Binding members security in BPC 75 NW

Similar Messages

• Best practice tast profile security in BPC

  Hi,
  I'm in the middle of a BPC NW 7.5 implementation project and need to set up the task profiles in BPC. I'm looking for a clear description of the different tasks - does anyone now if this is available?
  Furthermore I'm interested in Best Practice experiences with task security in BPC - any input on this matter?
  Thanks,
  Lars

  Hi,
  You can extract the information from the Security Guide located on Service MarketPlace at:
  https://websmp202.sap-ag.de/securityguide
  follow the path to "SAP BusinessObjects (formerly, SAP Business User)" and select
  SAP BPC 7.0, version for SAP NetWeaver Security Guide
  hope it helps...
  regards,
  Raju

• Cannot maintain dimension members in SAP BPC

  Hello, Masters in BPC
  I have just create mention and want to input data, I used maintain dimension members CUSTOMER in SAP BPC but It seem not effect although I press Process dimension already and I open excel and paste data also saved them already. When I open other dimension and reopen CUSTOMER but nothing is shown.
  Please give me a advice to resolve the problem.
  Thanks you so much.
  Best Regards
  Chinh

  Dear Raju,
  Yes, I did it some times but nothing is happen,
  I maintain dimension members, I did it as below:
  - Choose maintain dimension members
  - copy data from excel file and paste into the dimension
  - click process dimension
  Show a dialog
  - Uncheck Take system offine
  This task is successful.
  but I go to dimension ACCOUNT in order to insert data,
  I came back maintain dimension members : CUSTOMER but I see no data is displayed.
  It is the same for ACCOUNT when I want to see data on that dimension
  when I try one more time , I click save to server, The Error message show that : Dump Error
  I reinstall BPC client and its patch but nothing to change
  How can I do???
  Thanks

• Unable to connect to environment after migrating Security from BPC 7.5 to BPC 10.1

  Hi Experts,
  We are working on BPC 7.5 to BPC 10.1 NW migration and after migrating the environment, we are unable to connect to environment.
  While trying to access, we are getting the following error:
  After taking a backup of the necessary environment in BPC 7.5 NW we are carrying out the 2 steps in the BPC 10.1 NW box:
  Step 1 : Tcode UJBR - Restore the environment in BPC 10.1
  Results: This is working fine.
  Step 2: Program UJT_MIGRATE_75_TO_101 - Running the migration utility in BPC 10.1 to make the objects compatible with BPC.
  2.1 Execute without Security Mapping
  Results:
  This is working fine. We are able to connect to the Environment and access the dimensions and models.
  2.2 Execute with only Security Mapping
  Results:
  After this step, we are not able to access the environments and are getting the Logon error.
  cannot get model "" in environment "xxxxxx" from Admin module
  The logon attempt failed; contact your administrator.
  If you have any options to resolve this error, it would be great.
  Else, we will have to re-build the entire security design manually.
  Regards,
  Sushant Pradhan

  Hi Andy,
  Thanks for your response. Yes, my id has SAP_ALL authorization.
  Still unable to access the environment after migrating security.
  To make things less complicated, we went back to BPC 7.5 NW - deleted all unwanted user ids, we kept only 3 user ids. Then, we took backup of application set and restored it in BPC 10.1.
  We created a mapping file of those 3 user ids in BPC 10.1 as NW user ids and executed the Migration utility. Again we have same error.
  Regards,
  Sushant Pradhan.

• Page Dimension Members & Security

  I have cost centers dimension in my page view on a data form. My question is that will the cost center dimension members be displayed as per security/access permissions when users click the drop down menu ? In other words, if a user only has access to costcenters a,b & c - is that all they will see ?
  Version is 11.1.2.

  Roles can be assigned to a user (via HSS):
  http://download.oracle.com/docs/cd/E17236_01/epm.1112/hss_admin/ch09s04s05.html
  Once you have created a user and assigned him roles as per your requirement, below link will help you in assigning access to the members.
  How to assign access to members in Hyperion Planning:
  http://download.oracle.com/docs/cd/E17236_01/epm.1112/hp_admin/acc_mem.html
  Cheers...!!!

• New ISC BIND packages [Security Advisory]

  Hi there.
  A new version of BIND 9.3.x (9.3.4) has been released addressing a DoS vulnerability as seen on SecurityFocus:
  http://www.securityfocus.com/bid/22231
  I don't know what's the "legal" procedure, maybe I had to mark the bind package as old before posting or something, but I just wanted to let the developers know about this.
  Thanks for paying attention... now I'll go and mark bind as old.
  Last edited by ckristi (2007-01-30 06:22:08)

  Thanks for the answer. I am using Arch as my primary workstation OS. And I am a very happy user. But I think it feels bad to see, for example, updates for beryl and not for a security advisory. I am kind of a "Linux literate". I will always use Slackware for a server due to its stability. But speed of Arch and the easiness in using it made me think that at some point I could switch at least my home server to Arch, too. Also I can and, if that's the case, will compile my possibly vulnerable program from sources before an updated package is in the repo (and if I or some security advisory site thinks it is a critical vulnerability). I was just thinking about people who think they're safe if they run "pacman -Syu" at least every day and who don't have "securityfocus dot com" or some other security advisory site in their bookmarks menu. I am one of the people who just occasionally visits securityfocus.com just to see how serious is a problem. And now, what dragged me to securityfocus was the update of bind in Slackware and Fedora which happened 4-5 days ago and no bind update for Arch.

