Automagic User Provisioning Essbase + Shared Services
Hello All,
I have recently been able to figure out how to use the Shared Services API for 11.1.2 in a previous post:
Shared Service API Working 11.1.2
However, all of the user management and provisioning examples work with native users. Has anyone used this API with active directory or LDAP users? Is there some other way (export/import utility)?
My problem is that I need to be able to script the user management with shared services and have not been able to find much help. In the past, we ran Essbase in standalone mode and were able to handle this via MaxL generating essbase native user accounts. This will no longer work since we want to use shared services when upgrading to Essbase 11.
After your comments I looked a bit more closely at the DDL for create user. It looks like i need "type external";
MAXL> create user 'someuser' type external;
OK/INFO - 1056060 - User [jdp5209] created.
This is what i want!
MAXL> create user 'someuser' identified by 'somepass';
OK/INFO - 1056060 - User [someuser] created.
This is not what i want, creates Shared Services native user.
It seems obvious now, but before, shared services (CSS module to essbase) was "external" so the old external is the new native.
Sorry, new to shared services! This works. Thanks all
Similar Messages
-
While serching users provisioning in Shared Services it says...............
Operation cannot be completed.
We are able to search users in the directories but ...not able to see their provisions!Are you trying to look at user provisioning Reports ?
Please elaborate -
NSAD user directory for shared services not working
Hi!
Im trying to configure a MSAD user directory for shared services in Essbase 11.1.2.1. I have done it correctly in Essbase 9.3.1.
Back then i had to import certificates to the cacerts java file. Is it still necesary? I dont see it mentioned anywhere in the v.11 docs, however, its not working using same parameters. I get an error saying i have specified "either host or port value incorrect".
Do i have to import certificates or am i missing anything else, can anybody help?
Thanks!!
JorgeCertificates have nothing to do with MSAD.
when you reach to "MSAD user configuration" tab in Shared Services, try to see if you can auto configure user by inputting: sAMAccountNmae="some user ID", replace some user ID with your or admin ID, and verify if you can pull the users from the MSAD. -
Installation of Essbase, Shared services and Planning
Hi,
I am using Essbase (64 Bit), Shared server and Planning +mandatory component of hyperion:
Can i install 32 bit applications Planning, Shared services, Analytic Provider on 64 bit OS (windows 2003 EE)
Regards
KumarCross post :- Installation of Essbase, Shared services and Planning
Cheers
John
http://john-goodwin.blogspot.com/ -
Porting the Essbase/Shared Services to other landscape.
Hi ,
I need to port/refresh the Essbase/Shared Services (11.1.1.1 on Windows) from Development Environment to Test Environments. Both Environments are under different domains and I dont think I can usre LCM. I have already setup the Foudataion/Shared Services and Essbase on Destination Host. Can someone guide me how I can move the Essbase/Shared Services accross these Environment manually. Any document refrence or step by step instruction will be great help.
Thanks in advance.
-Samar-John,
I never worked with CSSImportExport. I will be moving Planning Applicatoin, HFM and FMD along with Shared Services and Essbase. Can I use CSSImportExport for HFM/FDM etc. If you can point out to any good working example or doc on CSSImportExport that would be really very helpful to me. In the mean time , I willl be googling arround the internet about it.
Regards
-Samar- -
Hi,
Can any one tell me what are the significant improvements in Essbase Shared Services with the new Essbase 11.1.1 version over the Essbase System 9?
If anybody know this, Please let me know. It will be a great help to me.
Thank you very muchFor all those people that like to read about the latest version of Oracle Essbase.
http://download.oracle.com/docs/cd/E12825_01/index.htm
Brian Chow -
Create new user for Essbase Integration Services
Hi,I have two users witch creates olap models and metaoutlines.So I would like to create new user at Essbase Integration Services. How to create new user at Essbase Integration Services level?My system:Essbase Server 6.5.1Essbase Integraion Services 6.5.1Essbase Administration Services 6.5.1Thanks,Grofaty
A user at EIS level is actually a user set up on the relational catalog where your olap models/metaoutlines are stored. For instance if you got to the OLAP model properties dialog and the General tab you can see the owner here is the user you use to connect to your catalog. You can also prevent other users from accessing models not owned by them by setting the security option from the drop-down list on this tab.Mark Rixon www.analitica.co.uk
-
Essbase - Shared services security , User provison
Hi,
I am new to 11.1.1.2 Hyperion version.(worked on 9.3.1) I have some doubts on the user security in 11 version.
