Essbase native security on 11.1.1.3?

Similar Messages

• Essbase native security mode and MSAD users

  Hi guys,
  I'm trying to solve following question:
  I need to keep Essbase in native security mode, ie. to assign security for users directly in EAS, not in HSS console. And I need to grant access to MSAD users, ie. to allow users to connect to Essbase using their MSAD usernames and passwords.
  How to do that?
  Thanks!
  Vladino

  You don't state what release you're on -- I think it varies slightly from release to release although the concept is mostly the same.
  Have you read this in the EAS help?
  http://download.oracle.com/docs/cd/E17236_01/epm.1112/eas_help/extauthen.html
  I think this help is missing the step where you tell Essbase what the external authenticators are. From reading about the AUTHENTICATIONMODULE Essbase.cfg setting:
  http://download.oracle.com/docs/cd/E17236_01/epm.1112/esb_tech_ref/authenticationmodule.html
  It seems that:
  When you run Oracle's Hyperion Enterprise Performance Management System Configurator, Essbase is automatically registered with Shared Services (unless you select the option to deploy Essbase in standalone mode) and this setting is automatically added to essbase.cfg.So I'm not quite sure where that leaves you -- where do you config the external authentication? Hopefully someone more installation-centric than I (which would be just about everyone in the known universe) can jump in here. I have to say that I haven't used non-Shared Services authentication since System 9 came out -- it just makes life too easy for my clients to manage security in one place.
  Regards,
  Cameron Lackpour

• Essbase External Security via Shared Services

  I have hit a problem with essbase external security via shared services, might be fairly trivial, first time doing this.
  In the install guide for essbase 9.3.1 it mentions not to use the user 'admin' when firing up essbase server console mode for the first time if you intend to externalise security to shared services in the future.
  I have followed this recommendation and used a different username 'essadmin' for the first time essbase server is started up. While still in native security mode, I sign in via EAS 9.3.1 and create myself another admin account just in case.
  I cold backup shared services SQL repository and OpenLDAP repositry before externalising essbase security. Also I backup the essbase sec and cfg files just in case.
  Then I start it all up, go into EAS and select to externalise security, this takes a few seconds, and all seems well.
  Now in shared services I can see the essadmin user ID and everything appears to be OK. However when I look under the projects node, I see "Analytic Servers:myhost:1", then below that another green icon "Analytic Servers:myhost:1", but when I click on the second green icon I get "Login fails due to invalid login credentials".
  What have I done wrong ?

  Hi,
  I don't think you've done anything wrong. You just need to provision your shared services user with access to Essbase. Right-click on your user, select provision and then give them the required Essbase rights.
  Hope that helps,
  Gee

• Essbase Advanced Security Manager

  Importing/Exporting: I have played with exporting and importing all of the security information using the Essbase Advanced Security Manager tool. (olapunderground.com) Everything exported and imported except for the user passwords. Did I miss something or is that one of the limitations of the tool?

  I found a way to work around the problem. I copied the user section out of the export file and added the passwords by manipulating it in Excel. We have an external file with userids and passwords that we maintain. I used the vlookup to find the password. You can paste the user info back in your spreadsheet once you have obtained the passwords. It works well.

• Difference between HFM and Essbase user security in 9.3.1 version

  Hi,
  Could any one explain the differences between Hyperion Essbase and HFM security setup using HSS in 9.3.1
  Thanks
  Edited by: user10305642 on Jul 13, 2009 12:39 AM

  HFM and Essbase security is totally different... HFM uses security classes while Essbase uses security filters.
  The way you assign security is also different.
  HFM also has more roles than Essbase.
  You will find further info in the Security Administration Guide:
  http://download.oracle.com/docs/cd/E10530_01/doc/epm.931/hyp_security_guide.pdf
  Hiope this helps,
  Seb

• Essbase user security on DB level

  Hi, All
  I am using Essbase 9.3.1 with Shared Services. I have already successfully provisioned the users, but not have a problem about the user access rights. I have one application with multiple databases (DB1, DB2, DB3, etc.). I would like the user to be able to only see DB1 using Excel spreadsheet login, but in HSS, I can only provision the user with Read Access of the application only, which means the user can see all the DBs while logging Spreadsheet Add-In.
  The Essbase is already externalized, thus can not be back into native mode.
  Any suggestions or work-around?
  Thanks a lot