• Dynamic Dimension members - Efficiency of BPC to handle such scenarios

  Hi,
  I am currently doing a fitment analysis for a client to understand if BPC 5.1 MS version, SQL Server 2005 (the client has this installed) can be used for their reporting requirements.
  The main requirement is that the client wants to drill down to every transaction detail. That means BPC needs to store that level of data. The number of transactions range between 50,000 to 60,000 on an average per year. Among these the master data additions include about 30,000 to 40,000 per year.
  - Has anyone been able to use BPC to work efficiently for such scenarios.
  - The other requirement is that the master data needs to automatically update without any manual interference. (I have seen in past threads the process of automatic processing of master data from a staging table on to a mbr table, now that is something that I am going to try. However if the number of master data rows exceeds the maximum limit provided by excel 2003, will the master data automatically be stored in the next sheet)
  - What are the implications for such requirements after a period of time in terms of efficiency, usage, performance etc. Is BPC the right tool for such scenarios.
  If anyone has worked on similar projects using BPC your inputs will be highly appreciated.
  Thanks,
  Prasanth.

  Hi,
  You can do dynamic SQL in SQL*Plus, also.
  [Thid thread|http://forums.oracle.com/forums/thread.jspa?messageID=2744039&#2744039] shows how to pivot a table with a dynamic number of columns.

• RDMBS tables for Dimension Members Security

  Hi
  We have assign user access to Dimension members in Planning. I just want to know, which is the RDBMS table where i can get detail of the access for some reporting purpose.
  Pls its very urgent
  Regards

  If you are an Oracle dbms user then try the below - I have rewritten the script from the Cameron Blog for those of us fortunate enough not to be in sqlserver....
  SELECT
      O.OBJECT_NAME,
      -- Subquery to get user or group name
      (SELECT OA.OBJECT_NAME
          FROM HSP_OBJECT OA
          WHERE OA.OBJECT_ID = AC.USER_ID) AS UserGroupName,
      CASE
      -- Subquery to get user or group type
          (SELECT OA.OBJECT_TYPE
              FROM HSP_OBJECT OA
          WHERE OA.OBJECT_ID = AC.USER_ID)
          WHEN 5 THEN 'User'
          WHEN 6 THEN 'Group'
      END AS Security_Type,
      CASE AC.ACCESS_MODE
          WHEN 1 THEN 'Read'
          WHEN 3 THEN 'Write'
          WHEN -1 THEN 'Deny'
      END AS ReadWrite,
      CASE AC.FLAGS
          WHEN 0 THEN 'Member'
          WHEN 5 THEN 'Children'
          WHEN 6 THEN 'IChildren'
          WHEN 8 THEN 'Descendants'
          WHEN 9 THEN 'IDescendants'
          END AS Hier_Function,
      OT.TYPE_NAME AS Object_Type
  FROM HSP_OBJECT O
  INNER JOIN HSP_ACCESS_CONTROL AC
      ON O.OBJECT_ID = AC.OBJECT_ID
  INNER JOIN HSP_OBJECT_TYPE OT
      ON O.OBJECT_TYPE = OT.OBJECT_TYPE
  -- Sort on Object name, object type
  ORDER BY 6, 1

• BPC 4.2 Security question

  Platform: BPC 4.2 SP4
  Is it possible to add a row to the security table on sql server and not have to process security through the admin client? In other words, does adding rows to the table immediately give users access to those dimension members?
  Thank you,
  Hitesh

  Hi,
      Which tables in SQL database will be affected when security is done through BPC Admin Console?
    I have compiled a list as shown below, let me know if I missed anything:
  1. Dbo.UserTeamProfileAssign
  2. Dbo.UserTeamAssign
  3. Dbo.UserProfile
  4. Dbo.Teams
  5. Dbo.TblUsers
  6. Dbo.tblUsers
  7. Dbo.MemberAccess
    The tables above are purely from the u2018Tablesu2019 folder. Are any tables in the u2018Securityu2019 folder affected?
    Assuming i am using a combination of .Net and TSQL to add rows into the tables above in order to set up the Security in BPC, do i also need to use a stored procedure to process the tables, since Sorin and Petar mentioned that merely adding entries into the SQL security tables only does half the work.
  Thanks and regards

