for all SAP Implementation team members in Dev and QA?
  If not, what is the correct practice?
  Kindly let me know

  Madhu,
  It is NOT correct practice to give anyone SAP_ALL in any of the systems; not DEV, not QAS, and certainly not PRD. However, many implementation teams (and particularly consultants from SIs) insist that they cannot possibly do their jobs without it. This is completely incorrect as there are specific roles for them to use for that purpose. The only circumstance where it could be justified is if you require a special "firefighter" role - and even then, I would still be a bit doubtful.
  You should also consider that once you have given someone SAP_ALL, they will fight tooth and nail to keep it. It also means that they probably are not testing the user roles correctly. Most of those that insist they need it simply do not understand the security issues and probably don't care.
  Just think; if they have access to do soemthing that they shouldn't and then cause a big problem, are they the ones that will have to fix it or are they going to expect you to do it? If they expect you to clear up after them, then you have the right to insist on restricting their access to cause issues in the first place.
  But I know just how demanding they can be....
  Best of luck
  Tony

• Assign access for manage approvals.

  Hi Folks!
  At now I´m trying to test the new Workflow functions in version 11.1.2.
  My problem is that, I created a planning unit hierarchy. I assigned some owners and reviwers for each entity in the hierarchy.
  But, when I go to "Tools->Manage Approvals" and I try to start a "Plan Cycle", if the Owner of the Selected entity is not an user with "Administrator" rol, its bring me the following Sub-Status:
  Failed: Unauthorized New Owner
  The user that is the owner of that Entity, has write access to that entity, and also, has the following roles assigned to his group (group that the user is member):
  Approvals Ownership Assigner
  Approvals Process Designer
  Planner
  What is the rol needed to be the owner of an entity approval cycle?
  Please, any suggestion will be helpufull!
  Best regards!
  Fabian
  Edited by: 920308 on 26/03/2012 01:26 PM

  Hi Fabian,
  Let me break the process of workflow in 3 steps
  1. Creating of Planning unit hierarchy, in which you assign owners and reviewers( YOu have dont this - DONE)
  2. Assignment of Scenario and Version( thought you have not mentioned, I assume you had done this )
  3. Go to Tools -> Manage approvals , here you might see the message
  ' you have no planning units started for the selected scenario and version'.
  If the user is admin, you should be able to see both ' Tree view and Flat view.We need to know that starting a workflow is admin's job i.e administrator has to do this.
  Go to Tree view and then you should be able to see the list of planning units,which you have created in step 1 and start it.
  Once you start it, as per the assigned owners, the workflow will move ahead.
  Sandeep Reddy Enti
  http://hyperionconsultancy.com/

• Assign Package  for Different Teams

  Hi,
  I have a Problem in assigning different package to different Teams. I am assigned to the following,
  1. Task Profile with all 3 Admin tasks enabled
  2. Member access Profile with R/W access to all secured Dimension Members.
  3. Not assigned to any TEAM.
  in my system.
  The Problem is, when i try to assign Package for any end user Teams using "eData --> Manage Team user package access". i dont get any team in the window comming.
  And if modify my account, such that assigning my ID to some TEAM say ADMIN which has access to same task and member access profile which i have, then if i try  "eData --> Manage Team user package access" i get the ADMIN team in the window.
  Please let me know how to get all the teams present in the APPSET or what should be the access provided so that i can get all Teams.
  Thanks in Advance,
  Regards,
  G.Vijaya Kumar.

  Have you tried assigning your ID to all teams?
  Thanks and best regards,
  [Jeffrey Holdeman|http://wiki.sdn.sap.com/wiki/display/profile/Jeffrey+Holdeman]
  SAP BusinessObjects
  Enterprise Performance Management
  Regional Implementation Group

• Valid Combinations for DImension Members

  Hi All,
  We have dimensions for Cost Center and Company code in one of our BPC Applications..Is there a way we can avoid users planning for incorrect combinations?
  E.g. -
  Valid Combinations  -
  Cost Center 1 >>>Company Code 1000
  Cost Center 2 >>>Company Code 2000
  In case the user selects Cost Center 1 & Company code 2000 in current view and enters plan values - the system should not allow the same...Is there a way to maintain valid combinations for dimension members (belonging to different dimensions) in BPC???

  Hi Shibu,
  It was just an example, to show you how to control the combinations. You might have to design it based on the exact business requirement.
  Please note that this wont be a straight-forward process, and you might have to use some VB macros to ensure you get, what you require.
  Lets say, based on the expansion, you have 5 company codes to be displayed in the template. You should, first, use an EVEXP function to list all the 5 company codes in some empty region of the template. Use a macro to concatenate all the 5 company codes separated by "|". Then, for the expansion on cost centers, you should again use a macro which will consider each of the 5 company codes at a time, and set the expansion to "P_COMPANY = ABC". Since you have 5 company codes, hence you will have 5 such combinations of member filter pertaining to each of the 5 company codes. Then you must concatenate them using "|", and this should be the memberset option for the cost center dimension.
  I understand that this is going to be a bit complex, but I dont see any other option.
  Hope this helps.

