Groups and ESSBASE Filters
Can anyone tell me we can import the Data level filters for Groups from ESSBASE?
If so, do we have any documentation on how to perform this?
Thank you,
You can't import them but they will be applied to all selections if you use integrated access control between OBIEE and Essbase (i.e. hand over :USER, :PASSWORD in the connection pool rather than generic conneciton credentials).
Cheers,
C.
Similar Messages
-
Mobility groups and MAC filtering
We have a 4402 controller and we are doing MAC filtering. We have reached the default number of MAC addresses, 512. It has been recommended that we add an additional controller instead of increasing this past the default. Three questions:
1. Is there an increased (enough to impact performance) load placed on the WLC if the limit of MACs is increased, say to the max of 2048?
2. If we add an additional controller, configured in a mobility group, how do we configure the MAC filter to load balance? Or do we have to configure the same MAC table on both controllers? Which leads to....
3. Is there a benefit to adding another controller as far as MAC filtering is concerned?As it stands, you would need to manually replicate internal mac filtering database between two controllers, so you're not gaining much with the second controller. As regards to increasing database size and what effects it will have, I don't have an educated answer for you, sorry.
Regards,
Roman -
Creating New Security group and Refreshing Security Filters
Hi
I have created a new security group (and added people to it)
I have given this security group write access to certain dimension members within the planning application
I have refreshed the security filters via Planning_Manage Database_Security Filters
But the people in the new security group still dont have write access to the dimension members
If I look in EAS ... I cant see the the new security group that I have created
Question 1
Do I need to refresh the security filters via EAS
If I do this ... I know that I need to make sure that no one is in the Essbase application
Do I also need to make sure that no one is within the relavent planning application?
Question 2
Is it enough to refresh the security filters (tick security filters) .. or Do I need to tick database in the manage database options
Question 3
Does anyone have any suggestions that I havent mentioned above?
Thank you
PDHi John
Thanks for your suggestion
I tried this and He still doesnt have write access
He doesnt need to be able to lock and send values via essbase ... However when we are in planning, He cant submit data to the dimension members mentioned above.. i.e the cells are all green
I have checked and doubled check the security on the dimension members (and form security) in the form that he cant edit
Do you have any other suggestions?
Thank you
PD -
Filtering R/3 Material Groups and Material Types
Hi,
I am trying to filter the Material groups and material types during master data upload from R/3 to SRM 4.0
I am tried doing the following:
1. In Txn R2AR2, i set up the request for DNL_CUST_PROD1 for MARA-MATKL(Material Group) & MARA-MTART(Material Type)and then run the Txn R3AR4 with DNL_CUST_PROD1. The replication was successful, but it pulled in all the R/3 backend material groups and material types.
Now i deleted the replicated material types and Material groups in SRM using SRM Std reports and this too was successful.
2. Now i tried another method - In Txn R3AC3, i selected the Object DNL_CUST_PROD1 and i added table MARA and set up the filter requirements for MARA-MTART(Material Types) and MARA-MATKL(Material Groups), i synchronized the filters and then when i selected the object DNL_CUST_PROD1 in Txn R3AS for initial upload, even this is pulling in all the material types and material groups from R/3 without filtering
Can anyone please let me know the exact procedure to filter out the R/3 Material types and material groups during initial upload of this data into SRM 4.0
ThanksHi,
Before starting the INitial load for MATERIAL,for filetr settings ,Go in tcode R3AC1.
There select the Object name as MATERIAL and click on the "filter settings" tab.
There in OBJECT FILTER SETTINGS
Enter the relevant filter criteria:
e.g. If you wnat to filter on Material type(MARA-MTART):
The input will be as follows:
Table /Structure :MARA
Field :MTART
OP :EQ Equality (= Low)
Low: "Material type name"
Incl/EXcl: Inclusive defined
And then click on the button "FILTER SYNC".
The filter settings are complete for the Material download.
HTH,
BR,
Disha.