• BPC 10.0 NW - Matrix structured security

  Hej Gurus,
  I have been searching the internet for information about the possibility of doing matrix structured security in BPC 10.0 NW.
  I have found that it is possible to do in 7.5 using a BADI, and I know that it is standard in BPC 10.1. However, I have not found a conclusive proof of it being possible in BPC 10.0 NW, can somebody please confirm og decline the possiblity of using security structured security.
  If it is possible, how can we acheive it?
  Best regards,
  Mikkel Kristensen

  Hi Gersh,
  It seems to be a hidden feature within BPC 10.1.  For example it is not mentioned in the security guide.
  What is needed is some sort of how to guide for this.  In fact there are no how to guides for BPC 10.1 at all!!  Something I find surprising as the product has been GA for several months.
  You said that it is delivered and works in 10.1.  Can you please explain how to activate and implement it.
  Regards,
  Mark

• BPC 10.0 - How can I control security at Environment level?

  Dear All,
  How can I control environment level security in BPC?
  i.e.
  User1 can work on only ENV01
  User2 can work on only ENV02 & ENV03
  etc...
  I believe this has to be done at BW level, right? If so, how can I do that in BW? Else, how can I achieve this?
  Thanks,
  Peri

  Hi Peri,
  yes, the admin panel is within the environment. So when you add users you add them to that specific environment. You can then log onto another environment and add a different set of users.
  Those users you wand to add need specific SAP role in the BW so you can see them in the first place.
  BR,
  Arnold

• LDAP SSL and Secure

  I am unable to get SSL or Secure LDAP connection to work.
  These are my settings for Directory-service:
  name: TEST
  description: TEST
  login-prefix: TEST
  type: GenericLdap
  last-sync: (no value)
  last-sync-error: The server is not operational.
  users: (no value)
  groups: (no value)
  Connection settings
  host: ldap.xon-ionx.****.se
  port: 636
  top-directory: ou=USER_CONTAINER,o=ROOT
  binding-type: Secure
  synchronization-account: cn=ZAV_User,ou=external,o=ROOT
  password: ********
  Schema settings
  user-filter: (objectClass=inetOrgPerson)
  user-class: inetOrgPerson
  user-login-name: cn
  user-first-name:
  user-last-name:
  user-full-name: cn
  group-filter: (objectClass=groupOfNames)
  group-class: groupOfNames
  group-name: cn
  group-description: description
  group-members: member
  Message from server is not saying much: Not synchronized (error: The server is not operational.)
  Debug log output as follows:
  05-07-2013 08:47:09.9960 - Critical - 0x0C5C: Directory service TEST could not be completely synced. Connection settings: host ldap.xon-ionx.****.se, port 636, top ou=USER_CONTAINER,o=ROOT, user cn=ZAV_User,ou=external,o=ROOT, type Secure, ufilter (objectClass=inetOrgPerson), uclass inetOrgPerson, uuname cn, ufname , ulname , uflname cn, gfilter (objectClass=groupOfNames), gclass groupOfNames, gdescription description, gmembership member
  The server is not operational.
  at System.DirectoryServices.DirectoryEntry.Bind(Boole an throwIfFail)
  at System.DirectoryServices.DirectoryEntry.Bind()
  at System.DirectoryServices.DirectoryEntry.get_AdsObj ect()
  at System.DirectoryServices.DirectorySearcher.FindAll (Boolean findMoreThanOne)
  at System.DirectoryServices.DirectorySearcher.FindAll ()
  at Spoon.Server.Common.Data.Library.DirectoryService. _SyncNode(LibraryDataContext dc, DirectoryServiceNode dsn, Dictionary`2 dictUsers, Dictionary`2 dictGroups, Dictionary`2 dictUsersToInclude, Dictionary`2 dictGroupsToInclude, Int32& iUsersAdded, Int32& iGroupsAdded)
  at Spoon.Server.Common.Data.Library.DirectoryService. Sync()
  /Mathias

  Do other binding options function as expected (Simple, Anonymous)? I'm also working on setting up a test environment to try and reproduce this. If I find something that can help, I'll update the thread.
  The support team could open a proper ticket with Spoon about this, but it requires that you open an SR first.

