HFM Security Access Edit Logs - Audit

Similar Messages

• HFM Security Access

  I have a query on HFM security which I have got from the business.
  1)     Change Doris and Jeanie access to read/display only in HFM production. We should have access to display all data in HFM. – I was not sure which access should I give to get this requirement.
  2)     In Process Management, Please provide “Start”, “Signoff”, “Approve”, “Reject”, “Publish” in process management for Rob Sage, Debbie Indrieri and Doris Lai. Also, Please provide “Promote” and “Submit” Access to Elisa Ha and Jaime Akiyama. – Shall I give Review Supervisor for Rob Sage, Debbie and Doris for this access and not sure which one should I give for Elisa and Jaime.
  Kindly help me in this regards.

  I don't use process management so I will not attempt to answer that part of your question.
  In regards to the first part, you need to go into Shared Services and assign those users the Read permission for the required security classes. For instance, if all entities are tied to a class called ALLENTITIES, you could go into Shared Services, click on projects, click on the project that holds your application, and then click on the application you are managing. Then you would search for the users/groups in question and add them to the selected list, next you would select the classes you want to assign them access to (i.e. ALLENTITIES). On the next screen you will see a grid with users/groups and classes. Go to the cells and set the Access Rights to read. (Be sure to hit the SAVE button when done)
  Alternatively, you can do a security extract from the application, make the updates in the security file, and load that back to the system.

• Data Access Service is unable to log audit events to the security event log

  Hi,
  Scenario: SCOM 2012 R2 UR4. (Windows 2012 R2)
  Today SCOM have generated 4 alerts Data Access Service is unable to log audit events to the security event log.
  The service account for "System Center Data Access Service" service is "Local System".
  The users at "Generate security audits" are: LOCAL SERVICE and NETWORK SERVICE.
  The question is:
  how to resolve this alert? (Where look for to obtain more information to resolve this problem)
  Thanks in advance!

  Local system account is differet to local service account. Fo detail description of these accounts, pls. refer
  LocalService Account
  http://msdn.microsoft.com/en-us/library/windows/desktop/ms684188(v=vs.85).aspx
  LocalSystem Account
  http://msdn.microsoft.com/en-us/library/windows/desktop/ms684190(v=vs.85).aspx
  Generate security audits which is under Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment of Group policy, determines which accounts can be used by a process to add entries to the security log. This user right
  is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy of workstations and servers. By default, only the LocalSystem account has the privilege to be used by processes to generate security audits.
  For identified the SDK account
  1) open services.msc
  2) From the system Center Data Access Service, you can see the SDK logon on as account 
  Roger

• Unable to access citadel edit log.

  I just installed LV-DSC 8 on my PC and I am trying to view some historical data through the Historical Data Viewer in MAX.  The historical data is on a remote PC running LV-DSC 7.  I can connect to the remote PC and see the database name, but when I click on it to view the tag names, I recieve the error message "Unable to access citadel edit log.  Database files may be read-only or invalid".   Does anyone know what causes this type of error?  And what is the 'edit log'?
  I verified that the files are not read-only.  I can view an example database that ships with LV-DSC 7 on the same PC, so the problem seems to be specific to this database.  Strangely I can read the database without any problem locally or read it from another machine with LV-DSC 7 so the database is not completely corrupted.  Thus the problem exists only on this database and only when viewing it from a LV-DSC 8 machine.  
  In LV-DSC 7 is there a way to run a "repair" routine on the database?  I wonder if detaching from the database and then reattaching might help. 

  I'm not sure what would cause that. On the LabVIEW 8 PC, verify that you have write permission for the files under C:\Program Files\National Instruments\Shared\Citadel\__LocalCache. If user-level security is enabled for your file system, you should also verify that the SYSTEM user has write access to those files.

• Monitoring HFM security

  I am using Hyperion 11.1.2.1. and want to monitor some HFM security.
  Is there any way we can find that :
  how many number of users are currently accessing a particular HFM Application and can identify them with their user-details and login-details whenever required ?
  how many number of users are currently accessing the whole HFM Application(Schema) and can identify them with their user-details and login-details whenever required ?
  -----Sunny