Pls reward points for helpful answers. -
Somebody know if is possible to use essbase filters with OBI?... I need to import a cube in OBI, but with restriction, i.e. only a branch of a dimension.
thank in advance.
A.S.If you import the outline using one of the application administrator user names, you will get the whole outline represented in the physical layer. The Essbase filters will kick in during data retrieval through Answers (or any other tool firing requests through the BI server). I.e. the query results will be filtered.
NOTE: If you have users with different Essbase filters, you can not use a singular user (like the one used for initial import) in the connection pools, but have to hand over the OBIEE credentials to Essbase - for exmaple by using :USER / :PASSWORD.
NOTE: This will only work with a minimum of 10.1.3.4.0 with patch 7349048 applied. Alternatively, 10.1.3.4.1 already contains 7349048.
NOTE: If you have already worked on the integration before, be sure to retest everything thoroughly after applying any patch or the .1 version. Both modify the MDX generated by the BI server...i.e. behaviour might change. Check out this post and the ones it references to read a bit more about that: [http://hekatonkheires.blogspot.com/2009/07/obiee-essbase-mdx-generation-issues.html|http://hekatonkheires.blogspot.com/2009/07/obiee-essbase-mdx-generation-issues.html]
Cheers,
C. -
Using Customize grouping and filtering for EPPM 8.2.1 family
Are there any know issues or BUGS when using customize grouping and filtering returing more than the filtered projects?
We are customizing grouping on Project Status and Region and filtering on Region and Let by Code
ThanksAre there any know issues or BUGS when using customize grouping and filtering returing more than the filtered projects?
We are customizing grouping on Project Status and Region and filtering on Region and Let by Code
Thanks -
Managing Groups and Filters Externally
Can I manage groups and filters from an external agent such as LDAP? Or can groups at least be added, etc from an external API?Thanks.
Best I found on this thread from two years back is to use API or MaxL.Is this still the answer? Anyone know if I can manage my groups in MSAD and grant permissions to the AD groups?If not, is anyone willing to share code/links?respond to group or to tklein at rubytuesday.com
-
Planning Security Filters not reflecting in Essbase filters for 2 of 4 cube
We are using Hyperion Planning with essbase. In essbase we have 4 cubes in essbase (BSCF, EMP, IS, MGN). We would like to add security for the entity dimension as we don't use it currently but we do for other dimensions.
I have created a new group (FIN_APAC) in SS so that restricted access be given to users in Asia for only their LE(s). Then I enabled security for the LE dimension in planning and set security filters through a command line load. For existing groups I gave write access to all LE members and for the new group (FIN_APAC) I gave write access to certain members.
When I refresh the security filters in planning they should reflect in Essbase and it does for 2 cubes (BSCF & EMP) but for the other cubes (IS & MGN) the essbase security filters are NONE! In planning all the LE members are set to be included in all plan types.
The main problem seems to be with this new group (CSR_FIN_APAC) as whenever this group is assigned the essbase filters are not assigned properly. For the existing groups that have added LE security for all members the security filters are updated for 4 cubes as expected.
Any help appreciated
xWhen you create a planning application we can create 3 essbase cubes as plan types. if you use Capex, Workforce you can able to create max of 5 databases in Essbase version 11.1.1.3.
if it is 11.1.2 you can add one more cube
In your question, have you created 4 Essbase cubes. can you explain how that is possible.
if all the LE members in all plan types means in 3 Essbase cubes. when you refresh security from planning to essbase that works fine.
Can you explain the situation perfectly so that can able to give ans.
Thanks,
Suneel kanthala. -
Why Essbase filters not updated by Planning 9.3.1.0?
Hi,
1) I added READ access to member in outline ( Planning 9.3.1) for user Sandy in two cubes but it did not create READ access in filter for third cube. How strange…
2) In that problem cube, I even cleared all data from HSP_Control_Access using DELETE FROM HSP_ACCESS_CONTROL
and restarted Planning service and ran Manage Database> refresh Filters. I added READ rights to Sandy - however, there is still no READ line in security filter fsandy in that one Planning cubes What am I doing wrong?
