Essbase security filter access issue
Hi,
we are facing access issue for users. we have provided the access as filter, its essbase only application. we dont see in display user table APP Access Type column essbase&Planning, only planning its showing..its 9.3.1 version. even sync native dir & essbase refresh done couple of times..but still issue persists.
please help.
:-):-)
Hi John,
I have done same thing, but its just showing filters only.
In Projects->select server/app->selected user/grp->
right click the essbase icon and select "assign access control" > select your user/grp, here i can see only filters which already there and calc (none,no update, all& calcs).
I have selected one filter and none(calc option)->click on tick mark->save......but here i am getting message as "no changes to save" then done EAS refresh ....
still users are not able to login.getting error
"user <> not permitted to access application"
Note: other users have same access can able to login & we are able to see those users in users table as "essbase&Planning", but for problem users its still showing that only 'planning'
please help
thanks
Similar Messages
-
Using Essbase security filter in OBIEE request ?
Hello,
We would like to use OBIEE 11.1.1.6 with Essbase source. We already use Essbase security filter (on dimensions).
For example, "userA" is allowed to access to Entity A and not Entity B and the opposite for "userB".
If I loggin as "userA" in OBIEE, is it possible for OBIEE to connect to Essbase with "userA" so that Essbase return data only on Entity A and not Entity B ?
Thanks!Hi,
The way let OBIEE users, have Essbase security filters running for them, is by integrating OBIEE and EPM using Single Sign On. When, both OBIEE and EPM talk to the same Identity Store like OID/MSAD, you can set this up. For more integration steps, refer to http://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CDAQFjAA&url=http%3A%2F%2Fwww.oracle.com%2Ftechnetwork%2Fmiddleware%2Fbi-foundation%2Fhfm-sso-obiee-1112x-1835570.pdf&ei=O7ElUeCTApGzrAeelIHwCw&usg=AFQjCNE1BzMQU6Cwny-0IwcvxkfxeqlONg&bvm=bv.42661473,d.bmk
Hope this helps.
Thank you,
Dhar -
Essbase Security Filter issue.
Hi,
Its regarding the security filter issue.
The major problem is whosoever user is provisioned under that security filter, if the user is trying to connect to Application using Excel Addin / Smartview, it crashes the essbase server [Network Error [10061], timed out error)]
When we figured out because of this filter essbase server is crashing, we tried to edit the filter. sometimes if we click on edit, it crashes the server or sometimes we can see some junk characters in the filter.
We have applied the security on Entities dimension and problematic filter is ASP.
Now the hirerachy is like this.
Entities dimesnsion and then ASP member and under ASP we have our several members.
Filter is like this:
Write : @Idescendants("ASP")
It was working fine for almost 15 days.
Now if i edit the filter, i can see like this:
Write : @Idescendants("ASP")
Metaread:@Idescendants("*&^%?)
Junk characters are coming in and no idea from where they are coming.
I can't delete the filter also, again it crashes the essbase server.
As a workaround i have created a temp filter and dome the assignation for this group, according to that.
Everything is working fine.
I just wanted to know, has anybody faced such kind of problem earlier.
What cud be the root cause for this.
How could I delete the filter.
I have also get messages like security file is corrupted (we have restored it from old backup) but really worried about security file as we are moving the whole thing to production server this weekend.
Please advise me on this, Please help me. Any help would be highly appreciated.
I am really in trouble.
Thanks,
Pankaj Mehta.Try to edit the filter from MaxL command line using
alter filter sample.basic.filt7 add write on '@IDescendants("ASP")';
here sample=application
basic=database
filt7=filtername
have good luck -
Essbase Security filter in OBIEE 11.1.1.6 request
Hello Experts
I have got a requirement whereby I need to apply Data Level Securityfor the Essbase sourced cube in OBIEE11g. But the issue is the dimension value where I need to apply security filter has 25K distinct values and is Unbalanced Hierarchy where the leaf members is distributed across differnet level . Actually it is ragged heirarchy in Cube which when imported in OBIEE becomes a Level Based Heirarchy where the leafs becomes shared across differnet level. Now the general OBIEE rule says - Create separate application groups for each lowest level dimension vales and apply security filters for each values respectively for each group and assign users in those groups.
