Failed to refresh user's security filter

Similar Messages

• Issue in Implementing OR Logic in Security Filter for Essbase in OBIEE

  I am implementing OBIEE using Essbase as the data source. The requirement is to implement OR logic in the security filter. And I got error message from the MDX query generated by OBIEE. Below is the details. Anyone knows how to solve this issue? Thank you very much.
  1.     The “Booking Location” dimension has three hierarchies (ragged hierarchies).
  http://img.photobucket.com/albums/v216/stewart_life/1.png
  2.     I only want to take the first hierarchy, which is “Total booking”. Thus, I filter the Logical Table Source of “Booking Location” in the business model layer.
  http://img.photobucket.com/albums/v216/stewart_life/2.png
  3.     The “Incorporation Country” dimension doesn’t have any multiple hierarchies.
  http://img.photobucket.com/albums/v216/stewart_life/3.png
  4.     Thus, I don’t filter the Logical Table Source of “Incorporation Country” in the business model layer.
  http://img.photobucket.com/albums/v216/stewart_life/4.png
  5.     I filter the permission of a user. This filter applied to the fact table (RISK) in the business model layer.
  http://img.photobucket.com/albums/v216/stewart_life/5.png
  6.     Then the filter applied so that the particular user can only see the data where the Incorporation Country level is Singapore OR the Booking Country level is Singapore:
  "Risk"."Incorporation Country"."Country" = 'SINGAPORE (INC)' OR "Risk"."Booking Location"."Booking Country" = 'SINGAPORE (CBE)'
  http://img.photobucket.com/albums/v216/stewart_life/6.png
  7.     Here is the first report that is working fine if run by a user without any security filter.
  http://img.photobucket.com/albums/v216/stewart_life/7.png
  8.     The result of that report when run by the user whose security filter above has been applied to.
  http://img.photobucket.com/albums/v216/stewart_life/8.png
  9.     The MDX query generated from that report is shown below. Note that the error refers to the line 4, which is in bold below. Somehow, the query generated always include Incorporation Country and Booking Location in the “With” clause, since both of them are placed in the security filter.-----
  Sending query to database named Risk-MI Essbase (id: <<399750>>):
  With
  set [Booking Location2|http://forums.oracle.com/forums/] as '{[Booking Location|http://forums.oracle.com/forums/].[Total booking|http://forums.oracle.com/forums/]}'
  set [Booking Location4|http://forums.oracle.com/forums/] as 'Generate({[Booking Location2|http://forums.oracle.com/forums/]}, Descendants([Booking Location|http://forums.oracle.com/forums/].currentmember, [Booking Location|http://forums.oracle.com/forums/].Generations(4),SELF), ALL)'
  *set [Incorporation Country4|http://forums.oracle.com/forums/] as ''*
  set [Time3|http://forums.oracle.com/forums/] as 'Time.Generations(3).members'
  set [Year2|http://forums.oracle.com/forums/] as 'Year.Generations(2).members'
  member Measures.[MS1|http://forums.oracle.com/forums/] as 'Rank(Time.Generations(3).Dimension.CurrentMember, Time.Generations(3).Members)'
  set [Axis1Set|http://forums.oracle.com/forums/] as 'crossjoin ({[Booking Location4|http://forums.oracle.com/forums/]},crossjoin ({[Incorporation Country4|http://forums.oracle.com/forums/]},crossjoin ({[Time3|http://forums.oracle.com/forums/]},{[Year2|http://forums.oracle.com/forums/]})))'
  select
  {Measures.[Netted EAD|http://forums.oracle.com/forums/],Measures.[Netted Nominal|http://forums.oracle.com/forums/],Measures.[Wt_LGD|http://forums.oracle.com/forums/],
  MS1} on columns,
  NON EMPTY filter({[Axis1Set|http://forums.oracle.com/forums/]}, [Incorporation Country|http://forums.oracle.com/forums/].currentmember IS [Incorporation Country|http://forums.oracle.com/forums/].[SINGAPORE (INC)|http://forums.oracle.com/forums/] OR [Booking Location|http://forums.oracle.com/forums/].currentmember IS [Booking Location|http://forums.oracle.com/forums/].[SINGAPORE (CBE)|http://forums.oracle.com/forums/]) properties ANCESTOR_NAMES, GEN_NUMBER on rows
  from [http://RISK-P.RISK]
  where ([CRG (ORG)|http://forums.oracle.com/forums/].[Good Book (ORG)|http://forums.oracle.com/forums/], Method.ADV)
  +++stewart:370000:370021:----2009/02/17 13:56:06
  Query Status: Query Failed: Essbase Error: Syntax error in input MDX query on line 4 at token '''

