HFM Security Report Automation?
Is there a way to automate the running of the HFM (Hyperion Financial Management) Security Report in Shared Services.?
version: 11.1.2.0
Is this possible with using Task Automation? ---> If yes please provide details
If this possible using other reporting tools like HFR, web analysis..etc ---> This is not recommended
If any other way, Please provide details.
Thanks All!!
Regards,
AVSR
I think the best way to produce custom security files is using the HFM API. You can use this to report on group memberships and roles and class access. You can read all about it in the Web Developer's Guide Chapter 10. The chapter starts:
The HFMwSecurity type library contains the HFMwSecurity component. This component
provides methods that enumerate an application’s security classes, indicate whether a user has
rights to perform a given task, and return other types of security information.
I have seen these used to great effect.
Similar Messages
-
Does anyone know how to keep track of security in HFM as we can generate reports in Planning but i dont see how to manage the security in HFM. Thanks,Scorpio
Scorpio,No there is no security reports option in HFM .If you have been using external authentication and NT groups ,I would advice you running a report on the NT groups .Thanksnaveen
-
HFM Security Class and Security
Hi All my Peers,
Can any one explain me What is the difference between Security Class and SecurityNo offense, but if you don't understand these concepts well enough, your CV should probably be sent a far distance if you are trying to get an experienced consulting position. Understanding security is an important piece to the puzzle, especially when dealing with large amounts of financial data.
With that said.......
Security - Generally speaking, the goal of security is to control access to data, objects, programs, etc. In the Hyperion sense, security is managed in multiple different ways :
- Program Access : Only users who are linked to Hyperion's Shared Services AND have the proper provisioned rights can open a program. (i.e. HFM, Reports, Workspace, FDM, etc, etc, etc.)
- Provisioning : There are different types of rights per program that a user can have. Provisioning is the act of assigning these rights. (i.e. HFM has multiple rights such as Appliation Administrator, Default, Provisioning Manager, etc.)
- Data / Object Access : Even if you have the right to enter the program, there is generally another layer of security which controls what you can do. For instance, inside of HFM, you can configure security for objects such as Data Forms and Data Grids. Furthermore, you can limit the user's ability to change or view data for specific entities, accounts, as well as other dimensions.
- Security Classes : The security classes that you assign in the metadata are used during the act of assigning the Data / Object access controls. Users (and Groups) and assigned View Only, All (Read/Write), or None access to HFM Security Classes.
This is a ridiculously high level overview. To get a much better understanding, I strongly recommend that you read the product documentation for the specific products you are using. If you are using 11.1.2.1 / HFM, here are a couple of documents that are of value :
http://docs.oracle.com/cd/E17236_01/epm.1112/hfm_admin.pdf - Administrators guide which has a section on security.
http://docs.oracle.com/cd/E17236_01/epm.1112/hfm_user.pdf - Users' guide which talked to security in terms of forms/ grids
General System 11 doc : http://docs.oracle.com/cd/E17236_01/nav/portal_5.htm
Hope that helps -
Automate HFM Security extract?
Hi,
HFM Security can be extracted in below methods
1. In workspace > Extract Tasks> Extract Security
2. In Shared service > Application Groups > Rt Click on App Name> Assign Access control > Security Reports
Please let me know if any another ways to Extract security reports.
Can we make Automate the "extracting security reports"?
Thanks in Advance.
Regards,
AVSROverview: create a migration definition file for HFM (migrating what information you need, in your case it would be security)... save the file, don't execute. Using cmd prompt, run the LCM utility.bat, supplying it with the information needed as well as the migration file. Automate it by creating a batch file to run your migration file and the utility. Schedule the batch file in task scheduler and it will run whenever needed.
Search for it on the oracle knowledgebase. Theres a lot of info on LCM there. -
Error while exporting security report to Excel
Hi
We are using SAP BPC 7.5 MS sp07 version
In our application , particular user is unable to download/export the User security report to Excel.