But the issue is :
1. Here there are 25 K members in the dimesional value where I need to apply Data Level Security . So it is not possible to create 25K distinct group.
2. The dimension which needs to be used for Data level security has Ragged Hierarchy where the lowest leaf (which would eb used in security filter) is shared across differnet levels.So there is no single column that I can select in RPD to apply security filter.
Pls. suggest a solution.
Is there a way that I can source the Essbase Filters to work as Data Level security in OBIEE 11.1.1.6You can upgrade to 11.1.1.7 and use Weblogic to assign security, then EAS to apply filters, and then OBIEE Enterprise Mgr to apply the application roles (i.e. via Essbase Filters). The gotcha is that you need to install OBIEE 11.1.1.7 and include the Essbase component as part of the install.
If you need more info let me know.
Daniel Poon -
Security Filter Creation Issue
Even after security has been applied in Planning to all dimensions with security enabled the filter being created only has one row that is contains “None”. Can anyone explain why this would be happening?
This is 11.1.2.2 and the application is being managed with EPMA.The user was not setup to have all of the dimensional security. When the security was applied for all dimensions the filter created as expected.
-
Issue in Implementing OR Logic in Security Filter for Essbase in OBIEE
I am implementing OBIEE using Essbase as the data source. The requirement is to implement OR logic in the security filter. And I got error message from the MDX query generated by OBIEE. Below is the details. Anyone knows how to solve this issue? Thank you very much.
1. The “Booking Location” dimension has three hierarchies (ragged hierarchies).
http://img.photobucket.com/albums/v216/stewart_life/1.png
2. I only want to take the first hierarchy, which is “Total booking”. Thus, I filter the Logical Table Source of “Booking Location” in the business model layer.
http://img.photobucket.com/albums/v216/stewart_life/2.png
3. The “Incorporation Country” dimension doesn’t have any multiple hierarchies.
http://img.photobucket.com/albums/v216/stewart_life/3.png
4. Thus, I don’t filter the Logical Table Source of “Incorporation Country” in the business model layer.
http://img.photobucket.com/albums/v216/stewart_life/4.png
5. I filter the permission of a user. This filter applied to the fact table (RISK) in the business model layer.
http://img.photobucket.com/albums/v216/stewart_life/5.png
6. Then the filter applied so that the particular user can only see the data where the Incorporation Country level is Singapore OR the Booking Country level is Singapore:
"Risk"."Incorporation Country"."Country" = 'SINGAPORE (INC)' OR "Risk"."Booking Location"."Booking Country" = 'SINGAPORE (CBE)'
