Information Regarding Essbase Security Except Filter Level and User Level

I have an requirement to implement data level security in Essbase. For ex: A user can only see those data which are from Asia region or an user will be able to see those data which are from America.
Asia and America are defined in my location dimension.
can any one explain about it without using user Level Security and Filter level security.
Please tell me how to do it?
Thanks in advance.

Sandeep's reference the DBAG and the section on filters is the right direction. The filter is created in EAS.
Let's use an example.
You create a METAREAD filter (that is, it filters both data and dimensionality) that gives a user limited access to the Location dimension (I think I have that right), e.g., the British Isles, the UK and Ireland. You can also create a READ filter but it only limits data and, in my opinion at least, causes confusion because users can see metadata (the whole world) but only see data for the British Isles.
NB -- filters can be assigned to individual usernames or to groups that users are members of. For a POC, I'd keep it simple and just assign it to a username, but it's your choice.
Assign the filter to the user in Shared Services.
Try connecting to the database in Excel through the Classic Add-In or SmartView to test what the user sees -- it should be: Total Location, British Isles, the UK, and Ireland. You will see Total Location (top of the dimension) because that's how Essbase navigates down -- it has to have the dimension name to find the limited children. You won't see any data there. But you will see data at the Location members that the METAREAD filter allows.
That's it -- it's been around since the year dot, and is the way access is restricted. You shouldn't need to reinvent the wheel to get this to work in OBIEE. Essbase should do the work.
Regards,
Cameron Lackpour

Similar Messages

  • LCM causes Essbase security to be overwritten and can no longer log in.

    When using LCM and migrating Foundation / Shared Services and loading it back in from the file.
    It somehow overwrote something with Essbase security so no user (including the admin) can log in. Through EAS or through Workspace / Planning
    Any suggestions how to reset this? Is it that Essbase is no longer connected to Shared services somehow. This is clearly a bug as there is no way that this should be possible. But hoping someone has seen this before and has a work around.

    if you can. Log into the system as the master Essbase admin through EAS and refresh the shared services security.
    Alternatively you may need to kill the essbase.sec file and cause it to reset the master Essbase user. This should be done with care though as you can cause the environment to become corrupt if all the steps aren't done properly

  • Security Exception with JavaHelp and Webstart

    I have seen several posts on here concerning JavaHelp with Webstart, but no one seems to be getting the same error that I have. Everything works fine if I run the application and launch help outside of Webstart.
    When I download the app using webstart, my helpset seems to get loaded properly, but I get the following error when trying to launch JavaHelp from within the application:
    Parsing failed for null
    Exception caught while parsing nulljava.security.AccessControlException: access denied (java.util.PropertyPermission user.home read)
    java.lang.NullPointerException
    I'm not quite sure why it's trying to access the property user.home, but it doesn't seem that others that have post get this error.
    Does anyone have any suggestions?
    Thanks.

    Ok... this appears to be an issue with the new JavaHelp 2.0 because it works perfectly fine in version 1.3
    It appears that version 2.0 has a "favorites" section that, I'm guessing here, stores the users favorites locally. That would be why the user.home property gets accessed and the security policy is violated with Webstart.
    I can't say that this is a bug... maybe I can disable the "favorites" feature... either that or I need to stick with JavaHelp 1.3
    Thanks.

  • Important information regarding the Flex 2.0 runtime and UNIX

    Hi,
    There's an issue with Flex 2.0 when the J2EE is installed on a UNIX server.
    upon deployment and running an iView, the runtime shows only a blank grey area.
    upon refreshing the browser, the iView is displayed as ussual.
    the source of this issue, as we discovered, lays in the configuration of the J2EE engine.
    and so - in order to solve this issue, one should access the J2EE Visual administrator and perform the next steps:
    1. In Visual administrator, go to HTTP Provider service of the server.
    2. Look for the "Never Compressed" property.
    3. Add "*.swf" and also "application/x-shockwave-flash" to the list. Make sure that you also add commas properly...
    4. Restart the J2EE server and test the result.