I am able to do it successfully.
User encounters following error:
Unable to download …ed.ReportViewerWebControl.axd from servername.com
Unable to open this internet side. The requested site is either unavailable or cannot be found.
Please try again later.
can anyone please suggest?
Thanks,
Vanashree.Thanks Roberto and Kalpana.
This link solved the problem:
http://social.msdn.microsoft.com/Forums/en-US/bcf792f4-4da3-4dac-b689-60168e695683/error-internet-explorer-cannot-download-edreportviewerwebcontrolaxd-from-site?forum=vsreportcontrols -
Hi All,
I was wondering if anyone could help me with a HFM security issue on HFM 11.1.2.3 we are facing please?
The problem is that a user can by-pass the journal approval stage and post directly after submitting if Custom4 access control=All is selected.
If any of the other access controls (None, Read, Promote) for custom 4 are selected, the first two steps of the process are possible -
input and approval of the journal are possible but final posting of the journal is not and returns an error that says:
"User does not have the access right to perform this journal task"
The options I have thought for a workaround are as follows:
1. 1. Set up a 3rd user called data poster and remove submit journal role from user 1 (data inputter)
2. 2. Put in place process control and use the various review levels (could be quite time consuming given there is no time left for development)
Have anyone experienced this before and come up with a quick way of resolving this please? It would be very much appreciated.
We have two types of users who are associated with groups in HFM and have the appropriate roles assigned to them to complete their tasks,
they are:
1. A data Inputter (who inputs base data and journals, who has access to create and submit journals)
2. 2. A data reviewer (who approves journals)
The process is as follows:
1. 1. Logon as Data inputter to submit the journals
2. 2. Logon as Data reviewer to approve the journals
3. 3. Logon as Data inputter to post the Journals
We are using the custom 4 member to identify different adjustment types. At the moment we are able to set it up in such a way whereby Steps 1 and 2 can be completed
but once it comes back to step 3, we get an error as follows:
"User does not have the access right to perform this journal task"
(This error comes about when the access control on custom 4 is set to None, Read, Promote)
Custom 4 Access Rights looks as follows:
C4_ADJ01
C4_ADJ02
C4_ADJ03
C4_ADJ04
HFMDefault
Read
Read
Read
Read
HFMLoad
All
Promote
None
Read
HFMReview
Read
All
All
All
When Custom 4=C4_ADJ01 all 3 steps can be completed but it by-passes step 2 (journal approval).
For all other Custom 4 we complete steps 1 and 2 successfully but not step 3 due to access issues.
Roles for the groups that users assigned look like the following:
Test User Name
Test User Name
Access Rights
1
Base Data input/Journal Data input
test_HFMLoad
Reviewer 1
Review Supervisor
Create Journals
Read Journals
Database Management
Enable write back in Web Grid
Load Excel Data
Generate Recurring
Post Journals
Create Unbalanced Journals
Manage Templates
Data Form Write Back from Excel
Consolidate
2
Data Reviewer
test_HFMReview
Reviewer 1
Review Supervisor
Create Journals
Read Journals
Database Management
Approve Journals
Consolidate
Reviewer 2
Generate Recurring
Manage Templates
Create Unbalanced Journals
Any help or advice would be much appreciated.
Thanks in advance,
M.Hi All,
I was wondering if anyone could help me with a HFM security issue on HFM 11.1.2.3 we are facing please?
The problem is that a user can by-pass the journal approval stage and post directly after submitting if Custom4 access control=All is selected.
If any of the other access controls (None, Read, Promote) for custom 4 are selected, the first two steps of the process are possible -
input and approval of the journal are possible but final posting of the journal is not and returns an error that says:
"User does not have the access right to perform this journal task"
The options I have thought for a workaround are as follows:
1. 1. Set up a 3rd user called data poster and remove submit journal role from user 1 (data inputter)
2. 2. Put in place process control and use the various review levels (could be quite time consuming given there is no time left for development)
Have anyone experienced this before and come up with a quick way of resolving this please? It would be very much appreciated.