  ESST wrote:
  Hi, All
  I am using Essbase 9.3.1 with Shared Services. I have already successfully provisioned the users, but not have a problem about the user access rights. I have one application with multiple databases (DB1, DB2, DB3, etc.). I would like the user to be able to only see DB1 using Excel spreadsheet login, but in HSS, I can only provision the user with Read Access of the application only, which means the user can see all the DBs while logging Spreadsheet Add-In.
  The Essbase is already externalized, thus can not be back into native mode.
  Any suggestions or work-around?
  Thanks a lotYou need to create a filter for DB1 and assign it to One Group...[we can do this in EAS console even we have multiple dbs in one application...i don't have idea for shared services..]
  Regards,
  Prabhas
  Edited by: Prabhas on Jul 12, 2011 4:54 PM

• Essbase Refresh security from SS failed

  Hi,
  we are getting the error while refresh security from shared services from Essbasse....
  "Refreshing security from Shared Services failed"
  In essbase error log can see below.....
  Error(1051522)...Analytical Services failed to get group's member tree with Error [Failed to create an initial directory context for MSAD]
  Please help.
  Thanks.

  Thx. I just did it and it didn't seem to disrupt anything. I tested with a user with a smartview open, a report running and a WA dashboard on screen. It did mention that after refreshing the essbase server would be disconnected and i would have to reconnect but it didn't actually boot me out or disrupt any process.
  I guess it's okay to do on a live production system. ?
  Thx,
  Mike

• Integration of Essbase / Analyser security with External securtiy like LDAP

  Hi,We are trying to create a reporting intranet website and our aim is to have only one login per user via our website, this needs us to integrate the security for Essbase , analyser and any other BI tool. Also keeping in mind that we need to use filters on some of our essbase applications.Has anyone used this concept ? Any inputs on this is welcome.Thanks

  integration in hyperion environment is possible via hyperions CSS (common security services) ..for integration and SSO with other products/technology you might find the new netegrity siteminder integration useful!cheers

• How to find the date when the users has been created in Hyperion Essbase

  Please let me know, if there is any option or way to find the date when the users has been created in Hyperion.
  Essbase - 9.3.1.0.0
  Sun Solaris SPARC (32-bit) - 5.8
  If not in Hyperion, could you please let me know if it gets stored in the repository. If yes, please let me know the table name in Oracle.

  I don't know of a way of getting this information from Shared Services via the standard web UI. However you can see when a native user was created in openLDAP. If your users are all native then you can use an ldap browser to view the CreateTimestamp.
  Port: 58089
  User DN:CN=911,ou=People,dc=css,dc=hyperion,dc=com
  Password: Your shared services admin user password
  You should see each new native user under the ou=People and each CN will have a create timestamp.
  I can't help if all you users are external or your using the old Essbase native security.
  Gee

• Admin rights to validate/execute business rules

  Hello everyone,
  we set access priviliges and administration rights in shared services by assigning users to particular groups. We assigned two users to the administration group 'hypadmins' who now have access to all applications. In Essbase they can access applications, affect changes in the outline, validate the outline etc. However, they cannot validate or execute business rules (Error: Cannot connect to server). The problem does not persist when connecting to the server using a different (existing) admin user. The access priviliges for all rules are set to the admin group 'hypadmins' (and no other). Can anyone help with respect to identifying the source of the problem?
  p.s. Can anyone explain what the Essbase Native Security Mode is?
  Thanks in advance
  Florian

  943380, I'm not picking on you, and I am glad you found an answer to your issue. My ire is saved for whoever thought that a blog equals copying knowledgebase articles from Oracle Support and sticking it on his blog. Why oh why oh why do I even bother paying support? And I suppose why oh why oh why do I kill myself writing blog content when I could just "borrow" it word for word from Oracle?
  Regards,
  Cameron Lackpour

• Essbase security Migration from native mode to external authentication

  Hi!!
  I want some guidance on setting up security, all the users are currently in Native user mode and Native groups.
  Now we want to migrate to external mode, current version of hyperion is 11.1.1.3, any steps to follow in
  this direction would be really helpful.
  What is the best way of migrating huge user base from native directory to setting up for external authentication,
  this is the first time move from native to external authentication, If anyone who has done this will be helpful.
  steps to setup , maxl based migration will be helpful or utility based.
  Thanks