    Hi,
    Please try to delete the browser cache ("Delete temporary files" in IE).
    I know that sounds silly, but it could really solve the issue
    afterwards you can deploy and run as ussual.
    If that works, please let as all know.
    (points is also good..)
    Amir
    Edited by: Amir Mimran on Apr 15, 2008 8:59 AM

  • Security and user mapping

    Hi all,Sorry if this is going to be an obvious answer but I’m having a few difficulties in understanding the permissions within clustered mode.I’m just trying to clarify something with regards to security at volume level. If I set up vol1 with Unix style security (all permissions eg read/write and so on) and vol2 with NTFS security (again all permission), if I set up user mappings (windows to unix and unix to windows), essentially the security style doesn’t matter as my windows mapped account can still access vol1 (unix) and my unix account can still access vol2 (ntfs security)…Is that correct?Thanks
    Aaron

    It is true that both systems will be able to access data on both volumes (assuming you have licenses for both protocols and both are configured) provided your user mapping is correct. Just keep in mind that the unix volume will always have unix permissions and the NTFS volume will have windows permissions setup. You can't add NT ACLs to the unix partition etc... Note that by default the filer will map usernames that match on both systems so you only need usermap entries when they don't match. --rdp

  • Reports Executed from SA38 and user name

    Hi,
    I wanted to find the reports executed from sA38 and the user name who did it
    We are able to get the information from STAD, but we are able to get only one day's data
    Please let me know if there is any table , where i can get the information of all the list of Reports and users executed from SA38
    Thanks in Advance

    Hello Balaji
    you need to turn on audit log ...through sm19 you can to that,not only the user but report name
    which is executed is also available when you turn on the audit (sm19),after that you can check
    the daily audits by tcode sm20.so browse for it...you may get more information.
    regards,
    Manjula.

  • Migrating groups and users from QA to Production

    Post Author: KSK
    CA Forum: Administration
    Hi,
    I have to migrate security setup with Groups and users from QA to Production box .
    setup is in Unix.
    Note: my production already have some other projects related groups and Unix.. and when I say migrate, i just want to add the groups from qa to append or add to production with exsiting setup and not to overwrite..
    any help is greately appericated
    thanks
    KSK

    Post Author: andyskinner
    CA Forum: Administration
    Use the migration wizard and set it to merge, the deltas should be added ok and anything that exists in both systems should get a number added at the end.

  • Clarification regarding Shared services and essbase security

    Hi,
    Sorry for the silly doubt. We have shared services to manage security, essbase v 9
    1. to assign calc access for users, do i assign calc scripts under databases in group security and assign users to groups in shared services or do it via access control in shared services?
    2. If in shared services i havent given calc access but in eas user belongs to a group with that particular calc script access, which would take precedence?
    Regards,
    N shah

    In shared services, when i click on a particular application under the essbase server under the projects folder, there are cases where there are no users or groups under the 'available users and groups'. Why is this so? groups and users are supposed to be there.
    Also, in a different application, i saw one available user. however when i try to provide calc access. its not changing anything. I select the calc script and then click the check mark. however nothing changes. The calc access for the user is specified as none. When i login to excel with the same user id, i can see all the calc scripts available for the user. Where are the details being picked up from.??
    Edited by: 862089 on Jul 13, 2011 9:55 PM

  • Planning Security Filter refresh and Essbase is Crashing

    Hi,
    I am on System 9.3.1 and I am doing a Planning security filter refresh and Essbase is Crashing. Please advise in this case.
    Security is fine on this cube. It used to work fine earlier. Now from few days we are facing this issue.

    We see same issue in 9.2.0.3, but only with 1 of our 5 applications. Was never able to get support to identify a cause, our resolution is to push users in small groups and save the essbase.sec file. Real pain. You could try stopping essbase service, using essbase.bak file and restarting then try to push and see if it works. I did identify issues with our openLDAP which I felt was the cause, I was able to clean it up in TEST and it works, but did same in Prod and worked once, then reverted back to crashing again, unless we push users in really small groups. Interested to see if you get a 'fix' from someone...

  • Essbase Security Filter issue.