http://img.photobucket.com/albums/v216/stewart_life/6.png
7. Here is the first report that is working fine if run by a user without any security filter.
http://img.photobucket.com/albums/v216/stewart_life/7.png
8. The result of that report when run by the user whose security filter above has been applied to.
http://img.photobucket.com/albums/v216/stewart_life/8.png
9. The MDX query generated from that report is shown below. Note that the error refers to the line 4, which is in bold below. Somehow, the query generated always include Incorporation Country and Booking Location in the “With” clause, since both of them are placed in the security filter.-----
Sending query to database named Risk-MI Essbase (id: <<399750>>):
With
set [Booking Location2|http://forums.oracle.com/forums/] as '{[Booking Location|http://forums.oracle.com/forums/].[Total booking|http://forums.oracle.com/forums/]}'
set [Booking Location4|http://forums.oracle.com/forums/] as 'Generate({[Booking Location2|http://forums.oracle.com/forums/]}, Descendants([Booking Location|http://forums.oracle.com/forums/].currentmember, [Booking Location|http://forums.oracle.com/forums/].Generations(4),SELF), ALL)'
*set [Incorporation Country4|http://forums.oracle.com/forums/] as ''*
set [Time3|http://forums.oracle.com/forums/] as 'Time.Generations(3).members'
set [Year2|http://forums.oracle.com/forums/] as 'Year.Generations(2).members'
member Measures.[MS1|http://forums.oracle.com/forums/] as 'Rank(Time.Generations(3).Dimension.CurrentMember, Time.Generations(3).Members)'
set [Axis1Set|http://forums.oracle.com/forums/] as 'crossjoin ({[Booking Location4|http://forums.oracle.com/forums/]},crossjoin ({[Incorporation Country4|http://forums.oracle.com/forums/]},crossjoin ({[Time3|http://forums.oracle.com/forums/]},{[Year2|http://forums.oracle.com/forums/]})))'
select
{Measures.[Netted EAD|http://forums.oracle.com/forums/],Measures.[Netted Nominal|http://forums.oracle.com/forums/],Measures.[Wt_LGD|http://forums.oracle.com/forums/],
MS1} on columns,
NON EMPTY filter({[Axis1Set|http://forums.oracle.com/forums/]}, [Incorporation Country|http://forums.oracle.com/forums/].currentmember IS [Incorporation Country|http://forums.oracle.com/forums/].[SINGAPORE (INC)|http://forums.oracle.com/forums/] OR [Booking Location|http://forums.oracle.com/forums/].currentmember IS [Booking Location|http://forums.oracle.com/forums/].[SINGAPORE (CBE)|http://forums.oracle.com/forums/]) properties ANCESTOR_NAMES, GEN_NUMBER on rows
from [http://RISK-P.RISK]
where ([CRG (ORG)|http://forums.oracle.com/forums/].[Good Book (ORG)|http://forums.oracle.com/forums/], Method.ADV)
+++stewart:370000:370021:----2009/02/17 13:56:06
Query Status: Query Failed: Essbase Error: Syntax error in input MDX query on line 4 at token '''From what I have read on this forum, people have managed to get the DC In Board replaced for a little over US $100. This would be at an Apple authorized repair shop rather than by Apple itself. This is much less than the cost of a new MacBook. I don't know what might be available in your area, but it would be worth asking at a repair shop.
Good luck! -
Issue with write Security filter in ASO 9.3.1
Hello All -
I'm having a strange security filter issue in system 9.3.1 ASO cube. We've the native users for the ASO cube and created several write security filters based on cost centers in that cube.
For example, the below security filter sometime works, and sometime not:
Write "Adjustments", @RELATIVE ("S532179", 0), @RELATIVE ("S587724", 0), @RELATIVE ("S525701", 0)
There are total 8 standard dimensions in the cube. I tried all possible combinations to make it work constantly, but it doesn't. Even modified the filter like below so that it has all dimensions (using LEVMBBRS, IDESCENDANTS, RELATIVE) , still users can't load data at level 0 members.
Write @LEVMBRS ("Chart of Accounts",0),@LEVMBRS ("Full Year",0),@LEVMBRS ("Business Unit",0),@LEVMBRS ("Fixed/Variable",0),@LEVMBRS ("Source",0),@LEVMBRS ("Products",0),@LEVMBRS ("Scenario",0),@LEVMBRS ("Cost Center",0)
It looks like the user and filter association is not working. If I give the user direct write access to the cube (bypassing filter totally), the users can write fine. Please help!I didn't know that the logs didn't work; I tested it and they are not generated for ASO updates in 9.3.1. I didn't see any other setting that would cause them to be created; my guess is that the logs are created based on block manipulations that Essbase does internally using BSO. As there are no blocks in ASO then the same algorithm doesn't apply.
