DRM Hierarchy security setup

I want to use DRM to restrict hierarchy maintenance and split the same into 2 users groups depending upon hierarchy level. Customer hierarchy upto first 5 generations can be managed by one user group where as below 5th generation, the same will be managed by 2nd user group. The 2nd user group will not be able to change anything in the first 5 generation.
Once the hierarchy is built, the first 5 generations need to be mapped as dimension hierarchy in Planning where as the complete hierarchy needs to be mapped to ASO application.
Is this possible using DRM?
I tried using EPMA for the above, but with shared library, I can edit all the generations and could not restrict users to specific generations.
Please guide.

To make your life simple, what you can do is, get an extract of all your Level 3 and Level 5 Parent nodes and create an action script to update the Node Access.

Similar Messages

  • Security Setup not working

    Hi,
    As a part of security setup we have done the following things:
    - Users created and assigned as members of groups. One group is created per entity.
    - Groups have been provisioned for the application and given security class access
    - Security classes have been created and attached to metadata. for e.g, all entities have been attached a Sec class in properties.
    - In application settings, Node Security = Entity, Security for Entities is Checked, Enable Metadata Sec Filtering is also checked.
    Even after this, the security setup doesnt seem to be working. A user with minimal provision (only Data Form Writeback from Excel) and no security class access is also able to see all the entities, also other forms, grids, etc which have been attached diff security classes. He is able to edit the forms and grids.
    Can anyone help out as to what is it that we are missing?

    What role(s) do the users have? Any user with the Administrator role bypasses class access checking and is assumed to have full access to everything. No other role provides this bypass.
    Editing forms and grids has nothing to do with Entity security. If the forms and grids have no class assigned to them, they use the [Default] class which I suggest all users have All rights to anyway. If there are grids/forms you do not want users to change, you should assign a specific class to them, other than [Default].
    Enable Metadata security filtering should restrict users from seeing the members for which they have None access to, but as long as they have Read or All access, they will see the members in a pick list.
    --Chris                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

  • Security Setup

    Hi,
    We are having HFM used for reporting and consolidation.
    Two Specific issues/questions
    1) We are having seperate Development, UAT and production environments. However the security setup/AD groups for all three environments are same. We cannot create different security groups in three different environments as it will affect meta data level changes.So the issue is that , person having UAT environment is also able to access the production system, as AD groups for security class are same. Is there a way we can diffentiate the security of three different environments?
    2) HFM offers application adminsitrator roles. However, we are having 3 different team:
    A) One performing change management such as meta data level changes
    B)Second one performing security
    C)Third one performing maintainance actiivites such as dispensation, bypass,validation tolerane limit load excahgne rate.
    Is there a way we can segregate these responsibilites by setting up different access/roles for the users.
    Your help would be much appreciated.

    Hi,
    In regards to question #1 :
    Option a - Use Native Groups. If you were using Native Groups as opposed to the AD groups, you could keep everyone assigned to the same groups and simply have different levels of access between the apps. A lot of systems will use Native Groups with external directories (i.e. Active Directory) for users. This probably isn't something of interest since you already have everything in AD and would be a lot of hassle to rework....
    The other options I propose really depend on what exactly are you trying to accomplish in DEV vs PROD in regards to security. They are somewhat hackish but would solve your issue....
    Option b - If you want everyone to have full access to everything in DEV as opposed to more limited access in prod, give the WORLD built in group access to all of your security classes in DEV only.
    Option c - If you want everyone to have the same entity / account access just a different level (i.e. Read to Write), then you can just extract the production security file and replace all the security class access items from Read to All, etc.
    Option d / e - If you want to give people different account / entity access as opposed to level of access, this is a bit trickier because any moves you make in AD would apply for all of the apps.... I would think this wouldn't be that common and maybe you only need this for a couple people? For the few instances of this, I think the best bet optiosn are : d.) create a Native Group and put them in that with the proper security class access. e.) Assign the user directly to the security class with the proper access in the environment. Security class access is not contained in AD and the changes would not automatically propagate..... If you have to do this for a "ton" of users, it wouldn't be much fun though.
    In regards to question #2 -
    A) - First of all, if someone has the HFM client or a text editor and access to the metadata file, anyone can make the changes. Your best bet is to control the extracting and loading aspect of this. The 'Load System' role will control who can load metadata to HFM.
    B) - Provisioning Manager will allow changes to user access to the App
    C) Not sure what you're looking for here. Exchange rates would be a data load so they would need to be able to load data to the system. This sounds like more of an Account / Entity access item so you would need to make sure the user has proper security class access in HFM.