    Hi,
    Its regarding the security filter issue.
    The major problem is whosoever user is provisioned under that security filter, if the user is trying to connect to Application using Excel Addin / Smartview, it crashes the essbase server [Network Error [10061], timed out error)]
    When we figured out because of this filter essbase server is crashing, we tried to edit the filter. sometimes if we click on edit, it crashes the server or sometimes we can see some junk characters in the filter.
    We have applied the security on Entities dimension and problematic filter is ASP.
    Now the hirerachy is like this.
    Entities dimesnsion and then ASP member and under ASP we have our several members.
    Filter is like this:
    Write : @Idescendants("ASP")
    It was working fine for almost 15 days.
    Now if i edit the filter, i can see like this:
    Write : @Idescendants("ASP")
    Metaread:@Idescendants("*&^%?)
    Junk characters are coming in and no idea from where they are coming.
    I can't delete the filter also, again it crashes the essbase server.
    As a workaround i have created a temp filter and dome the assignation for this group, according to that.
    Everything is working fine.
    I just wanted to know, has anybody faced such kind of problem earlier.
    What cud be the root cause for this.
    How could I delete the filter.
    I have also get messages like security file is corrupted (we have restored it from old backup) but really worried about security file as we are moving the whole thing to production server this weekend.
    Please advise me on this, Please help me. Any help would be highly appreciated.
    I am really in trouble.
    Thanks,
    Pankaj Mehta.

    Try to edit the filter from MaxL command line using
    alter filter sample.basic.filt7 add write on '@IDescendants("ASP")';
    here sample=application
    basic=database
    filt7=filtername
    have good luck

  • Shared services security and essbase security

    recently upgraded to sys 9 and now use shared services 931
    we used to have security at essbase level previously and now its all Shared services..
    now i have so many concerns
    Can we automate the security just like I used to automate in essbase earlier...
    or can we automate secuirty in essbase and them sync it to Shared services??
    I know that we change security settings in SS and then sync it to essbase but is the other way around possible???
    IF yes HOW?
    IF NOT - can we automate SS security which reflects to essbase...
    I have to go through the prod doc and I'll do that very soon but any suggestion on this would really help me out..
    Thanks in advance

    Hi,
    can you please write more about which products and version are you using and on which operating system name and version.
    Why do you use Shared Services? Are you using only Essbase server or any other server? If you use only Essbase server there is probably no need of using Shared Services.
    If you need only Essbase you can see my info about installing Essbase without Shared Services: hyperion essbase installation
    Please provide more info, so that we on forum can help you.
    Regards,
    Grofaty

  • Win 8.1 domain workstation. Block all access, except for a fews users/groups and domain controller information/date.

    Hi!
    Win 8.1 pro, domain workstation. How Block all access, except for a fews users/groups and domain controller information/date.
    Nuance:
    From domain AD is locked Workstation Firewall "Domain profile" edit.
    Possible?
    cenubit

    Hi GirtsR,
    I am not sure the command to use the SID to accomplish what you want to achieve, if you only know the SID, you could take use Powershell to find the related information, more information, please check:
    Working with SIDs
    And a similar thread for reference:
    How to find user/group known only SID
    More reference: Default local groups.
    Best regards
    Michael Shao
    TechNet Community Support

  • I failed to Confirm Security Exception for a site confirmed to be trusted, but apparently only supported by Internet Explorer, and am now barred from the site, so how do I access it?

    I have been successfully accessing a secure site using a Citrix plugin. The security certificate for the site was renewed on 17 September and is valid, but is apparently supported by Explorer. When I accessed it today, Firefox reported it as Insecure. I attempted to bypass the Firefox block, but must have failed to Confirm Security Exception, so that my access is now denied as I 'have said this is not a trusted site' (error 183). Is there any way I can now access the site.

    Thank you for your reply.
    My problem isn't removing my log-in name and password for a site.
    The problem is I already had the log-in name and password saved by FF, but I was required by the site to change the password. FF did not recognize that it had changed and refuses to prompt me to save the new password.
    After several attempts to force the prompt, I deleted the site from the Saved Password list, hoping that the next time I entered my log-in name and password on that site FF would ask if I wanted to save both. That did not happen even after exiting FF and relaunching it.
    So, right now FF will not save my log-in name and password for a site that it used track for me. Given the complexity of the new password, I really do not want to manually enter it every time I use the site.
    Regards.

  • Using Essbase security filter in OBIEE request ?

    Hello,
    We would like to use OBIEE 11.1.1.6 with Essbase source. We already use Essbase security filter (on dimensions).
    For example, "userA" is allowed to access to Entity A and not Entity B and the opposite for "userB".
    If I loggin as "userA" in OBIEE, is it possible for OBIEE to connect to Essbase with "userA" so that Essbase return data only on Entity A and not Entity B ?
    Thanks!