We log Essbase changes in our Dodeca product but we use a different algorithm. We evaluate the update in our server before committing the changes and generate a relational log that has the datapoint information plus the old value, new value and standard 'who' information for the person making the update.
Tim Tow
Applied OLAP, Inc -
Security filter couldn't refresh to Essbase from Planning but could create
Please kind help on look at this issue.
I updated some dimension access in Planning,and did a security refresh in management database menu.But the access didn't refresh to Essbase filter.
Then created filter in management security filter menu,it refreshed to Essbase successfully.
I would grateful if someone could tell me why the first way unsuccessful.
Thanks,If you go to Oracle Support and search on "planning security refresh" you will see lots of articles on this subject.
Cheers
John
http://john-goodwin.blogspot.com/ -
Advance Security manager 'Group App/Db access' issue
It appears that ASM has some issues loading calc script lists - it appears to ignore the Parameter 'Access All Calculation=false' (followed by calc script list) and sets up the group with access to all calculations. Has anyone found a workaround for this? Or is there a latest/greatest version of ASM that this functionality works in?
Take a look at the thread
User access rights list
It talks about getting security info, in particular Essbase security viewer. I did a search on the web and found this link to download it
http://maxupload.com/F62683B4
Note, I have not tried the version in the link, but looked at security viewer in the past and it looked pretty good -
Security filter validation crashing essbase
During security filter validation, Essbase froze and stopped responding. We had to re-start essbase service.We are on 6.2.3 and NT server. Any insights or similar problems with validating filters?Thanks
We see same issue in 9.2.0.3, but only with 1 of our 5 applications. Was never able to get support to identify a cause, our resolution is to push users in small groups and save the essbase.sec file. Real pain. You could try stopping essbase service, using essbase.bak file and restarting then try to push and see if it works. I did identify issues with our openLDAP which I felt was the cause, I was able to clean it up in TEST and it works, but did same in Prod and worked once, then reverted back to crashing again, unless we push users in really small groups. Interested to see if you get a 'fix' from someone...
-
Planning Security Filter refresh and Essbase is Crashing
Hi,
I am on System 9.3.1 and I am doing a Planning security filter refresh and Essbase is Crashing. Please advise in this case.
Security is fine on this cube. It used to work fine earlier. Now from few days we are facing this issue.We see same issue in 9.2.0.3, but only with 1 of our 5 applications. Was never able to get support to identify a cause, our resolution is to push users in small groups and save the essbase.sec file. Real pain. You could try stopping essbase service, using essbase.bak file and restarting then try to push and see if it works. I did identify issues with our openLDAP which I felt was the cause, I was able to clean it up in TEST and it works, but did same in Prod and worked once, then reverted back to crashing again, unless we push users in really small groups. Interested to see if you get a 'fix' from someone...
-
JNI classes to access the Security Filter features of the C API
Looking for help with managing security filters using the JAPI. Has anyone developed JNI classes to access the Security Filter features of the C API? If so, would you be willing to share your experience and/or code? Time is of the ssence. Thanks in advance for any help.-- Posted for Martin [email protected]@pacbell.net
Are you talking about the Requirements Gateway? It is a separate product from NI that will do what you are looking for. I haven't used it so I am not sure of the API chain to make it work. Take a look and see if that is what you were thinking of.
Hope that this helps,
Bob Young
Sorry, I just re-read your original post and see that you are looking to also use the Requirements Gateway, so you obviously know about it. I don't know what the API changes were that made it work so I am not going to be much help.
Sorry about posting before getting the correct information from the original.
Bob Young
Message Edited by Bob Y. on 08-24-2006 04:54 PM
Bob Young - Test Engineer - Lapsed Certified LabVIEW Developer
DISTek Integration, Inc. - NI Alliance Member
mailto:[email protected] -
Hi ,
I am facing one problem related to security Filter for one user. We are on the Hyperion Version 11.1.2.1 Fusion Edition.