• How can I manage access to dimension members in a layout?

  Hello,
  I have a dimension member list of materials (400) on a "material" dimension. But some people have access to one portion of the whole group and others may have access to other groups. But the materials can be shared between groups so I cannot group them in differents hierarchies.
  The problem is in the layout you need to select a hierachy to show various rows (the whole group of materiales). The layout shows all the list of materials. Even if the user only have access to 10 of them. I don't know how is the best way for presenting this to the user? It should presents only the 10 rows corresponding to his materials.
  One way that I found (but I don't find it acceptable because of the hard effort that represents the maintenance) is to create differents member access profiles and denied the access to each material (dimension member - 390) that the user cannot modified. Then in excel I have to run a macro that hides all the rows that have an empty description in the cell of the material name.
  How can I achive this?
  Is there a function in BPC to see if a user have access or not to a dimension member?
  The only way to show in a layout various rows is to set in the view a hierarchy?
  Thanks & Regards
  SU

  hi
  pl. verify whether this will suit your requirements:
  Material           UG1           UG2
  MAT1               Y
  MAT2                                 Y
  MAT3               Y
  MAT4                                 Y
  MAT5               Y               Y
  Now UG1,UG2 diff user groups and property in Material. Assignment of Y is one time job.
  At the time of accessing the dimension members can restrict on the basis of UG1="Y" or UG2="Y" property
  Here MAT5 is common in both UG1 and UG2
  (Hardly may have 3-4 set of users: Accordingly can have UG1,UG2,UG3,UG4 etc.)
  sri

• RDMBS tables for Dimension Members Security

  Hi
  We have assign user access to Dimension members in Planning. I just want to know, which is the RDBMS table where i can get detail of the access for some reporting purpose.
  Pls its very urgent
  Regards

  If you are an Oracle dbms user then try the below - I have rewritten the script from the Cameron Blog for those of us fortunate enough not to be in sqlserver....
  SELECT
      O.OBJECT_NAME,
      -- Subquery to get user or group name
      (SELECT OA.OBJECT_NAME
          FROM HSP_OBJECT OA
          WHERE OA.OBJECT_ID = AC.USER_ID) AS UserGroupName,
      CASE
      -- Subquery to get user or group type
          (SELECT OA.OBJECT_TYPE
              FROM HSP_OBJECT OA
          WHERE OA.OBJECT_ID = AC.USER_ID)
          WHEN 5 THEN 'User'
          WHEN 6 THEN 'Group'
      END AS Security_Type,
      CASE AC.ACCESS_MODE
          WHEN 1 THEN 'Read'
          WHEN 3 THEN 'Write'
          WHEN -1 THEN 'Deny'
      END AS ReadWrite,
      CASE AC.FLAGS
          WHEN 0 THEN 'Member'
          WHEN 5 THEN 'Children'
          WHEN 6 THEN 'IChildren'
          WHEN 8 THEN 'Descendants'
          WHEN 9 THEN 'IDescendants'
          END AS Hier_Function,
      OT.TYPE_NAME AS Object_Type
  FROM HSP_OBJECT O
  INNER JOIN HSP_ACCESS_CONTROL AC
      ON O.OBJECT_ID = AC.OBJECT_ID
  INNER JOIN HSP_OBJECT_TYPE OT
      ON O.OBJECT_TYPE = OT.OBJECT_TYPE
  -- Sort on Object name, object type
  ORDER BY 6, 1

• Remove access for each member of a particular dimension from Hyperion Planning Applciation

  We are trying to remove access for groups for each member of a particular dimension( which has more than 1000 members) of a Hyperion Planning application. We are going through Administration->Manage DImensions -> member , Under security click view and select the group and then remove access But the problem is there are more than 1000 members under this dimension , so it will be time consuming to go to each member and then remove access for the group. Is there any other way we can do this?
  Also is there a way to bulk delete native directory groups from Hyperion Shared services, instead of deleting each native group manually one by one?

  The reaso we want to go for Relational tables is that when we did Exportsecurity utility for that planning application  and imported back the SecFile.txt without doing any changes ,still it errored out giving errors like :
  "The following access not imported:-"PLN-ORG-0278-999 Bureau Strtgc & Oprtnl ""PLNning",0278-999,READWRITE,MEMBER due toInvalid user name found in the file."
  It is erroing out even if we did not do any modifications to the secfile.txt.
  Moreover there are more than 1000 members for which we have to remove access permissions manually one by one. It is a tedious process.
  So we are looking at other options like , which relational tables have got Native directory groups information, and the sql queires we can execute to remove the unwanted Native directory groups from Shared Services?

