Essbase user security on DB level

Similar Messages

• Difference between HFM and Essbase user security in 9.3.1 version

  Hi,
  Could any one explain the differences between Hyperion Essbase and HFM security setup using HSS in 9.3.1
  Thanks
  Edited by: user10305642 on Jul 13, 2009 12:39 AM

  HFM and Essbase security is totally different... HFM uses security classes while Essbase uses security filters.
  The way you assign security is also different.
  HFM also has more roles than Essbase.
  You will find further info in the Security Administration Guide:
  http://download.oracle.com/docs/cd/E10530_01/doc/epm.931/hyp_security_guide.pdf
  Hiope this helps,
  Seb

• How to set user security on dimension levels?

  Hi, there. I am considering setting use access right to specific levels on the branch dimension.
  Suppose there are four companies on level 1 of the branch dimension. I would like to limit users only access their own company.
  How should it be done in share service? Thanks.

  Thanks both.
  However, I encountered another problem. After created users in shared service, I could not see it in
  application even after refresh secutiry.
  Another problem is that I could not apply filters by Essbase administration console. The Edit User/Group access function is disabled.
  Therefore, even I selected a user I could not apply the filter. Does anyone know how to enable the function?
  Thanks in advance.

• User security at Favoritesfolder level : IMPORT_PREVENT_UPDATE

  hello,
  I'm trying to modify default security of Favoritesfolder using dotnet BusinessObjects.DSWS* libraries.
  I'm able to retrieve Favoritefolder's SecurityInfo2, principal, and roles but when I try o update it , I get the following error :
  An XSD Exception occurred. Import file parsing exception occurred : 'Attempting to update an object of type 'FavoritesFolder', which was marked as preventUpdate, and the IMPORT_PREVENT_UPDATE option was specified.' (FWM 04009) (WBP 42029)
  Where can I change the "preventUpdate" or the "IMPORT_PREVENT_UPDATE" ?
  Can I use the CrystalDecisions.Enterprise framework instead of the web service?
  We are using BOXI3.1 SP3.2
  many thanks
  Marc

  You may want to open a support case with SAP to start a technical investigation.
  The BIPlatform Web Services uses the BIAR engine for object updates, and the error is stating a restriction with certain objects via BIAR is affecting your ability to alter that object.
  Sincerely,
  Ted Ueda

• Information Regarding Essbase Security Except Filter Level and User Level

  I have an requirement to implement data level security in Essbase. For ex: A user can only see those data which are from Asia region or an user will be able to see those data which are from America.
  Asia and America are defined in my location dimension.
  can any one explain about it without using user Level Security and Filter level security.
  Please tell me how to do it?
  Thanks in advance.

  Sandeep's reference the DBAG and the section on filters is the right direction. The filter is created in EAS.
  Let's use an example.
  You create a METAREAD filter (that is, it filters both data and dimensionality) that gives a user limited access to the Location dimension (I think I have that right), e.g., the British Isles, the UK and Ireland. You can also create a READ filter but it only limits data and, in my opinion at least, causes confusion because users can see metadata (the whole world) but only see data for the British Isles.
  NB -- filters can be assigned to individual usernames or to groups that users are members of. For a POC, I'd keep it simple and just assign it to a username, but it's your choice.
  Assign the filter to the user in Shared Services.
  Try connecting to the database in Excel through the Classic Add-In or SmartView to test what the user sees -- it should be: Total Location, British Isles, the UK, and Ireland. You will see Total Location (top of the dimension) because that's how Essbase navigates down -- it has to have the dimension name to find the limited children. You won't see any data there. But you will see data at the Location members that the METAREAD filter allows.
  That's it -- it's been around since the year dot, and is the way access is restricted. You shouldn't need to reinvent the wheel to get this to work in OBIEE. Essbase should do the work.
  Regards,
  Cameron Lackpour

• OLS Label Security: how users can view own level/compartment/group choices?

  I have an application using OLS (Oracle Label Security) Virtual Database (VDB) for security; to allow users to only view rows to which they have access.
  I'm creating a list of values (LOV) to allow the user to change the level or compartment of a database record to a different value for which they still have access. The views that show these values is DBA_SA_USER_LEVELS (and COMPARTMENTS, GROUPS) but this view is only visible to DBA users, not the regular user. We are considering giving regular users access to this view, or granting SELECT_ALL_TABLES as suggested in an article I read. However, this approach seems to loosen security, not maintain it.
  How can I allow a user to get a list of levels, compartments or groups available to them without loosening the security on the DBA_* views?
  thanks,
  Scott

  Bump

• Essbase External Security via Shared Services

  I have hit a problem with essbase external security via shared services, might be fairly trivial, first time doing this.
  In the install guide for essbase 9.3.1 it mentions not to use the user 'admin' when firing up essbase server console mode for the first time if you intend to externalise security to shared services in the future.
  I have followed this recommendation and used a different username 'essadmin' for the first time essbase server is started up. While still in native security mode, I sign in via EAS 9.3.1 and create myself another admin account just in case.
  I cold backup shared services SQL repository and OpenLDAP repositry before externalising essbase security. Also I backup the essbase sec and cfg files just in case.
  Then I start it all up, go into EAS and select to externalise security, this takes a few seconds, and all seems well.
  Now in shared services I can see the essadmin user ID and everything appears to be OK. However when I look under the projects node, I see "Analytic Servers:myhost:1", then below that another green icon "Analytic Servers:myhost:1", but when I click on the second green icon I get "Login fails due to invalid login credentials".
  What have I done wrong ?