We had one user created in Shared Services with ID : TESTUSER and added in the group. Initially access for this user was working fine. Later on we deleted this user from shared services as we no longer needed this.
As per new requirement we are supposed to create a same user with same user name so we created again new user 'TESTUSER' and added into the same user group then we refreshed security from Planning Application through " Administration -> Application -> Refresh Database->Security Filters ". Refreshing security Filters created filter for above user and we checked this from EAS consol.
However when we log in to the Application through Smart View we are getting the below Error.
Cannot Open cube View.Essbase Error ( 1054060 ):Essbase Failed to select
Application APP1, because TESTUSER@Native Directory is not\
completely Provisioned by Planning.
Could you please advice how could we resolve this issue.Check whether the user is only an Essbase user. (I don't think that is the case, but in case)
Try changing the access type using
alter user username add application_access_type Planning; (don't know whether this works in latest release)
Try the stepsRAvery and _RahulS_mentioned.
Tried that in 11.1.2.2 access_type Planning is defered.
Regards
Celvin
http://www.orahyplabs.com -
Security filter setup missing in one of the planning applications
We noticed recently that our users in one of the planning applications were not able to access any data.
Then we noticed that the entire security filter setup went missing/wipped out for that application and had to set up manually and then a security refresh had to be done to restore security.Any suggestions about the root cause for this issue.We have not been able to find out much about this
Thanksjts wrote:
It would have been curious if you would have gone to Essbase and sync from Shared Services in the security section to see if the security filters would have repopulated in planning.Filters are stored on the essbase side (essbase.sec) and not in shared services so I wouldn't of thought syncing from HSS to essbase would make any difference
Cheers
John
http://john-goodwin.blogspot.com/ -
Failed to refresh user's security filter
Hi - I'm having an issue with a user ID. User was having a lot of problems doing Essbase retrievals in Excel, so tried refreshing their security filter in Hyperion Desktop. I get a 'security filters were created successfully except for: username."
So I recreated her ID in Planning, removed her ID in Essbase and removed her filters in Essbase. I added back all the groups that she belongs to in Planning, now I am back in Hyperion Desktop trying to do a push down for her ID and I still get the same error message.
Then I went to some other people's ID, highlighted their name and did a refresh, some of the say successful, some of them give me the same error message about security filter refreshed except for: username".
What in the world can be causing this?
Planning 3.5.1
Essbase 7
Edited by: CLAU on Feb 25, 2010 7:29 AMalso<BR><BR>DISPLAY PRIVILEGE USER ALL; will list all privileges granted to a user directly. Any line that isn't "no access" means that the user has privileges assigned outside a group. I periodically do ann audit on our systems to ensure we have't got any direct users that have privileges granted outside groups.<BR><BR>Of course anyone tagged individually as a supervisor will come up on this check.
Maybe you are looking for
-
i have an itunes library with 1,000+ songs on a pc. my daughter has a macbook air and i loaded my apple ID onto it. how do i get the songs from my itunes account to show up? This works fine on her iPhone, but having trouble on the new macbook air
-
I currently run FCE. I shoot local sporting events with multiple cameras, and then edit into one show, switching back and forth between angles. I recently upgraded my cameras to 3 Sony AVCHD cameras and shot the last event in 1080. Trying to use FCE
-
How to add an attribute to a notification message ?
Hi, I want help in adding an attribute to a PO Approval notification message. The attribute is from the PO Header screen , it is the Ship-To field (See screenshot) : http://i48.tinypic.com/2wh35v5.jpg Kindly help me and tell me how i can add this att
-
One of my pages was very slow to render and I suspected a query region on the page. So, after the page loaded, I went to the Location bar in the browser, added &p_trace=YES to the URL and hit Enter. I ran tkprof on the resulting trace file and it sho
-
Adobe Reader use to print just fine for me and now it is printing really small. I have tried printing to an image and that doesn't even work. I tried enlarging it and it cuts off items that I need on the top especially when I do a two page duplex.