• Shared services- Access Assign issue for Essbase

  Hi All,
  I need to associate Filter with a group in Shared Services, but when I go to Application Groups, right click on the Application name and select "Assign access control", but in the list of Groups that come in the very first window, i dont see all the grousp listed there, has anyoen seen thsi issue before and knows teh fix for it?

  We dont have direct Role provisioning to teh groups. Here we actualy have a group AllUsers and have added all other grousp as "GRoup membere" to thsi group/ Now this AllUsers group has teh roel provisioned to it. So in such a case, to see the grousp listed under "Assign Access Control" do they need to eb provisioned individually as well at group level, or teh above scenario that I mentioned also works fine?

• Financial Reporting: Suppress pages for large sparse dimension combinations

  Hello,
  I am trying to create a Financial Reporting report that shows only pages that are populated with data, but the dimensions that I have on the page are fairly large and very sparse. There are 8,000+ combinations of sparse members, only of which about 120 have data populated and those 120 are what I want to return on my report. I can't call out the page member combinations individually as new combinations appear regularly and I want to avoid running maintenance on the report definition each time the data in the cube is refreshed. My report isn't executing, so I suspect it is running for each of the 8,000+ combinations before determining whether or not it should render each particular page. Does this behavior sound right? If so, is there a workaround or some other trick to get Financial Reporting to test for the presence of populated combinations before rendering the pages?
  Any help would be much appreciated!
  Thanks,
  Rob M
  Synapse Group/Time, Inc.

  You can achieve this by doing following:
  1. Open report
  2. Select grid (left top corner)
  3. On 'Properties' window, select suppression
  4. Select '#Missing' in 'Basic option' section.
  Good luck & let me of the results.
  Venu

• Can't set IE Desktop as default program for Assigned Access

  I have searched everywhere for this answer.  Kiosk mode/assigned access is excellent.  But it appears that you can only use IE Modern (Metro) for assigned access and the problem with that is I have found no way to completely lock down IE Modern. 
  I can only partially lock it down but users can still get to the address bar and settings very easily.
  I either need some advice on setting IE to complete lockdown or how to set IE desktop for Assigned  Access.

  Perhaps you can create a special application that will be selected for Assigned Access. This application will then start the desktop variant of Internet Explorer (or an intermediate desktop program). There are some articles about such
  operation based on Launcher class and custom file association.

• "Assign Access Control" returns error for essbase apps in shared services

  Hello,
  I installed and configured Oracle EPM 11.1.2 (Foundation, Essbase, Planning, Reporting&Analysis):
  OS: Windows Server 2008 Sp2 (32bit)
  Default Installation with default ports,
  Installation of all components on the same server,
  no clustering
  EPM System Diagnostic says that everything is OK.
  Now I want to assign filter access for an essbase database in the Shared Services.
  Starting the menu item "Assign Access Control" in Shared Services returns the following error:
  Error 404--Not Found
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  +10.4.5 404 Not Found+
  The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
  +....+
  Can anybody help ???
  best regards,
  Nicole

  Hello,
  here's what I found out so far:
  I get the error if I start the shared services console via the URL "http://servername:port/interop/index.jsp" and then select the "assign access control" for an essbase database.
  If I start the shared services console via the workspace everything works fine.
  Does anybody know what to do so that it also works if I start the shared services console via URL?
  best regards,
  Nicole

• Activating audit for Dimension Members in BPC 7.5 NW

  Hi,
  Is it possible to activate dimension member audit in BPC 7.5 NW. Meaning, can we trace changes to master data (dimension members) in BPC 7.5 NW?
  Best regard
  SSC

  Hi,
  The Activity Auditing tracks Administrative and User tasks at the Appset level.
  This will be controlled by the Administrators to check whether activity auditing is enabled or not.
  To enable this future go to -> Administration for the Web, choose Manage Activity Audit -> then choose one or both types of activities to audit.
  Please check the help file for the same.
  http://help.sap.com/saphelp_bpc75_nw/helpdata/en/a0/2d2e0ec3da472c82a3f0ff5a96d9ce/content.htm
  Regards,
  Raghu

• Shared Services Assign Access Control for Essbase

  Hi we have a used who has his provisioning in form of filters in essbase group. I tried assigning his filter to thim through Assign Access Control in shared services. I'm able to see the user and also the the filter I created for the user but when I try to assign it to him and save it is really not getting assigned. It still stays the user doesnot have any filters assigned to his account. Am I missing anything.
  Thank you.

  Have you given maxl a try:
  grant filter appname.dbname.filtername to user;
  Cheers
  John
  http://john-goodwin.blogspot.com/