I even tried rebooting server and running the following:
CubeRefresh.cmd /A:PLAN2 /U:admin /P:password /C /F /DEBUG
Cube refresh completed successfully.
But I still can’t get a READ line for fsandy in filter:
fsandy
Application: PLAN2
Database: Product
Default Access: Create
Active: TRUE
Number of rows: 1
None: @IDES("Account"),@IDES("Scenario"),@IDES("Version"),@IDES("Company"),@IDES("Cost Center")
What else can I do to get filter fsandy to have a line for READ in the 3rd problem cube?Thanks everyone for chipping in to help.
I think this is a bug in 9.3.1.0. Can anyone confirm it is fixed in 9.3.1.2 ?
Sandy is provisioned as Server-Access in HSS's Essbase.
I even provisioned the user as Interactive user in Planning.
I created a new NATIVE user and give it access to members as a test. No luck - no READ filter was created.
More observations:
in Dev server 9.3.1, not one user's filter have "READ" access in 9.3.1/Essbase cube Product.
In contrast, in v9.2 planning in production server, users' filters do have READ access in Essbase cube Product. 9.2 users are provisioned as Server-Access in HSS's Essbase and provisioned the View user of Planning.
I exported security from 9.2 and imported them into 9.3.1 (using exportsecurity) and ran all the utils such as updateusers and provisionusers.
I did try manually adding all dimensions members such as Actual, 111 (cost center), "all accounts"...
Sandy is part of Group. I'll try to remove him from group and see what happens.
I also tried changing cost center, did not help.
When I ran Manage Database> refresh Security Filters, I tried all options (Shared Members/Validate Limit).
Edited by: user643332 on May 13, 2009 9:55 AM
Edited by: user643332 on May 13, 2009 10:01 AM -
Essbase cannot union mutliple groups with Essbase filter
Hi All,
I got a problem to provisioning on Shared Service.
In some case, I need to grant multiple filters to a Essbase users, say user01.
However, each user can associated one Essbase filter only.
For better management, I create multiple groups with different filters and assign the user, user01, into the groups.
For first two groups are working normally. However, Essbase cannot "union" all filters from multiple groups after the users join the third groups.
However, I try to combine the three filter into a filter with three rows. It is working!!!
It is because there are large number of users in external LDAP. It is unmanageable when combining multiple filters into a filters. Is there any way to solve this problem? or is there any better approach to do the security ?
Thanks in advance!!!
Regards,
TKCThanks for your reply.
I have following structure in Essbase. I try to make it simple to understand.
Dept (dimension)
|_C00
|_CTTL
|_C01
|_C02
Project (dimension)
|_GEN
|_P01
|_P02
|_P03
|_PI
|_A
|_P01 (shared member)
|_B
|_P02 (shared member)
|_P03 (shared member)
Group A with Filter F01
Read - CTTL, IDESCENDENT(A)
Group B with Filter F02
Read - C01, P01, P02
User joins A and B group.
The end result of user is that
he can access CTTL of P01 only
he can access C01 of P01 and P02 only
he cannot access C02 of any Project dimension
he cannot access CTTL of P03
However, I found that when I change to metaread. The result is going wrong.
he can access C01 of P01, P02 and P03 only.
It is because I need to block user to view members which he cannot access.
I need "metaread" function.
So somebody tell me how to achieve this? Thanks in advance.
Edited by: user070322 on Jan 4, 2009 8:37 PM
Edited by: user070322 on Jan 5, 2009 6:04 PM -
Hi guys
Can security filters in Essbase created by separating the dimensions like in.. filter 1 restricting access on one dimension, filter 2 restricting access on another three dimensions and filter 3 on remaining three dimensions? so that when access have to modified as time passes only 1 filter to be changed and not all three?