  When you say native mode do you mean that that essbase security is in native mode and you want to convert to shared services security mode,or do you mean you are using shared services securtiy with native users and you want to use an external directory like MSAD.
  For your question ::
  Yes the first piece is correct, our security is in native mode.
  and we want to convert to shared services security mode,
  The request involves moving from essbase native mode to Shared services native user mode (moving all the existing users, groups and existing provisioning)
  The next stage is moving from Shared services native user mode to external directory. (moving all the existing users, groups and existing provisioning)
  Your input will guide me in the direction.
  Thanks

• Native Vs MSAD security

  Hi,
  I would like to hear from experts as to what is the best way forward with security setup for a new EPM implementation on 11.1.2.2. We have all products in our environment from DRM, HFM, Planning Essbase etc and most of them are also SSO enabled.
  Which is the best security setup in terms of retrieving user audit info. from EPM repositories. and also in terms of security and maintenance.
  Thanks in Advance!

  Hi John,
  But do you see any issues if a company has multiple domains and the users keep changing domains. Does it makes more sense to have native security ? However, considering my past experience with native security - it works best when only essbase is involved and becomes buggy when Planning is involved as well. It sometimes becomes difficult to create native users through maxl and then make them Planning users was a nightmare. Sometimes I had to run update users utilities to properly setup security in the past.  Let me know if that is still the case ?
  Thanks in advance!

• Essbase, shared services, projects, users

  I have installed shared services and cnfigured it
  now installed essbase
  EAS
  Provider services
  and configured in the above mentioned manner
  (DID not start essbase and EAS till now)
  when I log into shared services....i see only bussines rules under projects
  no analytical services under unassigned applications.....
  how can i see essbase server in shared services user management console.......
  it might be a basic funda....i am not getting
  help me in solving this....
  Thanks in advance

  Hi,
  Have you converted essbase from native security mode to shared services security.
  In EAS, right click security and choose "Externalize users"
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Error connecting to Essbase Server when running business rules

  We recently migrated from v9.3 to v11.1.1.3. I have two users with Administrative access who need to run business rules on a native Essbase application, but cannot. They get the message 'Error connecting to Essbase Server'. They get this message when trying to set this execution database. They can't even expand the server to see the list of applications. I have tried deprovisioning them in Shared Services, refreshing security, then adding it all back in and refreshing again, but it doesn't work. My own id has identical access to that which I'm granting them, and I have no problems. I even created a native user with the same access and it works as well. No matter what I do, I cannot get these two users to be able to run their business rules in EAS.
  We also have a Planning application, and the Planning Administrative user has the same issue. However, this user is able to get around it by running rules using the Planning connection rather than the Essbase connection. She has the same issue of not seeing anything under the Essbase Servers when trying to set the execution database though.
  In version 9, we were not using Shared Services for Essbase security. Unfortunately our consultant chose to set it up using Shared Services security when migrating, and according to the documentation, one cannot go back to using Native Essbase security.
  I also tried running the Externalize Users wizard and the three users with issues failed to externalize. My own id did, and the native user I created succeeded.
  Has anyone experienced an issue like this or have any ideas on how to resolve?
  Thanks,
  Sabrina

  Follow up - Oracle has finally resolved this. It's so simple, yet no one thought to check until now. The three users with problems all have mixed case user id's in ldap. They have always logged into EAS with all lower case ids. In version 9, on native security, this was never a problem. But in version 11 using Shared Services (not sure which factor changed it), it doesn't work. The simple solution is to log in with their exact mixed case user ids. It only took Oracle three months and the creation of a bug issue to figure this out for us.
  Sabrina

• Problem with Advanced Security Manager

  Hi
  I am using the advanced security manager to migrate security from Essbase 7 server to Essbase 11 server. The users who are externally authenticated on essbase 7 server are under native security mode on the Essbase 11 server after security import.Does the Advanced security manager put all the users (whether they are externally authenticated or under native security mode) in native security mode after import?
  Please help

  Hello 831221
  In version 11 "native" means that the users are stored in OpenLDAP (once Essbase was externalized).
  You would only be able to create "external" users if the Shared Services have been connected to an external User Source (e.g. MSAD) prior to
  importing the users.
  best regards
  .T