  Hi Sunny,
  As the subject was about HFM Security i have given you the query or details which i was aware about HFM.
  1.I mean to say for the tables i have listed in the query there are other columns as well so if you want to get more details then you can select which are all the columns you would require and add them accordingly in the query.
  2.Yeah its possible to get the details about user connected to application even. here is the query you need to change for this as below
  select h.sservername,h.sappname,s.susername,to_char((to_date('01/1900','MM/YYYY')+h.dstarttime-2),'DD/MM/YYYY hh24:mi:ss'),h.lactivitycode,h.sactivitydesc
  from hsv_users_on_system h,hsv_activity_users s
  where h.luserid in s.luserid
  order by sservername
  Also as you were asking for Historical/past login times & details here is the below query which will help you in analysing the things better with activity they did and time they logged in and carried out activity.
  select g.servername,g.appname,to_char((to_date('01/1900','MM/YYYY')+g.starttime-2),'DD/MM/YYYY hh24:mi:ss'),to_char((to_date('01/1900','MM/YYYY')+g.endtime-2),'DD/MM/YYYY hh24:mi:ss'),g.strdescription,s.susername
  from Appname_task_audit g,hsv_activity_users s
  where g.activityuserid in s.luserid (optional if you want to search excluding admin id then you can add this line to existing query at the end [and s.susername not like '%admin%'])
  As the audit logs are specific to applications you need to replace "appname" in the query with your application name for which you wanted to check audit.
  Ex: if your application name is abcd then your query should be something like this
  select g.servername,g.appname,to_char((to_date('01/1900','MM/YYYY')+g.starttime-2),'DD/MM/YYYY hh24:mi:ss'),to_char((to_date('01/1900','MM/YYYY')+g.endtime-2),'DD/MM/YYYY hh24:mi:ss'),g.strdescription,s.susername
  from abcd_task_audit g,hsv_activity_users s
  where g.activityuserid in s.luserid (optional if you want to search excluding admin id/any specific user  then you can add this line/change  existing query at the end [and s.susername not like '%admin%'])
  Hope this helps !!!!
  Thanks
  Amith

• Providing un-secured access to a web report.

  Hello Experts,
  We have been sending out 'Load Status' emails on a daily basis for various BW loads. Recently we discontinued this process and set up a report based on one of the statistics cube. We got out the link for this web-report to all the users in our daily load status distribution list.
  The problem now is that when you click on the link, it pops out a window asking for the log-on information to our production system. But it looks like a few of the users do not have access to the production system and are hence unable to access this web-report.
  Is there any way to allow un-secured access to this particular web-report to all users i.e.without a screen asking for log-on information?Is it possible to set up a generic user id for this report that allows all the users to access this report without actually giving them access to our production system?
  Thanks
  Arvind

  Arvind,
  What is your BI system version ?
  if it is 3.x - then the URL will have a link to your server followed by a Question mark "?" and then some parameters.
  The value till the ? mark is the Web service for the same - you can make this Anonymous in SICF but then this would mean that all queries can be accessed through this URL ...
  else create an RFC enabled function module based on RRW3_Query_View_data and then use this for your query and expose the same as a web service and make it anonymous ... or have a BSP page to do the same....

• After Effects CS5.5 crashes when selecting "Edit in Audition" (0::42)

  I was surfing around Adobe TV and watching a few tutorials when I decided to try out the edit in audition feature, except when I pulled up my project and selected "edit in audition" I got this error message:
       After Effects error: crash in progress. Last logged message was: <8136>
       <Dynamiclink> <5> 0000000019A79460
       After Effects can't continue: sorry, After Effects has crashed. For After Effects
       help and support, go to http://www.adobe.com/support/aftereffects. If you still
       can't resolve the issue, please contact Adobe technical support (2).
       (0::42)
  What I'm trying to import into Audition is really heavily edited and saved as an .aep, but when I do the same with an untouched .mov file it works fine. So maybe it's a limitation of Audition/After Effects? I don't know.
  Also, a couple of things have been installed since I started the project, and I read in a thread that might be the problem. But before I go deleting anything I want to make sure the same thing is happening to me.
  Aside from this, After Effects works just fine, and so far this is the only error I've gotten.
  My setup is
  Acer Aspire
  Windows 7 64-bit
  4GB RAM
  Intel i5 processor
  Adobe Production Premium

  You're probably simply running out of memory to run both programs at the same time and otehr things like compressed audio/ video in the project may complicate matetrs further with hardware acceleration stuff. Not much you can do, most likely beyond the usual advice of making sure all your drivers are up to date...
  Mylenium

• HFM Security Issue - User can submit a journal by by-passing the approval step even though they are not an admin.