  • Security setup operations failed: creating system keys

    I have just downgraded my T60 laptop from Vista to windows xp using the lenovo CD's.
    Everything seems to be working well, except that each time I boot up the computer, the lenovo security setup software runs.  If I follow the menus all the way through, I get to the following error on the last screen:
    "your security settings have been configured however, one or more setup operations failed: creating system keys"
    There was also a message that previously briefly flashed during the bootup (on the "bios" screen?) which stated that the system was designed to use fingerprints to protect something or other, but this was not enabled.  However:  I then ran all updates for windows xp and for lenovo drivers etc.  This message has now gone away (and unfortunately I didn't write it down).
    I'm guessing the failure to "create system keys" results in the software running each time I boot up.
    Another possibility:  I have not yet enabled the symantec security, as I intend to uninstall it and use other virus protection software.  Could this be causing the"failure to create system keys"?
    (The fingerprint reader works fine, and reads my fingerprint at the windows logon screen.)
    **UPDATE**:  uninstalled symantec security software, and this had no effect.
    Message Edited by orson_m on 12-29-2008 02:47 PM

    I have just downgraded my T60 laptop from Vista to windows xp using the lenovo CD's.
    Everything seems to be working well, except that each time I boot up the computer, the lenovo security setup software runs.  If I follow the menus all the way through, I get to the following error on the last screen:
    "your security settings have been configured however, one or more setup operations failed: creating system keys"
    There was also a message that previously briefly flashed during the bootup (on the "bios" screen?) which stated that the system was designed to use fingerprints to protect something or other, but this was not enabled.  However:  I then ran all updates for windows xp and for lenovo drivers etc.  This message has now gone away (and unfortunately I didn't write it down).
    I'm guessing the failure to "create system keys" results in the software running each time I boot up.
    Another possibility:  I have not yet enabled the symantec security, as I intend to uninstall it and use other virus protection software.  Could this be causing the"failure to create system keys"?
    (The fingerprint reader works fine, and reads my fingerprint at the windows logon screen.)
    **UPDATE**:  uninstalled symantec security software, and this had no effect.
    Message Edited by orson_m on 12-29-2008 02:47 PM

  • Shared Service Security Setup - Demo Doc

    Hello Friends,
    Was just checking if anyone of you have a quick small document which would explain the security setup module in Shared services
    with Users, Roles, Groups, filters
    Type of access READ WRITE, META READ WRITE etc in a pictorial format.
    Just have to give a demo to my fellows.
    Thanks in advance
    MS

    Try
    http://docs.oracle.com/cd/E17236_01/epm.1112/hss_admin_1112200/apas02.html
    http://docs.oracle.com/cd/E17236_01/epm.1112/hss_admin_1112200/ch09s04s08.html
    http://docs.oracle.com/cd/E17236_01/epm.1112/hss_admin_1112200/ch09s04s07s01.html
    http://docs.oracle.com/cd/E17236_01/epm.1112/esb_dbag/dsefilt.html
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • Security Setup Wizard keeps appearing on startup

    For some reason, the Security Setup Wizard keeps appearing everytime I logon.  There seems to be an error when it is completing the last steps of the process.  I enter all the information requested and get to the last page and I get an error message that it cannot create the "system keys."  What are the system keys and how do I fix this error?
    If I cannot fix the error so that the wizard can complete its tasks, how do I prevent it from running on startup in the first place?  I checked the run list in the registry but it doesn't seem to be listed there.

    Hi sclexman,
    Thank you for your good instructions and prompt reply.  I don't often see such patient or helpful people outside of the ThinkPad community!
    My system has been running beautifully for well over a year.
    I am running Windows XP Professional on my IBM ThinkPad T60p.
    Typing something like ThinkPad "Security Setup Wizard" into Google with quotation marks, you will get better results.
    I literally get exactly what is described above by the other people.
    My problem is the Wizard which keeps popping up every time the computer restarts, but the "system keys" step is where the wizard gets stuck, so I thought that might be the cause of the problem.
    I put off setting up my security software with fingerprint reader for years, and I just got around to it yesterday.  The wizard popped up every time I started up since I got it, but when I went through the wizard and set everything up, it finally stopped popping up.
    Shortly after, I  went poking through the advanced settings of the ThinkVantage Client Security Solution program and accidentally clicked "Reconfigure security settings".  This brought up the same wizard again, and made me re-enter all of my passwords and security questions, which was quite a hassle.  This is the time it failed at the "system keys" part of setup; the first time took longer, but it was successful.
    My big reward at the end of this was supposed to be the wizard leaving me alone at startup, but he will not stop his familiar haunt!
    Any help is appreciated.
    Thanks,
          Thomas
    Security Setup Wizard that won't stop popping up:
    Wizard after initial successful completion.  If done over, it won't get past the second step.
    I don't want to try creating my own system key as your WikiHow link describes, as I'm not entirely sure what I'm doing, and I don't want to actually break my system's security!  Everything is working perfectly now security-wise, except for this pop-up window!!!
    P.S.
    I took so long to reply because when I tried to change my e-mail address to the one I check most often, I was completely locked out of my account.  I did not receive any confirmation e-mail no matter how many times I clicked re-send.  Today I changed it back to my Hotmail account, and it came within five minutes, so I'm back in. Since Hotmail works, I am guessing that the spam filter on my school's e-mail servers is cranked up too high, rather than any problem on Lenovo's part.