  From what I have read on this forum, people have managed to get the DC In Board replaced for a little over US $100. This would be at an Apple authorized repair shop rather than by Apple itself. This is much less than the cost of a new MacBook. I don't know what might be available in your area, but it would be worth asking at a repair shop.
  Good luck!

• Planning Security Filter refresh and Essbase is Crashing

  Hi,
  I am on System 9.3.1 and I am doing a Planning security filter refresh and Essbase is Crashing. Please advise in this case.
  Security is fine on this cube. It used to work fine earlier. Now from few days we are facing this issue.

  We see same issue in 9.2.0.3, but only with 1 of our 5 applications. Was never able to get support to identify a cause, our resolution is to push users in small groups and save the essbase.sec file. Real pain. You could try stopping essbase service, using essbase.bak file and restarting then try to push and see if it works. I did identify issues with our openLDAP which I felt was the cause, I was able to clean it up in TEST and it works, but did same in Prod and worked once, then reverted back to crashing again, unless we push users in really small groups. Interested to see if you get a 'fix' from someone...

• Security filter verification failed

  Hi All,
  We are trying to create security filter which is combination of 4 sparse dimensions.
  The relationship between members in the filter is AND (so the filter will be created under one row).
  We encountered the below error in applying security filter
  ====
  [Mon Apr 13 03:42:16 2009]Local/GLOBAL///Error(1200467)
  Error parsing formula for [REGION DEFINITION]: status code [1130203] in function [@_U]
  [Mon Apr 13 03:42:16 2009]Local/GLOBAL///Error(1200467)
  Error parsing formula for []: status code [1130203] in function []
  ====
  It seems like if the combination of the members on the filter hit the limit of allocated memory, the filter got failed.
  Is there any way to calculate how many memory absorb in one filter?
  or is there any memory limitation for security filter?
  It will be great If anyone can share the experience of this issue.
  Thanks.
  Regards,
  Ai

  That's interesting, I have never head of a limit on the number of members that a filter can address. How many accounts do you have in your database?
  I took a look at the Limits section of the DBAG and found the following re filter limits:
  Filter name
  * Non-Unicode application limit: 30 bytes
  * Unicode-mode application limit: 30 characters
  Number of security filters
  * Per Essbase Server, 65535
  * Per Essbase database, 32290See: http://download.oracle.com/docs/cd/E10530_01/doc/epm.931/html_esb_dbag/limits.htm#limits_1
  That's it -- nothing on the number of members that can be addressed in a filter. Of course it is possible (insert sacarsm, irony, or wonder per your personality) that the documentation is not correct.
  I have never run into what you described, but Essbase is vast and mysterious country, so perhaps that isn't so surprising.
  I'm glad you were able to find a workaround.
  Regards,
  Cameron Lackpour

• Security filter couldn't refresh to Essbase from Planning but could create

  Please kind help on look at this issue.
  I updated some dimension access in Planning,and did a security refresh in management database menu.But the access didn't refresh to Essbase filter.
  Then created filter in management security filter menu,it refreshed to Essbase successfully.
  I would grateful if someone could tell me why the first way unsuccessful.
  Thanks,