  Hi All,
  I was wondering if anyone could help me with a HFM security issue on HFM 11.1.2.3 we are facing please?
  The problem is that a user can by-pass the journal approval stage and post directly after submitting if Custom4 access control=All is selected.
  If any of the other access controls (None, Read, Promote) for custom 4 are selected, the first two steps of the process are possible -
  input and approval of the journal are possible but final posting of the journal is not and returns an error that says:
  "User does not have the access right to perform this journal task"
  The options I have thought for a workaround are as follows:
  1.       1. Set up a 3rd user called data poster and remove submit journal role from user 1 (data inputter)
  2.       2. Put in place process control and use the various review levels (could be quite time consuming given there is no time left for development)
  Have anyone experienced this before and come up with a quick way of resolving this please? It would be very much appreciated.
  We have two types of users who are associated with groups in HFM and have the appropriate roles assigned to them to complete their tasks,
  they are:
  1. A data Inputter (who inputs base data and journals, who has access to create and submit journals)
  2.   2. A data reviewer (who approves journals)
  The process is as follows:
  1.       1. Logon as Data inputter to submit the journals
  2.       2. Logon as Data reviewer to approve the journals
  3.       3. Logon as Data inputter to post the Journals
  We are using the custom 4 member to identify different adjustment types. At the moment we are able to set it up in such a way whereby Steps 1 and 2 can be completed
  but once it comes back to step 3, we get an error as follows:
  "User does not have the access right to perform this journal task"
  (This error comes about when the access control on custom 4 is set to None, Read, Promote)
  Custom 4 Access Rights looks as follows:
  C4_ADJ01
  C4_ADJ02
  C4_ADJ03
  C4_ADJ04
  HFMDefault
  Read
  Read
  Read
  Read
  HFMLoad
  All
  Promote
  None
  Read
  HFMReview
  Read
  All
  All
  All
  When Custom 4=C4_ADJ01 all 3 steps can be completed but it by-passes step 2 (journal approval).
  For all other Custom 4 we complete steps 1 and 2 successfully but not step 3 due to access issues.
  Roles for the groups that users assigned look like the following:
  Test User Name
  Test User Name
  Access Rights
  1
  Base Data input/Journal Data input
  test_HFMLoad
  Reviewer 1
  Review Supervisor
  Create Journals
  Read Journals
  Database Management
  Enable write back in Web Grid
  Load Excel Data
  Generate Recurring
  Post Journals
  Create Unbalanced Journals
  Manage Templates
  Data Form Write Back from Excel
  Consolidate
  2
  Data Reviewer
  test_HFMReview
  Reviewer 1
  Review Supervisor
  Create Journals
  Read Journals
  Database Management
  Approve Journals
  Consolidate
  Reviewer 2
  Generate Recurring
  Manage Templates
  Create Unbalanced Journals
  Any help or advice would be much appreciated.
  Thanks in advance,
  M.

  Hi All,
  I was wondering if anyone could help me with a HFM security issue on HFM 11.1.2.3 we are facing please?
  The problem is that a user can by-pass the journal approval stage and post directly after submitting if Custom4 access control=All is selected.
  If any of the other access controls (None, Read, Promote) for custom 4 are selected, the first two steps of the process are possible -
  input and approval of the journal are possible but final posting of the journal is not and returns an error that says:
  "User does not have the access right to perform this journal task"
  The options I have thought for a workaround are as follows:
  1.       1. Set up a 3rd user called data poster and remove submit journal role from user 1 (data inputter)
  2.       2. Put in place process control and use the various review levels (could be quite time consuming given there is no time left for development)
  Have anyone experienced this before and come up with a quick way of resolving this please? It would be very much appreciated.
  We have two types of users who are associated with groups in HFM and have the appropriate roles assigned to them to complete their tasks,
  they are:
  1. A data Inputter (who inputs base data and journals, who has access to create and submit journals)
  2.   2. A data reviewer (who approves journals)
  The process is as follows:
  1.       1. Logon as Data inputter to submit the journals
  2.       2. Logon as Data reviewer to approve the journals
  3.       3. Logon as Data inputter to post the Journals
  We are using the custom 4 member to identify different adjustment types. At the moment we are able to set it up in such a way whereby Steps 1 and 2 can be completed
  but once it comes back to step 3, we get an error as follows:
  "User does not have the access right to perform this journal task"
  (This error comes about when the access control on custom 4 is set to None, Read, Promote)
  Custom 4 Access Rights looks as follows:
  C4_ADJ01
  C4_ADJ02
  C4_ADJ03
  C4_ADJ04
  HFMDefault
  Read
  Read
  Read
  Read
  HFMLoad
  All
  Promote
  None
  Read
  HFMReview
  Read
  All
  All
  All
  When Custom 4=C4_ADJ01 all 3 steps can be completed but it by-passes step 2 (journal approval).
  For all other Custom 4 we complete steps 1 and 2 successfully but not step 3 due to access issues.
  Roles for the groups that users assigned look like the following:
  Test User Name
  Test User Name
  Access Rights
  1
  Base Data input/Journal Data input
  test_HFMLoad
  Reviewer 1
  Review Supervisor
  Create Journals
  Read Journals
  Database Management
  Enable write back in Web Grid
  Load Excel Data
  Generate Recurring
  Post Journals
  Create Unbalanced Journals
  Manage Templates
  Data Form Write Back from Excel
  Consolidate
  2
  Data Reviewer
  test_HFMReview
  Reviewer 1
  Review Supervisor
  Create Journals
  Read Journals
  Database Management
  Approve Journals
  Consolidate
  Reviewer 2
  Generate Recurring
  Manage Templates
  Create Unbalanced Journals
  Any help or advice would be much appreciated.
  Thanks in advance,
  M.