  • What does 'security setup forms that accept sql statement' mean?

    I was referring one white paper 'Best Practices for Securing Oracle E-Business Suite'.
    I would like to know what does 'security setup forms that accept sql statement' mean in that?
    My question is
    Where can the SQL statements be entered?
    It would be better if I can have some examples of the same. I am trying to understand this statement.
    Edited by: Kavipriya on 30 Mar, 2011 3:37 PM

    It is explained in the same docs.
    Best Practices for Securing the E-Business Suite [ID 189367.1] -- Page 26, under "LIMIT ACCESS TO FORMS ALLOWING SQL ENTRY" section.
    Best Practices For Securing Oracle E-Business Suite Release 12 [ID 403537.1] -- Page 22, under "LIMIT ACCESS TO FORMS ALLOWING SQL ENTRY" section.
    Thanks,
    Hussein

  • BO XI 3.1 Security setup

    Hi,
    Can anybody help me to provide security model for BO XI 3.1 platform. We are migrating from BO 5.1.x to BO XI 3.1.
    As Xi 3.1 security setup has changes compare to XI R2. Please let me know the details and suggest to proceed.
    Thanks in Advance.
    Cheers,
    Krsna

    Hi,
    You can check this forum post, very handy :
    http://www.forumtopics.com/busobj/viewtopic.php?t=119849&highlight=security+mortals
    For the details, read everything and you will have an idea on how to start.
    Samuel.

  • Security Setup Wizard

    How can I turn off the security setup wizard that runs every time I boot the system up?

    How can I turn off the security setup wizard that runs every time I boot the system up?

  • Error authSwf / authSwf.3329.10600: Internal DRM or DRM server security error

    Watching XFINITY on xtv.comcast.net was working fine for the last few days until just recently - when I try to log in it says "adding device" even though they should already be added, and eventually comes up with this error: Error authSwf / authSwf.3329.10600: Internal DRM or DRM server security error I've reinstalled flash player, rebooted my computer, rebooted the DVR, cleared all cache/cookies, you name it. Nothing works. This is in both in the latest versions of Firefox and Chrome.  Called XFINITY phone support twice and was told I was being "transferred" then disconnected twice...frustrating.

    if you're having the error on Google Chrome, go to settings | then at the bottom click advanced settings | then under privacy click on content settings | scroll down about two thirds down and under protected content click on the allow identifiers box. Milage may vary but worked for me when nothing else would. Before I found this fix, Firefox worked for me so you could try that as well. Just FYI when Comcast says engineers are working on the problem, all that means is that every once in a while a rep comes online and says engineers are working on it. It's been way over a year and the only fix they've ever suggested is reinstall flash. Takes a brilliant engineer to make that suggestion. Hope this helps someone.

  • MultiPool suspension failures and security setup

    Hi,
    I am testing a multi-pool on 81sp5 and when I pull the plug on one of the underlying databases I get the following error (& the pool goes to the Unhealthy state but not to the Suspended state).
    <07-Feb-2007 14:46:46 o'clock GMT> <Error> <JDBC> <BEA-001254> <MultiPool PhxAvlMultiPool unable to
    disable connection pool phxAvlPoolA, got exception: weblogic.common.resourcepool.ResourcePermissions
    Exception: User "<anonymous>" does not have permission to perform operation "admin" on resource "phx
    AvlPoolA" of application "null" of type "ConnectionPool".>
    Does this mean to use the multi-pool effectively I also need to modify the security setup? (I am currently using the defaults). And does that mean I should grant admin privs on the pools to the anonymous user (which seems wrong)?
    NB If I specify the CountOfRefreshFailuresTillDisable attribute, then I still see the error message but the pool goes to the Suspended state anyway; presumably via some other means.
    Cheers,
    Trent