  If you go to Oracle Support and search on "planning security refresh" you will see lots of articles on this subject.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Security filter for multip^e users

  Hi All,
  I created the security filter for 1 user ok its working fine but i want to give that filter for multiple users so we have so many users so how can we do that
  we have to creat the users manually is there any other way in ASO
  Plz help me on this
  Thanks in Advance

  Thanq for ur reply
  Im creatin in EAS i dont access for shared services thts not available in my desktop so i hav to creat in EAS so how can we create filters for multiple users
  can i create groups for multiple users is this the corect way plz tell me how can i create the groups explain me clearly
  it would be appriciated
  Thanks

• Unsort user selection in setting security filter in ASO database

  We found one very inconvenient feature of Essbase : when we perform security filter setting in ASO database via EAS console, we found that the user list selection is unsorted. It is very very difficult to identify the suitable username to set the security filter.
  Any tips and tricks can improve the process?

  CL wrote:
  I don't think this issue is related to ASO -- filters are filters.
  All you need to do to sort the filter column is to edit the filters and then click on the "Filter Name" column header. It sorts just fine in EAS 9.3.1.
  Regards,
  Cameron LackpourMaybe I am confused with security filter and some ASO database setting. I need to check details in EAS later and find out the setup screen I mentioned that the username is unsorted.

• Security Filter Problem

  Hi ,
  I am facing one problem related to security Filter for one user. We are on the Hyperion Version 11.1.2.1 Fusion Edition.
  We had one user created in Shared Services with ID : TESTUSER and added in the group. Initially access for this user was working fine. Later on we deleted this user from shared services as we no longer needed this.
  As per new requirement we are supposed to create a same user with same user name so we created again new user 'TESTUSER' and added into the same user group then we refreshed security from Planning Application through " Administration -> Application -> Refresh Database->Security Filters ". Refreshing security Filters created filter for above user and we checked this from EAS consol.
  However when we log in to the Application through Smart View we are getting the below Error.
  Cannot Open cube View.Essbase Error ( 1054060 ):Essbase Failed to select
  Application APP1, because TESTUSER@Native Directory is not\
  completely Provisioned by Planning.
  Could you please advice how could we resolve this issue.

  Check whether the user is only an Essbase user. (I don't think that is the case, but in case)
  Try changing the access type using
  alter user username add application_access_type Planning; (don't know whether this works in latest release)
  Try the stepsRAvery and _RahulS_mentioned.
  Tried that in 11.1.2.2 access_type Planning is defered.
  Regards
  Celvin
  http://www.orahyplabs.com