We have two types of users who are associated with groups in HFM and have the appropriate roles assigned to them to complete their tasks,
they are:
1. A data Inputter (who inputs base data and journals, who has access to create and submit journals)
2. 2. A data reviewer (who approves journals)
The process is as follows:
1. 1. Logon as Data inputter to submit the journals
2. 2. Logon as Data reviewer to approve the journals
3. 3. Logon as Data inputter to post the Journals
We are using the custom 4 member to identify different adjustment types. At the moment we are able to set it up in such a way whereby Steps 1 and 2 can be completed
but once it comes back to step 3, we get an error as follows:
"User does not have the access right to perform this journal task"
(This error comes about when the access control on custom 4 is set to None, Read, Promote)
Custom 4 Access Rights looks as follows:
C4_ADJ01
C4_ADJ02
C4_ADJ03
C4_ADJ04
HFMDefault
Read
Read
Read
Read
HFMLoad
All
Promote
None
Read
HFMReview
Read
All
All
All
When Custom 4=C4_ADJ01 all 3 steps can be completed but it by-passes step 2 (journal approval).
For all other Custom 4 we complete steps 1 and 2 successfully but not step 3 due to access issues.
Roles for the groups that users assigned look like the following:
Test User Name
Test User Name
Access Rights
1
Base Data input/Journal Data input
test_HFMLoad
Reviewer 1
Review Supervisor
Create Journals
Read Journals
Database Management
Enable write back in Web Grid
Load Excel Data
Generate Recurring
Post Journals
Create Unbalanced Journals
Manage Templates
Data Form Write Back from Excel
Consolidate
2
Data Reviewer
test_HFMReview
Reviewer 1
Review Supervisor
Create Journals
Read Journals
Database Management
Approve Journals
Consolidate
Reviewer 2
Generate Recurring
Manage Templates
Create Unbalanced Journals
Any help or advice would be much appreciated.
Thanks in advance,
M. -
How to add "Team leader" field in standard BPC security report
BPC Expert,
We are using BPC MS 5.0 version.
There is a checkbox in the security setup to make someone a "Team Leader" when you add him/her to a team and this checkbox determines who can post data and who cannot. When we run the user report we see which team the user is in but we do not have visibility to whether or not they are a "Team Leader" which is what business owner needs to see to approve user access.
I figured out "dbo.userteamassign" is the table which hold team leader value. Can anyone please tell me all the steps of adding team leader field in the standard BPC 5.0 security report.
Thanks,
KetanRoberto,
Thanks for the response. I know associated steps to declare business user as a team leader but my original question is "how to add a column in standard BPC security report that says who is team leader or who is not".
Do you know the Dtx package that is responsible to supply the data to Standard BPC security report? We can enhance standard data package to pull/display extra "Team leader" column in standard security report.
Appreciate your inputs.
Thanks,
Ketan -
Security Reports - Scheduling daily retrieval
Hi,
I have two questions regarding security reports.
I do Not have Planning audit trails activated(client does not want that.) But I Do need a daily report of all the changes that the Hyperion admin does to the roles and provisioning of groups and users.
Q1.
Of the 3 reports-Security Reports,Artifact Reports,Config Reports ,that are available in Shared services, it seemed that the 'Security Reports' was my best bet as it made me select what I wanted reports on.(eg. Directory Managemet,UserProvisioning in Select Tasks).But when I run the report I see repetitive lines of useless info
eg:
Performed on Performed by Application Artifact Type Artifact Name Task
05/17/2011 admin@native Shared Services User admin@native Authenticate
Attribute Name : Host Info
New Value:UNKNOWN
Access control report only gives me the user/group access and not the changes that were made to them. The Security team at the bank would want to monitor the activities of the Hyperion admin and see what changes were made by her.
Which report shoould I use to get the required info?
Q2.