    Hi,
    The way let OBIEE users, have Essbase security filters running for them, is by integrating OBIEE and EPM using Single Sign On. When, both OBIEE and EPM talk to the same Identity Store like OID/MSAD, you can set this up. For more integration steps, refer to http://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CDAQFjAA&url=http%3A%2F%2Fwww.oracle.com%2Ftechnetwork%2Fmiddleware%2Fbi-foundation%2Fhfm-sso-obiee-1112x-1835570.pdf&ei=O7ElUeCTApGzrAeelIHwCw&usg=AFQjCNE1BzMQU6Cwny-0IwcvxkfxeqlONg&bvm=bv.42661473,d.bmk
    Hope this helps.
    Thank you,
    Dhar

  • [svn] 977: Bug: BLZ-93 - When a producer sends a message to a secure destination with no credentials it causes a security exception to get logged with a log level of error .

    Revision: 977
    Author: [email protected]
    Date: 2008-03-27 17:04:59 -0700 (Thu, 27 Mar 2008)
    Log Message:
    Bug: BLZ-93 - When a producer sends a message to a secure destination with no credentials it causes a security exception to get logged with a log level of error.
    QA: Yes
    Doc: No
    Details:
    Updates to catch-all exception logging hinge points on the server to use a new method on MessageException that protects against repeat logging of the same exception as we unwind the call stack on the server, as well as allowing exception subclasses to control the log level, intro text and inclusion of a full stack trace in the logged output. This allows things like SecurityExceptions, which represent common errors like incorrect user credentials, to avoid polluting the log with error-level logging and stack traces. It also consolidates our catch-all handling for MessageExceptions and their subclasses in a single point, avoiding problems with needing to make updates or tweaks to our logging output in multiple places.
    Ticket Links:
    http://bugs.adobe.com/jira/browse/BLZ-93
    Modified Paths:
    blazeds/branches/3.0.x/modules/common/src/java/flex/messaging/log/Log.java
    blazeds/branches/3.0.x/modules/common/src/java/flex/messaging/util/ExceptionUtil.java
    blazeds/branches/3.0.x/modules/core/src/java/flex/messaging/MessageBroker.java
    blazeds/branches/3.0.x/modules/core/src/java/flex/messaging/MessageException.java
    blazeds/branches/3.0.x/modules/core/src/java/flex/messaging/endpoints/amf/MessageBrokerFi lter.java
    blazeds/branches/3.0.x/modules/core/src/java/flex/messaging/endpoints/amf/SuspendableMess ageBrokerFilter.java
    blazeds/branches/3.0.x/modules/core/src/java/flex/messaging/security/SecurityException.ja va
    blazeds/branches/3.0.x/modules/core/src/java/flex/messaging/services/ServiceException.jav a

    One thing I forgot to add, which may be causing you
    problems: the "mount volume" command is not part of
    the Finder dictionary. It stands alone.
    bill
      Mac OS X
    (10.4.10)   1 GHz Powerbook G4
    I tried the mount command. After executing it in Script Editor, I was prompted with login and password, but it was my Keychain!
    I don't know if you have your keychain unlocked or what else..
    Maybe the original poster (Rick Anderson) has his keychain locked and the prompt is from it.
    Just a guess...
    Ciao,
    Ermanno
    Dual 2 GHz PowerPC G5   Mac OS X (10.4.9)   4.5 GBy SDRAM, 5 external FW disks, 2 Internal SATA disks

Maybe you are looking for

  • Capabilities of Adobe Forms for Secure Bidding

    How can electronic signatures be incorproated into Adobe Forms?  I am trying to figure out how to get an existing form converted knowing that I require wet signatures now and would require electronic signatures using Adobe Forms. How can a time stamp

  • How best to handle lookups ?

    Fairly novice at Discoverer, so apologies if this has been asked a million times, couldn't find anything searching though. I've got my table T, which has about 5 columns which all hold code values which point to the stored value column in a list of v

  • Unable to install Acrobat Patch 9.2 on Mac

    Case ID: 181226045 Customer is unable to install the Patch 9.2 for Acrobat 9. Following are notes from customer: Downloaded 9.2 patch. When attempting to install, message box said original software had been altered in some way and that patch cou ldn'

  • Loading an Image in pieces

    Suppose I have an image that I want to modify in some way using a Java application. Suppose this image is over 6 gigabytes in size, and thus I would not want to load it all into memory at once (or, even more likely, I don't actually have that much me

  • DNS Stopped Working -- I'm confused!

    Ok. I read numerous articles (Hoffman Labs included) and have posted previous discussion threads on various versions of this issue. I feel that I have a somewhat functional yet growing knowledge of the proper setup techniques. I had my public facing