I have created security filters in Essbase in the above mentioned fashion and they do not seem to work..
Should a filter mention all the dimensions to work properly?
Thanks
Edited by: dave78 on Jun 27, 2012 5:50 AMHi
I've had similar issues in the past and this is what I discovered. A user or group can only be assigned a single filter at any one time, there is a way to give a user access to more than one filter by adding the user to multiple groups where each group has one filter that you want the user to inherit.
The issue you are probably having is that Essbase filters join using different conditions depending upon what is selected. By that I mean that if you have two filters that have the members from the same dimension specified they will join using an AND condition, e.g.
Filter1 - Write EntityX
Filter2 - Write EntityY
Resulting access - Write EntityX and EntityY
However if the members are from different dimensions then the filters join using an OR condition, e.g.
Filter1 - Write EntityX
Filter2 - Write ScenarioA
Resulting access - Write EntityX with any scenario and write ScenarioA with any entity
If you use members from multiple dimensions, but the same dimensions then this seems to use the AND but is cumulative, e.g.
Filter1 - Write EntityX, ScenarioA
Filter2 - Write EntityY, ScenarioB
Resulting access - Write EntityX or EntityY with either ScenarioA or ScenarioB
Our situation was an Essbase cube built by EAL from HFM but we couldn't get EAL to pass the security through, it kept failing due to filter size. As in HFM security classes in our case were dimension specific we tried to follow that model in Essbase but it wouldn't work. As our Essbase model needed no write access for any user (all data passed from HFM so any changes were written there) we decided the only approach was to restrict the security to a single dimension (Entity) and accept that some users may be able to see scenarios that we didn't necessarily want them too. That was better than having to create 4 / 5 times as many filters and the corresponding groups to put the filters into etc...
Hope this helps, apologies if you have to go back to the drawing board!
Stuart -
Migrate the users, groups from essbase 7.1.6 to shared services
Hi
Our current production is essbase version 7.1.6 and we are planning to migrate to EPM 11.1.2 . We would like to move the security administration from Essbase to Shared Services (want to use Native Directory).
can somebody please suggest
1) An utility that Oracle provides with EPM 11.1.2 that helps to migrate the users and groups from 7.1.6 to shared services?
2) After bringing the users groups from 7.1.6 to 11.1.2, do we need to externalize these users and groups or no need?
Appreciate the help. Thanks,if you have LDAP/MSAD try to configure it first .That will get your users
Now using maxl
spool on to GROUP.txt
display gruoup all;
spool on to USER.txt
display user in group all;
for test purpose create a test group and a test user from the shared services.
Now using GROUP.txt
make up maxl statements to create groups(use any advanced text editor or MS excel to get your work done fast)
create group 'groupname';
now login into that shared services
go to FOundation Application group->click sharedservices->drop down native directory ->Right click on Groups and select export for edit.THat will save you Groups.csv file.
Now
1.Open that Groups.csv file
2.Using USER,txt ,paste the users in that file under their respective group.(Look for test group created that should give you an idea!!!)
3.Paste user correctly and save it to the same file Groups.csv
4.go to FOundation Application group->click sharedservices->drop down native directory ->Right click on Groups and select IMPORT for edit.
5.that will get your users into the groups.
________filters_______
Using maxl again
spool on to FILTER.txt
display filter row all;
spool on to GRPRIVILEGE.txt
display privilege group all;
Now using FILTER.txt
create maxl statements
(use any advanced text editor or MS excel to get your work done fast)
Ex: create filter app.database.filtername read/write/none/metaread on 'AREA ' ;
Using GRPRIVILEGE.txt
create maxl statements
grant filter app.databse.filtername to 'groupname';
that should get your filters created and assigned.
else you can use Advanced Security Manger
http://www.appliedolap.com/free-tools/advanced-security-manager
hope that should give you an idea!!!!!!! -
Error in Form. - Security and or filtering has resulted in a Required dim
Hi,
When some of our users are trying to access forms, they are getting the error"Security and or filtering has resulted in a Required dimension not being represented on this data form'. How Do i resolve this issue. Do I need to go to the organization dimension and asign secuWe are on Hyperion planning 11.1.1.1.