How do I automate the generation of reoprt such that the members of the security team get the report in their emails daily?
I would appreciate any help that I get on this.
ThanksHi,
are we talking about a single report object here or do more than one report objects (Have the same problem)?
Is the empty instance been scheduled with the same user as the one you use to view the report in the infoview?
Have you checked for any error messages in the log files residing in the logging directory in your BOBJ installation directory?
Have you got any service packs (latest SP = SP4) installed on your BOBJ server?
Regards,
Stratos -
I am using Hyperion 11.1.2.1. and want to monitor some HFM security.
Is there any way we can find that :
how many number of users are currently accessing a particular HFM Application and can identify them with their user-details and login-details whenever required ?
how many number of users are currently accessing the whole HFM Application(Schema) and can identify them with their user-details and login-details whenever required ?
-----SunnyHi Sunny,
As the subject was about HFM Security i have given you the query or details which i was aware about HFM.
1.I mean to say for the tables i have listed in the query there are other columns as well so if you want to get more details then you can select which are all the columns you would require and add them accordingly in the query.
2.Yeah its possible to get the details about user connected to application even. here is the query you need to change for this as below
select h.sservername,h.sappname,s.susername,to_char((to_date('01/1900','MM/YYYY')+h.dstarttime-2),'DD/MM/YYYY hh24:mi:ss'),h.lactivitycode,h.sactivitydesc
from hsv_users_on_system h,hsv_activity_users s
where h.luserid in s.luserid
order by sservername
Also as you were asking for Historical/past login times & details here is the below query which will help you in analysing the things better with activity they did and time they logged in and carried out activity.
select g.servername,g.appname,to_char((to_date('01/1900','MM/YYYY')+g.starttime-2),'DD/MM/YYYY hh24:mi:ss'),to_char((to_date('01/1900','MM/YYYY')+g.endtime-2),'DD/MM/YYYY hh24:mi:ss'),g.strdescription,s.susername
from Appname_task_audit g,hsv_activity_users s
where g.activityuserid in s.luserid (optional if you want to search excluding admin id then you can add this line to existing query at the end [and s.susername not like '%admin%'])
As the audit logs are specific to applications you need to replace "appname" in the query with your application name for which you wanted to check audit.
Ex: if your application name is abcd then your query should be something like this
select g.servername,g.appname,to_char((to_date('01/1900','MM/YYYY')+g.starttime-2),'DD/MM/YYYY hh24:mi:ss'),to_char((to_date('01/1900','MM/YYYY')+g.endtime-2),'DD/MM/YYYY hh24:mi:ss'),g.strdescription,s.susername
from abcd_task_audit g,hsv_activity_users s
where g.activityuserid in s.luserid (optional if you want to search excluding admin id/any specific user then you can add this line/change existing query at the end [and s.susername not like '%admin%'])
Hope this helps !!!!
Thanks
Amith -
List Database Security Reporting and Administration Users
Dear Expert,
Im working with BW 2004s Security Component , I try to find a database table in SE16 that it contain the follow field: Role with your component by Authorization Object. My scope is identify what role is a Secure Reporting Users and Secure Administration Users.
The role has S_RS_COMP and S_RS_COMP1 are Reporting Users. Moreover, the role has Reporting Users S_RS_ADMIWB, S_RS_IOBJ, S_RS_ISOUR, S_RS_ISRCM and S_RS_MRPO
Thank for your help,
Luisse16-->AGR_HIER
AGR_* will be tables for Roles. Tables SMEN_* are for user favorites.
You can find the information you want in table AGR_HIER.
In this table you can select the role,
In the field REPORT, select RRMX ,this will show you all roles with their workbooks.
AGR_NAME = ROLE (technical name)
REPORT= RRMX
Hope it Helps
Chetan
@CP.. -
Security Reports in Shared Services
Hi guys,
Could you please help me with a simple question (well, I believe it's easy, but I'm not able to answer it... :))
I'd like to give a user the permission to run security reports, but it's seems he has to be "Shared Services admin" to do so. Is that correct? Can I give him permission to run this kind of reports without giving him the role of "admin"?