• How to hide member Account dimension from BPC Administrator for Reporting

  Hi experts, i need to hide some members of the Account dimension for reporting, because those members dont use it anymore, but i dont want delete them.
  The question is: Does it exist any propierties for this dimension type that allows hiding members in reporting without set members in the BPC for Excel?
  I can create a report which contain the members i want to show, but if any change occurs (client desire) the report is outdated.
  Thank you in advance
  Ignacio Vazquez

  Ignacio,
  There is no function like that.
  You can choose below two options.
  1. Create a property like  'NOUSE'  and set a value 'Y' for unused member
       When you create EVDRE report, set a filter against that property that has value 'N'
       then those members will not be shown at the report.
  2. Create 'NOUSE' parent member and put members under this parent member.
  Maybe option 1 is more easier to do that.
  I hope it will help you
  James Lim

• Data (Master Data Changes and Transaction Data) from SAP BW to SAP BPC 5.1

  Hi guys
  I have seen posts on this forum describing data transfers from SAP R/3 to SAP BPC. I assume the procedure for data transfers from SAP BW to SAP BPC 5.1 should be the same i.e. using SSIS packages.
  However I have some unique requirements -
  1. DATA AT DIFFERENT AGGREGATED LEVELS - I need data from SAP BW at different levels - Some data comes at Product level while other at Customer level and some at Project Level. The current procedure takes BW queries output in excel sheets (6 files) and then use the data manager package to load the data in SAP BPC 5.1 using appropriate transformation and conversion files. This procedure is highly manual and I am looking at using SSIS package to do this. However, because of having data at different levels, it becomes a little tricky. How can we achieve this using SSIS?
  2. UPDATING MASTER DATA - I need to update the master data (dimension members) in SAP BPC 5.1 at the start of every month. The current procedure compares (in MS ACCESS) the data from the queries mentioned in 1 to the dimension members in SAP BPC 5.1 and spits a file with the new entries which needs to be manually updated in the appropriate dimensions using Admin Console. I am looking at automating this task. I cannot just replace all the contents of a dimension with the members coming from SAP BW since the dimension members contains some dummy members which are used for planning.
  3. HIERARCHY CHANGES - What is the best way to capture the hierarchy changes in SAP BW into SAP BPC 5.1?
  Please advise.
  Thanks,
  Ameya Kulkarni

  Hi Ameya,
  how did you solve the described problems? Can you give some hints about uploading master data and updating the hierarchy?
  BR, André

• How to implement row-level security in Discoverer?

  Dear all,
  I have a scenario that I have 2 folders containing sales and inventory data stored by product lines.
  The 2 folders are constructed by 2 SQL statements.
  There exists a set of tables controlling which product line's sales and inventory data a person can read.
  A function is written previously that returns the WHERE clause based on user_id, employee_id and the other parameter.
  So, can you suggest how to integrate the 2 components in Discoverer?
  thanks
  George
  My blog: http://hktour.blogspot.com

  hi Rod,
  Thanks for your suggestions.
  I took your 1st option, ie.
  "You can use VPD at the database level to secure the tables."
  I have a view BUDGET_V with the following columns:
  PERIOD_YEAR
  PERIOD_MONTH
  PRODUCT_LINE
  BUDGET_AMOUNT
  Every salesman can only read the budget amount of certain product lines.
  I built the security function which will be binded to the view BUDGET_V (see below)
  FUNCTION security_policy_function( p_schema in varchar2, p_object in varchar2)
  return varchar2
  as
  begin
  if (user = p_schema) then
  return '';
  else
  return viewProductLine(FND_GLOBAL.USER_ID, FND_GLOBAL.EMPLOYEE_ID, 'BUDGET_V.PRODUCT_LINE');
  end if;
  end;
  The security function actually calls my own security function viewProductLine(FND_GLOBAL.USER_ID, FND_GLOBAL.EMPLOYEE_ID, 'BUDGET_V.PRODUCT_LINE') which take the user id and employee id of the apps user and returns the predicate.
  Then, I bind the security function security_policy_function() to the view BUDGET_V with
  begin
  dbms_rls.add_policy
  object_schema => 'APPS',
  object_name => 'BUDGET_V',
  policy_name => 'MY_POLICY',
  function_schema => 'APPS',
  policy_function => 'security_policy_function',
  statement_types => 'select',
  update_check => FALSE,
  enable => TRUE
  end;
  The problem now is that if I query the view in Discoverer as a Apps user (say "A"), it returns all the records in the view without any filtering (user "A" is supposed be able to read certain product lines).
  I try to verify whether the security function work or not. So, I hardcoded FND_GLOBAL.USER_ID and FND_GLOBAL.EMPLOYEE_ID as 1234 and 6789 which are the user_id and employee_id of user "A". (see below)
  FUNCTION security_policy_function( p_schema in varchar2, p_object in varchar2)
  return varchar2
  as
  begin
  if (user = p_schema) then
  return '';
  else
  return viewProductLine(1234, 6789, 'BUDGET_V.PRODUCT_LINE');
  end if;
  end;
  This time, Discoverer returns only the records with product lines visible to user "A".
  So, I guess there is problem in the function call in viewProductLine(FND_GLOBAL.USER_ID, FND_GLOBAL.EMPLOYEE_ID, 'BUDGET_V.PRODUCT_LINE');
  Can you give me some light on this issue?
  thanks
  George (HK)
  My blog at http://hktour.blogspot.com