    Dave Woolaway wrote:
    Hi,
    I am testing a multi-pool on 81sp5 and when I pull the plug on one of the underlying databases I get the following error (& the pool goes to the Unhealthy state but not to the Suspended state).
    <07-Feb-2007 14:46:46 o'clock GMT> <Error> <JDBC> <BEA-001254> <MultiPool PhxAvlMultiPool unable to
    disable connection pool phxAvlPoolA, got exception: weblogic.common.resourcepool.ResourcePermissions
    Exception: User "<anonymous>" does not have permission to perform operation "admin" on resource "phx
    AvlPoolA" of application "null" of type "ConnectionPool".>
    Does this mean to use the multi-pool effectively I also need to modify the security setup? (I am currently using the defaults). And does that mean I should grant admin privs on the pools to the anonymous user (which seems wrong)?
    NB If I specify the CountOfRefreshFailuresTillDisable attribute, then I still see the error message but the pool goes to the Suspended state anyway; presumably via some other means.
    Cheers,
    TrentHi. This is a known bug with a fix available. Ask support for the
    patch for CR251945, CR251945_81sp5.3.jar
    Joe

  • ** DRM - Hierarchy maintenance

    Hello Friends,
    We are planning to use DRM (Data Relationship Management) for our hierarchy setup and Maintenance. One of the main usage of this would be to have alternate hierarchy populate for Hyperion planning/Essbase with version controls etc...
    Like to know couple of things:
    - Any CONS (Or) things that we can't do that we should be aware?
    - Ideal Deployment? /* We are thinking to have DRM on Win2003 Server. Not sure Web Logic be optimal for having has a Web Server? */
    Any feedbacks are appreciated.
    Thank you!!

    DRM is typically used to manage this type of environment. The only thing I would suggest is that you read up on the difference between global and local properties. When building alternate hierarchies, you want to share property values (or avoid populating property values twice) between hierarchies. Beisdes that, DRM has worked well for us here at the bank.
    We also use Windows 2003.
    D

  • No icon for security setup

    I have a new Linksys wireless router that I successfully installed yesterday.  It seems to work fine.  But I cannot setup the security because there is no icon in my system tray in the lower right corner of my screen.  There are lots of icons there but no Linksys icons.  I reinstalled the router but still no icon.  I have looked at the entire tray, not just the most used icons.
    Any suggestions?
    Amy

    Amy are you talking about wireless security?
    Try to go to http://www.linksys.com/kb.
    look for answer id 949
    it has explicit intsructions on how to setup wireless security.
    I read this website alot and it teaches you alot of things,
    "Give them nothing... But take from them everything..."
    -Leonidas "300"

  • Roll based security setup in jsf

    hi all,
    can anyone write me the procedure how to setup roll based security that is, when a user login to my page, menu will be created that i have set for that user in database.
    i also need to know the process, how to set role in database....
    Thank you

    i want to put all information include user access
    role in database.
    please tell me, how to do this..
    Thank you1. create a table called USERS.
    2. create columns in this database that include but are not limited to, USERNAME, ROLE.
    3. Populate the table.
    4. When a user logins, query the table.
    5. Direct the user to the appropriate JSP based on the role using RequestDispatcher's facilites.

  • Nakisa Org Hierarchy view setup

    Hi,
    Does anyone have any information on setting up the Org Hierarchy view in TVN? Currently I only have a single, blank box displaying on the Nakisa webpage in the Org view (under Position tab).
    Also, I'm looking for the full document set and a config manual (other than the installation guide and administrator guide available after installation).
    Any assistance will be greatly appreciated.
    Dirk.

    Hi David,
    Usually these fields are stored by default. They are a standard set of names that are used by the BAPIs that get and return the data from SAP. These are:
    OrgUnit Hierarchy:
    Hierarchy ID: Object_ID
    Parent ID: ParentNo
    Element ID: Object_ID
    Position Derived:
    Hierarchy ID: Object_ID
    Parent ID: <blank>
    Element ID: EmployeeID
    Sucession:
    Hierarchy ID: Object_ID
    Parent ID: <blank>
    Element ID: Object_ID
    Youalso  need to make sure the link settings are also populated.
    If you have already used these and only get part of the structure your SAP user ID may not have the required authorisations to view all of the structure. Nakisa can recommend how to setup the user.
    Good luck.
    Luke

Maybe you are looking for