I really appreciate your help.
Thank yo!
Regards,
Lu.Only Shared Services Administrators can generate and view audit reports to track historical changes to the security data.
Refer: Page 86 of http://download.oracle.com/docs/cd/E17236_01/epm.1112/hss_admin.pdf
HTH-
Jasmine. -
Hello,
I was asked to put together somewhat of a draft for a "security report", but I'm unsure as to what values might be useful to report. I'm sure many of you out there have done something similar in the past and I'm not asking for complete ready-made scripts, just ideas as to what to include. I'm thinking failed logins, maybe specific user login, maybe include information about latest CPU version?
We are already using an overall database report showing space usage, alert log messages, invalid objects and such. The security report should complement this.
Best regards.We are already using an overall database report showing space usage, alert log messages, invalid objects and such. The security report should complement this.-object creation/modification (DDL) detail on daily/weekly basis.
-Terminal detail of user session if auditing enable.
-login time detail after business hrs or failed login attempt.
-password complexity implementation
-database growth if not included in overall database report.
Thanks
Kuljeet Pal Singh -
I wanted to know some section details available in Security reports template in design doc
i.e.
overview
reviewed\submitted by
Data level
object level
Thanks in advance
October 12, 2010 11:31 AMoverviewWhat type of security you are applying.As the name suggests its overview of security model.
reviewed\submitted byWho has submitted and who has reviewed.
Data levelIt means whether you have applied data level scurity or not.If yes on which group and what are the filters for that group in RPD.You can check filters in permission tab.
object levelIt means whether some of cata;log objects are hidden for some of the groups.You need to check permission in presentation layer as well as in manage previleges.
Regards,
Sandeep -
Security report with native roles and the roles they have access to.
We need a security report that shows the Native/Custom Roles and the roles that they have access to.
So, an example would be the role US_Acct, and the report would show what roles that has access to (Post Journals, Consolidate, etc).Can this be done?Export the Provision report from Shared Services.
Upload report to Excel or Access.
Build Tables to show what tasks each Role has access to.
Build a report that links the provision report and the xref tables.
You should also do this with Security Classes. -
Security Report VPN Graph is Blank
VPN Bandwidth
- Even though the VPN Bandwidth Bytes by Day contains data, the graphs are blank.
- SSL VPN graph is working fine.We found the root cause it was because table "task" does not have records in APPSERVER Database.
Once we updated task table. Security report SEC_LIST_MBR is displaying results correctly.
Regards,
Rajesh
Maybe you are looking for
-
Utf-8 from resource bundle?
I've been looking at many resources and see this is a common problem but still haven't found solution to desplaying unicode data. Page starts with <%@page pageEncoding="utf-8" contentType="text/html; charset=utf-8" %> and has <meta http-equiv="conten
-
I have old Adobe AI 10 and Photoshop etc... Upgrade?
I have old Adobe AI 10 and Photoshop etc... Getting a new Mac, can I get a discount or upgrade on the purchase/upgrade of my software?
-
Pro Applications Update 2008-01 Good or Bad experiences ?
Hi Guys, Who's up dated to the - Pro Applications Update 2008-01 and have their been benefits or issues ? Cheers Tom K
-
Chinese Traditional (Hong Kong) Language Pack
Recently installed the Chinese Traditional (Hong Kong) Language Pack onto the computer running Windows 7 Enterprise version with 'New ChangJie 2010' input method, but there are errors/problems. After inputting 1 or more strokes, I am unable to selec
-
How do I import contacts from my iPhone 4s into Yahoo Contact List for editing?
Trying to clean up duplicate contact information on my iPhone and want to import into a blank address book for consolidation of duplicate contacts and information, then replace the existing contacts on the iPhone with the newly edited list. Any way