PrasadIt sounds like the issue isn't related to provisioning. Instead, it sounds like a dimensional security issue (security assigned to individual members in your hierarchies). For example, perhaps the user doesn't have access to a particular scenario or entity?
To edit dimensional security, sign into your Planning app as an administrator. Select <Administration>, <Dimensions>. Click on a member and select the "Assign Access" button. If that button isn't available, it means that security is not turned on for that dimension. To turn security on or off for a given dimension, select that dimension and press the "View" button. You should see a check box to "Apply Security".
When I'm trying to debug this type of issue, I typically use the native Essbase spreadsheet add-in and Styles. Try to recreate your form in the spreadsheet add-in. Use the exact same members. (make sure you're signed in as the user who is having trouble with the form)
In your Essbase options, select "Use Styles" in the display tab. Then select different styles for read only and read/write. It will quickly become apparent where you have security assigned. Then you go update your security in Planning, refresh, and your user should be able to access the form.
Hope this helps,
- Jake
http://plandemonium.wordpress.com/ -
How to Add multiple entry to the group policy security filtering
How to Add multiple entry to the group policy security filtering
Is there any way we can add multiple entry to the Domain group policy Security filtering tab.Currently its not allowing to add more then one entry at a time.
Getting Error like "only one name can be entered,and the name cannot contain a semicolon.Enter a valid name"Hi
Are you trying to add more users or groups through Group Policy Management Security Filtering tab?
Try right clicking on the policy and then edit
Then in Editor Right click on the name of the policy and Properties
Security tab and add user or group from this tab. Just make sure if you are adding user or groups "Select this object type" has
the correct option also "From this Location" is set to your entire directory not the local server.
Update us with the above.
Thanks -
Regarding Shared Services and Essbase Access
Hello,
I am curious on few things regarding how Essbase and Shared services are interlinked.
Basically we have created Essbase Filters to limit the User access to specific entities , my concern is if a User is trying to Run a report or retrieve through Smart View and if they don't have access to any one of the list of Filter definitions say if there are X , Y ,Z entities in the Spread sheet for Smart View retrieval or in a report and the user does not have privilege for Z do they still get terminated from the entire Essbase Applications. I encountered similar type of problem with one of the users today.
Any comments.
Thanks !Thanks for the reply Glenn , yes it should not get disconnected or have any connection issue. But below is what the error we get when using Essbase security filter.
**** Cannot Open Member Selection. Essbase Error(1001064):You do not have sufficient access to perform read on this database ****
Maybe you are looking for
-
How to add a new Field in the Dynamic Selection screen section.
HI, There is a requirement in which I need to add a field in existing program of dynamic selections. I need to add a field KNKK-DBRTG (Customer Rating) in dynamic selections screen of some existing report which has a dynamic selection screen with oth
-
For those who already own an Apple TV I wanted to know if the voltage for the power adapter says 110V-240V on it like it does for the computers. Thanks
-
Travel Management Employee Grouping for Domestic Travel per diems
Dear All, I have a scenario in Travel management Scenario Client has Domestic Travel, only in India under India they have Class A cities, Class B Cities and Class C, For Class A different Per diems rate with respect to the Employees Grade Eg i have
-
Where is the best place to buy the new ipad? Please help
I am ready to buy a new ipad. There is no apple store in my town but I will be close to one in a couple of days. My town has Best Buy, Target, and Walmart. Assuming I can find what I want... in case I have issues with it, where is the best place t
-
When I create PDFs it adds a file I didn't select to the PDF as well as the one I did. Why?
the question is why is it doing this. I really only use it for excell files so thats where im having the problem. its the same file that keeps apearing.