• Dynamic where clause, user/row security

  I haev two tables:
  create table table1(
  First_name varchar2(12),
  Last_Name varchar2(17),
  Middle_name varchar2(1),
  Cabinet varchar2(2),
  Department varchar2(3),
  Division varchar2(2),
  branch varchar2(2),
  section varchar2(2),
  unit varchar2(2),
  serial varchar2(3),
  job_title varchar2(13),
  other fields......
  create table security(
  USERname VARCHAR2(14),
  FIRST_NAME VARCHAR2(20),
  PER_CABINET VARCHAR2(2),
  PER_DEPT VARCHAR2(3),
  PER_DIVISION VARCHAR2(2),
  PER_BRANCH VARCHAR2(2),
  PER_SECTION VARCHAR2(2),
  PER_UNIT VARCHAR2(2),
  PER_SERIAL VARCHAR2(2),
  other fields....
  ****security table sample data****
  username first_name cabinet dept division branch section unit serial
  username1 firstname1 10 785 05 01 02
  username2 firstname2 32 527 02 03
  username3 firstname3 32 527 02 01
  username4 firstname4 46 546 22 06 05
  username5 firstname5 46 546 27 15 01
  username6 firstname6 10 005 01 01 01 01
  username7 firstname7 10 005 01 01 01 01
  username8 firstname8 10
  username9 firstname9 10 005
  username10 firstname10 10 005 01
  What I would like to do is, based on the values assigned to user in security table, the records from table1 should be fetched.
  For example: (lets say there are 1000 records in table 1 for cabinet 10)
  username8 should be able to see all records pertaining to cabinet 10. (record count=1000)
  Username9 should be able to see all records pertaining to cabinet 10 and dept 005 (record count=800)
  username10 should be able to see all records pertaining to cabinet 10 and dept 005 and division 01 (record count=600)
  username1 should be able to see all records pertaining to cabinet 10 and dept 785 and division 05 and branch 01 and unit 02 (record count=10)
  ....and so on
  To summarize I have to narrow down the number of records a user can see.
  I tried to implement this using set_context each for cabinet, department etc... the problem is some users may not have all the values. so my where clause fails and returns 0 rows.
  example:
  select count(1) from table1 where cabinet=(select per_cabinet from security where username='username1') and department=(select per_dept from security where username='username1') and division=(select per_division from security where username='username1') and branch=(select per_branch from security where username='username1') and section=(select per_section from security where username='username1') and unit=(select per_unit from security where username='username1');
  I would get 0 rwos because username1 does not have any value for section.
  I point to keep in mind is that not all users have same values.
  Any thoughts or ideas on how to resolve my problem? Thanks.

  By set_context, I hope you mean you are using sys_context and VPD/RLS for this filtering. For the filter condition, how about modifying each part in the form:
  unit = nvl((select per_unit from security where username = :username), unit)or
  unit = (select nvl(per_unit, unit) from security where username = :username)

• Security filter setup missing in one of the planning applications

  We noticed recently that our users in one of the planning applications were not able to access any data.
  Then we noticed that the entire security filter setup went missing/wipped out for that application and had to set up manually and then a security refresh had to be done to restore security.Any suggestions about the root cause for this issue.We have not been able to find out much about this
  Thanks

  jts wrote:
  It would have been curious if you would have gone to Essbase and sync from Shared Services in the security section to see if the security filters would have repopulated in planning.Filters are stored on the essbase side (essbase.sec) and not in shared services so I wouldn't of thought syncing from HSS to essbase would make any difference
  Cheers
  John
  http://john-goodwin.blogspot.com/

• How to apply Computer Configuration to users with Security Filtering?

  I have a gpo that contains both user and computer settings.  In order to test it, I want to link it to an OU that contains users and their computers, but I want to use Security Filtering to apply it only to certain users (I don't have their computer
  names).
  Is there a way to filter it to only certain users without losing the computer settings?

  > Is there a way to filter it to only certain users without losing the
  > computer settings?
   Computers look for computer settings in a GPO they have access to.
  Users look for user settings in a GPO they have access to.
  SO you might simply remove "Authenticated Users" (which includes both
  computers and users) from security filtering. Then add "Domain
  computers" which gives all computers access to computer settings, and
  add the users in question, which gives THESE users access to user settings.
  Don't enable loopback and play around with it unless you are sure you
  fully understand what it is doing!
  http://evilgpo.blogspot.de/2012/02/loopback-demystified.html
  http://blogs.technet.com/b/askds/archive/2013/02/08/circle-back-to-loopback.aspx
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Server failed to connect to BI Security Service.

  The complete error is:
  [nQSError: 43146] FMW_UPDATE_ROLE_AND_USER_REF_GUIDS inside NQSConfig.INI is set to Yes but the server failed to connect to BI Security Service.
  BI server fails to come up...
  need urgent help !!!