  Hi,
  I don't think you've done anything wrong. You just need to provision your shared services user with access to Essbase. Right-click on your user, select provision and then give them the required Essbase rights.
  Hope that helps,
  Gee

• Essbase native security on 11.1.1.3?

  Hello -
  Is it true that essbase 11.1.1.3 doesn't support the essbase native security and so the security has to be moved to shared service?
  We are on essbase 7.1.6 and planning our essbase upgarde to 11.1.1.3.
  Presently, we maintain the essbase native security.
  Regards

  user12237347 wrote:
  Hello-
  Thanks. Very helpful info indeed. The info that I am getting and have understood is -
  If I install the essbase 11.1.1.3 in standalone mode and do not externalize the security to shared services than I can maintain the essbase security in essbase itself through EAS/AAS although the user creation and user maintainance will now happen through shared services.If it is in standalone mode then it does not use Shared services for user creation/maintenance, it will be done via EAS or maxl...
  We have tons of groups and filters on the present essbase version and they are maintained through EAS as of now.
  So, when we migrate to 11 and if want to use the shared services to maintain these groups and filters then they will need to be manually created on the shared services. Does that sound correct? or is there a way to get that peice done automaticaly?
  But if we install essbase 11 in standalone mode and then use the AAS to migrate the 7x apps to 11x then the groups and filters would automatically come across when the migration is done.
  Also - it seems that maintainance of the groups and filters on the AAS is better from administration/maintainance point of view then on shared services?If you use the migration wizard in EAS then you will be able to migrate users/groups/apps/filters to 11 and then if you want to can convert to shared services mode.
  All this information is explained further in the documentation, start at http://download.oracle.com/docs/cd/E12825_01/nav/portal_3.htm
  Most of it is included in the EAS online help available from the above link
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Migrate standalone Essbase Users/groups

  Hi,
  Can you please walk me through the steps required to migrate the standalone essbase application users/groups beween environments.
  As i know the migration wizard does not allow users/groups to migrate when security is in Shared Services mode. Please help.
  Thanks,
  Pr

  There are a few things you left off:
  1) v11 or before
  2) Shared Services or not externalized
  If #1, then check out LCM -- it is awesome and will be the answer to your prayers.
  If #2, and Shared Services, you need to look at the Shared Services import/export utility to get groups out, and move them to your new target.
  If #2, and non-externalized security, MaxL can create the groups/user security you need at the target.
  Regards,
  Cameron Lackpour

• Essbase Advanced Security Manager

  Importing/Exporting: I have played with exporting and importing all of the security information using the Essbase Advanced Security Manager tool. (olapunderground.com) Everything exported and imported except for the user passwords. Did I miss something or is that one of the limitations of the tool?

  I found a way to work around the problem. I copied the user section out of the export file and added the passwords by manipulating it in Excel. We have an external file with userids and passwords that we maintain. I used the vlookup to find the password. You can paste the user info back in your spreadsheet once you have obtained the passwords. It works well.

• Error in SRM:  a user with enough authorisation level is miss

  Hello,
  We are on SRM 5.0 and our users get the following error in SRM when creating a shopping cart:
  No user assigned to object a user with enough authorisation level is missing.
  Anybody any idea ?
  Thanks as ever

  Hello Can anybody helpe me please ?

• User status in item level in Interaction center

  I confirgue the sales function in Interaction center. I want to set user status in Item level. But I don't find the user status field in item level in UI. Could you tell me how find user status field?

  Hi Prem:
       Yes, I have already  confirgued status management and assigned to item category. I can see the status appear  in back office UI but not in Interaction center. So it is strange.

• User exit at item level for billing block field default for VA41 or VA42

  Hi All,
  I want user exit at item level for contract (VA41or VA42) for the field Billing Block in the Billing document tab
  which has to populate with some default value.
  Which user exit i need to check.
  Regards
  Jai

  Hi,
  Use subroutine USEREXIT_FIELD_MODIFICATION in Include MV45AFZZ.
  Make sure this is for only tcodes VA41 and VA42 because this wil trigger for sales order also.
  Regards,
  Ashok.

• User status at operation level

  Hi,
  I have created one user status profile and attached in order type. In this profile I have included Operation and Order header as an "Allowed object type"
  My problem is when I am changing  user status at order level , it is not getting changed automatically at operation level.
  Pls suggest me the solution.
  Thanks

  Hi,
  I dont think it is possible .
  A suggestion not sure if it works .
  Assign user status profile operation wise and then have some development to check the operation status and
  then update production order status with same user status you mentioned in operation.
  FM: STATUS_CHANGE_EXTERN will help you to change the user status of order.
  Regards,
  Vishal

• Environment variables (user) created at OS level dont show up in BIDS 2008

  Environment variables (user) created at OS level don't show up in BIDS 2008.
  I had a variable ConfigLocation created and it is not showing up when I am trying to configure it in BIDS
  Is this a known issue or a bug?
  Now in BIDS it doesnt show up
  Mudassar

  Yes it shows up after restart of BIDS .
  But during design time this is a bug I hope Microsoft fixes this bug in the future releases
  Mudassar
  It's not really a bug. Visual Studio loads the environment variables when starting up.
  In future releases you use projects and parameters instead of environment variables, so the issue goes away ;)
  MCSE SQL Server 2012 - Please mark posts as answered where appropriate.