• Why is "edit in Audition" greyed out in Premiere Pro and After Effects?

  Since the CC 2014 launch, the option in in Premiere Pro and After Effects to "edit in Audition" is greyed out. Right-clicking a clip in Premiere Pro doesn't have an option for Audition. I cannot send my compositions, sequences or clips to Audition for audio editing. I contacted an Adobe Support personnel earlier this evening. They suggested to go into my Mac's System Preferences and enable a root user, log out of my account, log into the root user, shut down and boot up into safe mode. None of these scenarios worked. It is still greyed out, in both user accounts.
  Is this a known issue? I even uninstalled and reinstalled Audition. Still nothing. All my Adobe apps are updated. My Mac is updated. Again, never had this issue before.
  I'd appreciate any assistance!
  Thank you!
  Cheers,
  Evan Lockhart

  I may have an answer for you, but not sure if my resolution will work for Macs.
  First, here's my system and initial info. I'm using a work computer, operating system is Windows 7. I just upgraded to Adobe CC 2014 about a week ago, and I also uninstalled the previous versions of all my Creative Cloud programs after installing the new versions (CC 2014 doesn't just update the previous version, it installs a new program and doesn't automatically uninstall the previous CC programs). Not sure if the uninstall is necessary, for this resolution to work.
  Anyway, after I installed Premiere Pro CC 2014 and Audition CC 2014, the Edit Clip in Adobe Audition command was available from the Edit menu in the Menu bar, but was disabled in the right-click menu for the sequence (for the right-click menu, it was visible, but greyed out and disabled). When I tried to use the command from the Edit menu in the Menu bar, it gave me a dialog box to fill out and it created a new folder (titled "Adobe Audition Interchange"). So, the command, when selected from the "Edit menu" obviously uses a different process than the command from the right-click menu. Anyway, I didn't want a new folder created or to fill out a dialog box, I just wanted it to behave like it used to. Basically, when I right-click the sequence and select Edit Clip in Adobe Audition from the right-click menu, it just opens Audition and the audio waveform is visible.
  I was able to resolve this and get the right-click command working by reading a couple of articles on this same issue from Adobe CC (not CC 2014) and using those to figure out how to fix this in Adobe CC 2014.
  Here's what I did:
  I had to locate my .sesx files in my system. They are NOT in the same location as they were for the previous version of CC (at least, they weren't for me). I had to use the Search command and look for .sesx extensions to locate them.
  Found them under the path C:>Users>Public>Public Documents>Adobe>Audition>7.0>Session Templates. Note that (for me), there was a folder titled 6.0 on the same level as the 7.0 folder. I selected the 7.0 folder as that folder contained the most recent set of .sesx files. I checked the 6.0 folder and those were the .sesx files from the previous version, so I deleted that folder just as a clean-up step.
  I right-clicked on one of the .sesx files in the Session Templates folder and then selected Open with from the right-click menu. The Open with dialog box displays and provides a list of programs.
  I selected Adobe Audition CC 2014 from the list of programs (you may have to browse to find it) and then selected Always use the selected program to open this kind of file. I then clicked OK to submit the configuration command and close the Open with dialog box.
  I restarted Premiere Pro CC 2014 and the Edit Clip In Adobe Audition command was now enabled on the right-click menu and was working properly.
  I wept with joy..... OK, not really, but I'm always irritated at ridiculous regression errors and a lack of thorough testing of new software versions, so I am happy to resolve frustrating issues.
  Don't know if this will help you, or if you already resolved your issue. Either way, good luck!
  ~ Jim

• Edit in Audition fails

  Whenever I select an audio clip in PPro CS5, and select 'Edit in Audition', the file is created, and Audition starts, but then fails with the 'Adobe Audition could not find a supported audio device.' error. Easy enough workaround, I can just OK the error, then close PPro, open Audition and edit the file that was created from PPro without any difficulty. It seems as if PPro is bogarting my audio device, preventing Audition from access. My version of Audition is 3.0.1. My audio device is onboard NVIDIA High Definition Audio.