  Check these
  http://docs.oracle.com/cd/E21764_01/bi.1111/e10541/configfileref.htm at A.6.26
  http://www.varanasisaichand.com/2011/08/refresh-user-guids-obiee-11g.html?m=1
  Pls mark if helps

• Planning security filter got corrupted

  Hi Hyperion Gurus,
  We are using Hyperion 9.3.0 and recently found that security filter of one of the Planning user has been corrupted, whenever that user logs in Excel addin or Smart view the essbase service goes down and when I try to open the security filter through AAS it again brought the service down, this led me to think that the filter has been corrupted.
  I have deprovisioned the user from Shared Service and after that refreshed the security in AAS to sync with Shared Service this removed the user from Essbase system now I tried to delete the filter through aas and also by running maxl script but am not able to delete it and every time I try to delete this brings the service down. I was planning to refresh the security from Planning apps now but am bit scared to do that as am not sure if this will corrupt essbase security file.
  So my questions to you all are
  1. How to delete this corrupted security filter.
  2. Will refreshing the security from Planning can remove this filter as the user has been deprovisioned from Shared Service.
  3. What all steps need to be taken before refreshing security from Planning so that if there is any serious issue system can be restored back.
  Thanks in advance.

  Hi,
  We had the same issue with a corrupted security filter. Any time the filter was referenced it would bring down essbase. In 9.3.1 you can export security (right click the security object). What we saw ws when the export hit the bad filter it would shut down essbase. We discovered which filter was bad because the output from the export would stop right before the bad filter.
  The bad news is there is not a way to delete the bad filter AAS or Maxl. So you need to find a backup security file that is good and will export. Once you do that i would think that you could create or refresh the security filters from the planning web and it would re-create the users/filters in essbase.
  Keith

• Failed to sync user with identity native://nvid=9236b494f1ddf8ca:-7297b89f:

  Hi,
  I have created a native user in hyperion share services 11.1..2.1 and provisioned him as a planner for one planning application.The issue is getting errors when i am giving access to dimension members in planning application.
  Below are the errors:
  1)failed adding users and groups
  2)Failed to sync user with identity native://nvid=9236b494f1ddf8ca:-7297b89f:132610f37e3:-7e0f?USER with user provisioning. Check Planning log for details
  Regards,
  Ra

  Hi,
  I have seen this though maybe not in the same context, I will describe what I saw..
  Migrated planning database, updated sid for native users...
  1 native was fine logging into the planning app, the other user got "Failed to sync with user provisioning. Check Planning log for details"
  The sid was correct so it wasn't a problem on the planning side, what I did notice was in the EAS console the user did not exist, usually when you first log into planning it will check if the users exists in essbase, if they don't then it adds the user as a planning user to essbase.
  What I did was add the user in HSS as having essbase server access, then refreshed security in EAS, the user now appeared in EAS as an essbase user.
  Then tried to log into planning and suddenly the user could connect with no problems.
  So then I removed the essbase server access for the user in HSS and refreshed security in EAS, the user was gone, tried to log into planning and logged in with no problems.. Migrated identities in Planning.... Back in EAS the user was now in there as a Planning user...
  I don't know if this the same problem but you could try playing around with the essbase security and see what happens.
  Cheers
  John

• Failed to sync User Provisioning - Hyperion Planning

  I have created a user group using shared services console. Thereafter created users and assingned to respective groups.
  After that I have redeployed the application through EPMA. I am able to assign the dimension member level security to groups.
  Even after redeploying the application I am unable to log-in to application through the newly created users. Any help to resolve the same is highly appreciated.

  Sravan Ganti wrote:
  Did you create the security filter for the users. Refresh them once.Security filters should have nothing to do with this.
  Are the users native users or Active Directory ?
  You say you provisioned them to a group, have you tried provisioning just a user for the application and not a group.
  You can also try using the provisionusers utility and see if it syncs up with shared services.
  Are you logging in through workspace or directly into planning, try logging directly to planning e.g http://planningmachine:8300/HyperionPlanning/
  You can also try running planning from the start menu, stop the planning service first, this should write more information to the command window.
  Cheers
  John
  http://john-goodwin.blogspot.com/