We have Distribution environment setup like Essbase on linux and remainng applications on windows 2003 server. Essbase is also registerd with shared services. Here are my questions.
1. If I change the Shared services Admin password (default password) will it effects any other applications?
*2. How to change essbase admin password (default password)?(from foreground we can change first time only)*
3. I am trying to login into EAS as well as essbase admin user but under essbase I am not able to create New User. The Create users option on security is disabled seems like already externalised. I am not able to get those users who are created in shared services evnthought using Refresh from Shared servcies+ option in essbase.
4. If I want to a user with only essbase applicatons provisioned what is the procedure.
Here i followed the procedure. Created xyz user in shared services and provisioned Only Demo applications. trying to loing EAS with xyz credentials login successfull and prompted for essbase credentials with server name , username (Extername authentication) getting failed. If i provide admin password at essbase server leverl i am able to connect and see all applications.
Please help me on this...
Regards
PrakashVHi,
Is it the base install of 9.3.1 or is it a later version like 9.3.1.3
I know there have been a number of security issues being addressed since the base version.
e.g.
Security. Users are not de-provisioned properly, causing Essbase applications to remain accessible to
them. [7197541]
Cheers
John
http://john-goodwin.blogspot.com/ -
Essbase, shared services, projects, users
I have installed shared services and cnfigured it
now installed essbase
EAS
Provider services
and configured in the above mentioned manner
(DID not start essbase and EAS till now)
when I log into shared services....i see only bussines rules under projects
no analytical services under unassigned applications.....
how can i see essbase server in shared services user management console.......
it might be a basic funda....i am not getting
help me in solving this....
Thanks in advanceHi,
Have you converted essbase from native security mode to shared services security.
In EAS, right click security and choose "Externalize users"
Cheers
John
http://john-goodwin.blogspot.com/ -
Essbase - Shared Services - Maxl - User creation
Hi,
I have an issue looking similar to [Automating User/Group creation & Assigning filters in Shared Services|http://forums.oracle.com/forums/thread.jspa?threadID=1009127]
When trying to add internal groups to an external MSAD user, I get following messages:
h3. when adding a group to an external user:
h6. alter user 'x29027' add 'GR_GROUP';
Maxl returns:
h6. Statement executed with warnings.
h6. User x29027 does not exist
=> the system does not recognize the user
h3. when trying to create this user first as an internal user
(based the settings from on another external user)
h6. create or replace user 'x29027' identified by 'password' as 'i09740';
Maxl returns:
h6. Statement executed with warnings.
h6. A user/group with the same name (x29027) exist at Shared Services
=> the system does recognize the user in MSAD!
===> both statements seem to be contradictory!!!
h3. Other remarks/thoughts:
- we have two MSAD links (to two different domains), does this matter?
- no difference when addressing users as x29027@MSAD_FIB (a syntax similar to the HSS security report output)
- any possibilities in creating a user internally first (using the 'as' option; to copy settings from another user) and then moving to external? (like alter user 'Test_EDR4' set type external;)
Thanks in advance
Erik
Environment: Essbase 9.3.1.3. with Shared ServicesHi Erik,
When you create an user in Essbase, the user will be created both in Essbase as well as Shared Service,
where as when you create an user in Shared service, the user will not be created in essbase untill you perform refresh.
In your case you can create the external user in Essasbe by using "Create user 'x29027' type external;'.
By this you will be creating the user in Essbase and the particular user is recognised in Essbase.
Now you can add him to any group.
- Krish -
Essbase - Shared Services security problem
In a Shared services enabled Essbase server,
For a user/group can we define different access levels (say Read on one & Write on the other) to different databases belonging to the same application (BSO)?
If not, Is there any alternative?
Appreciate your thoughts.
Thanks,
Ethan.Of course you can.
If you're on v11, the steps are as follows:
1) Create a group (I am going to assume groups and usernames).
2) Provision the group Essbase server access and Read access to My Very Favorite Essbase Database In The Whole Wide World (MVFEDITWWW) -- Sample.Basic. You could get fancy and create a two level group hierachy with the upper level group provisioned ot Essbase server access and the second group Read access to Sample.Basic if you wanted to.
3) Expand the application groups and drill into Sample. Right click on Sample and pick Assign Access Control.
4) An Application tab will open up with a Database drop down. Select Basic and check off the box that relates to your group. It will have the role of Read.
You have just assigned access to Sample.Basic.
Follow the same steps for Sample.Intl, etc., etc.