  I would go into Audition's Preferences and check all of the settings, especially the ASIO settings.
  You might want to also post to the Audition Forum, as most Au-users here are only scratching the surface of that program, and the folk on that forum might see things quickly, that we may miss entirely.
  Good luck,
  Hunt

• Problem with Cisco Secure Access Server 3.0

  Hi All,
  Please what is my problem? I use Cisco Secure Access Server Version 3.0 for Windows 2000/NT Servers to authenticate users on our wireless network. I however wish to assign monthly time limits to each user after which he/she will no longer have access until next month or the timer is reset. I tried this with the "User Usage Quota" under User setup. I set the Server to "Limit user to X hours of online time per Month" and enabled the "Use these settings" and also checked the box by the side of the option. I saved and restarted my server. Unfortunetly the settings did not work for all the users whose quotas I set.
  What Am I doing wrong. Please assist.
  Chafe

  Do you have your AP's sending accounting data? If not, ACS has no way of knowing how long they've been online?
  You can utilize your ACS logging to see what your accounting looks like to confirm whether you are receiving accounting packets or not?
  HTH
  Jeff

• Error during netlist generation and log audit trail error

  I am not able to run the simulation application on my Multisim 10.  The two following error were generated every time I try to run the simultion:
  Error: log /Audit Trail, C: \document~1\xxx: Permission denied
  Error during netlist generation, C:\document~1\xxx: Permision denied
  Can any body help me fix this problem that make it impossible for me to use the Multisim10 simualtion tool?

  There are two KBs I would like for you to see, since they might have the answer to the problem you are having:
  1. This KB is related to having access to the TEMP directories where Multisim stores temp files for simulation:
  http://digital.ni.com/public.nsf/allkb/15526EB2464F3EDD8625722C00696BB0
  2. This other KB deals with non-Administrator users of Windows, it talks about v9 but the idea is the same for v10, just look for the v10 installation paths:
  http://digital.ni.com/public.nsf/allkb/0DF597C217A235BE862571FB004F24BD
  Nestor
  National Instruments

• While on my td bank secure site i log off then press the back arrow my secure page that i closed opens up.when i use internet explorer the same page doesnt sho

  when i log off my td bank secure account page with the td log off botton i get a new td page. if i press the back arrow on the address bar the secure page i just closed pops up. when i do the same witn onternet explorer a generic td bank page home page pops up NEVER an account page with secure info shown. when this happens every time i dont know if i have logged off the secure page. i close my online browser[now firefox] to be sure the connection is broken but is the secure page open to any kind of breach? i am using firefox due to concern about intternet explore but i know on explorer when i log off td bank secure page i was on i can not access that page again unlees i login ,on firefox i press back arrow on address bar and the secure page i logged off shows up.i feel this is an important issue and must be addressed. thank you

  Hi grdy83,
  What are your cookie settings?
  *[[Enable and disable cookies that websites use to track your preferences]]
  *[[Permissions Manager - Give certain websites the ability to store passwords, set cookies and more]]
  You can delete all history when you exit Firefox, but it seems odd that a secure page that should expire is still accessible. It may be a timed expiration, but check the third party cookie settings to make sure it is not allowed to be saved.
  I hope this helps prevent this from happening again.

• 'SNMP Security access violation' from Leopard

  Hi all,
  We're noticing on Leopard (not Tiger) that when a user tries to add a printer and lets the "Default" printer type browse the network, our switches log the following error +"SNMP Security access violation from <IP adress>+".
  This is going to be a security problem for us when we implement a new system that uses SNMP.
  This didn't occur in Tiger, and even happens if we disable Boujour and SNMP on the Leopard clients.
  Can anyone please advise what is happening and how I might be able to stop these SNMP traps being sent when browsing for a printer??
  Thanks in advance.

  Hi Jon,
  This information may be useful to you:
  http://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627124348873889228353475&threadId=398409
  Regards,
  Peter.

• HFM Security Class Java API

  Dear All,
  I'm trying to get HFM Security Class info using Java APIs. Recently I was able to connect to the Hyperion Shared Services using the hyperion css.jar java file. Is there a similar jar to access the Security classes and get users, groups and vice versa?
  Any examples would be great as well.

  Thanks for the reply. I was hoping this was not the case...
  In 9.2 I used these objects but I was hoping to move away from this and use provided API's.
  I'm using c# to talk to the object which I expose to java using web services so I guess that is what I'll be using!!!
  Cheers,