Regards,
Cameron Lackpour
P.S. I believe the above holds true for 9.3.1 but the interface looks a little different. I never did it there -- all of my System 9 work was, alas, Planning only. -
How to disable the User directory in Shared Services?
Hello,
We need to disable (Not Delete) the User Directory in Hyperion Shared Services. We are using the Hyperion version 9.3.1. Is there a way we can do this?
Thanks
SFrom the 9.3.1 docs:
"If you do not want to use a configured user directory that was used for provisioning, remove it from the search order so that the user directory is not searched for users and groups. This action maintains the integrity of provisioning information. It also enables you to use the user directory at a later time, if needed."
http://docs.oracle.com/cd/E10530_01/doc/epm.931/html_cas_help/frameset.htm?removesearchord.htm
Cheers
John
http://john-goodwin.blogspot.com/ -
All,
I am on 9.3.1
Until now I have users only to planning app.
Now most of the above users need access to a native essbase app (with out planning).
In SharedServices, Under projects->AnalyticServer->AnalytciServer, only users are listed (no groups) and their "User Type" is planning.
Now I have to change them to "Planning, Essbase" for each user.
I didn't find "User Type" in corresponding section in the export of CSSImportExport utility.
have lots of users , Is there any way to automate?
Thanks
KrishnaMake sure the users/groups have the essbase role of server access
Then in shared services right click the essbase server and select "assign access control", select users/groups then you should be able to define the type of access essbase/planning.
Cheers
John
http://john-goodwin.blogspot.com/ -
Integrate active directory with Planning/ Essbase shared services security
Hi All,
we try to set up MSAD integration for Planning and Essbase 9.3.1.
Everyting works fine but the accounts that pop up are first and last name in the user field instead of the userid used in windows to login. so in windows i login with mroest but now in Hyperion i have to use Marc Roest.
DC=NL, DC=xxxx, DC=Corp
ID Attribute = ObjectGUID
User DN: CN=Adm Hyperion, OU=xxxx, OU=Utr
Can anyone please help how to use the samID as defined in MSAD instead of the full name as is now?
Thanks very much in advance,
MarcHi John.
Do you know why OpenLDAP database would not migrate to the unique identity attribute say if I use sAMAccountName for the ID Attribute field on the MSAD User Configuration screen in Shared Service? It will not update the identity in OpenLDAP when I browse it, even after all the services have been restarted, including OpenLDAP and Shared Services...
Any help would be appreciated.
Thanks
.-a furstrated programmer... -
How to Create Bulk Users in Hpyerion Shared Services Console
Hi All,
I need to create bulk users in Shared Services Console. Since i have huge number of users so i don't want to use Front End. Instead i prefer to upload some CSV sort of stuff.
For this i export Shared Services console and open its Users.csv file.
Now my plan is to add all my users here and then will Import that Shared Services Console backup.
The only point where i am confused is that how should i specify Encrypted Passwords in Users.csv file and also what should i write in "internal_id" columnIf you are using LCM and these are native users then you should be able to enter an uncrypted password and when it is imported it should be encrypted.
Leave the internal id column blank for new users, test by creating one new user.
Cheers
John
http://john-goodwin.blogspot.com/
Maybe you are looking for
-
Using Table Name reference in formula results in #VALUE error
In Excel 2010, I have an OLE DB connection that brings in data from an SQL query. Excel automatically created the table reference for this (Table1). The table contains headers and Excel knows this; they are formatted in the table as such. When I try
-
OBIEE 11.1.1.6 problems with weblogic user
Hi, I have set my Active Directory provider access in OBIEE 11.1.1.6, it's working fine for all my users in my active directory, but I can't open my repository online or access answers with weblogic user. My control flag is optional btw. Anybody know
-
Why do JCo destinations green in designtime, fail during runtime ?
Manually verified JCo destination, both ping and test works. Ran the WebDynpro console sanity check tool. All tests green. When the application then tries to create a Jco connection during runtime I get these logs in defaultTrace on EP: Could not cre
-
Hi, I have a requirement to add the number of the day in the year to the message and concatenate with HHMM as shown below like this :1205001...12:HH,05:MM; 001(1st day of the year) ex2: 0204365...02:HH;04:MM;DDD:365(last day of the year) ex3: 0209236
-
Love the iPhone but we have noticed in our business that it simply doesn't support all the ActiveSync protocols. The most notable one is Smart-Forward and Smart-Reply. The net result of this is (1) we risk losing formatting when forwarding emails (pa