MaxL command to import users and security in eas

Similar Messages

• How to import user and group at EPM11.1.2?

  I found a similar topic on this at User & Groups Issue
  But sounds like there is big change a tEPM11.1.2, I didn't find CSSImportExport utility at all.
  Could anyone tell me how to import users and groups from flat file at this version?
  Thanks
  Tony

  You can only use LCM from 11.1.2, it is not really that different format from the CSSImportExport utility.
  I find the best way is to set up a few users and provisioning and then use LCM to export, then you get a good feel to the format of the file.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Difference between Security Oracle user and Security User

  Hi All,
  Can anyone give me the difference between Security-> Oracle -> user and Security-> User in System Administrator Resp of oracle apps R12.
  Thanks,
  Mahesh.
  Edited by: 991854 on Mar 12, 2013 1:49 AM

  Can anyone give me the difference between Security-> Oracle -> user and Security-> User in System Administrator Resp of oracle apps R12.Security > Oracle > Register:
  Use this window to register an ORACLE username with Oracle E-Business Suite. An ORACLE username grants access privileges to the ORACLE database
  http://docs.oracle.com/cd/E18727_01/doc.121/e12893/T174296T174305.htm
  Security > Oracle > Data Group:
  A data group defines the mapping between Oracle E-Business Suite products and ORACLE database IDs. A data group determines which Oracle database accounts a responsibility's forms, concurrent programs, and reports connect to. See: Defining Data Groups, Oracle E-Business Suite System Administrator's Guide - Configuration.
  http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T156461.htm
  Security > User > Define:
  Use this window to define an Oracle E-Business Suite user. This user is an authorized user of Oracle E-Business Suite, and is uniquely identified by a username.
  http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T156461.htm
  Thanks,
  Hussein

• Users And Security Best Practice

  Dear Experts
  I am designing an application with almost fifty users scattered in different places. Each users should access tables according to his/her criteria. For example salessam, salesjug can see only the sales related tables. purchasedon should access only purchase related tables. i have the following problems
  Is it a best practice to create 50 users in the DB i.e. 50 Schemas are going to be created? Where are these users normally created?
  or is it better for me to maintain a table of users and their passwords in my design itself and i regulate through the front end. seems that this would be risky and a cumbersome process.
  Please advice
  thanks
  Manish Sawjiani

  You would normally create a single schema to own the
  objects and 50 users to use them. You would use roles
  and object privileges to control access.Well, this is the classic 'Oracle' approach to do this. I might say it depends a bit on what you want to achieve. Let's call this approach A.
  The other option was to have your own user/pwd table. You can create your own custom authentication but I would go for the built-in Application Express Users - authentication scheme. You can manage the users via the frontend (Application builder > manage Application Express Users) . There you can manage the groups and end users which you can leverage in your Apex app. You can even use the APIs to create the users programmatically. It is all done for you. Let's call this approach B.
  Some things to consider:
  1) You want to create a web application and also other applications that access the data stored in Oracle (another PHP / Oracle Forms / Perl ) or allow access via SQL/Plus. Then you should use approach A. This way you don't need to reimplement security for these different approaches.
  2) You want to create one (or multiple) Apex applications only. This will be the only mechanism the users will access your data. Then I would go for approach B.
  3) When using approach A some users didn't like that all users will have access to their workspace, including the sql command line and having the capability of building applications and possibly being able to change the data they have access to through the Oracle roles. Locking down this capability is possible but it takes some effort and requires an Apache as a proxy.
  4) When using approach A you will need DBA privileges to manage the users and assign the roles. This might not always be possible nor desired. Depends on who will manage the Oracle XE instance.
  5) Moving the application including the end users to another machine is a bit easier using approach B since they are exported via the application export mechanism. Using approach A you would have to do it yourself. Be aware that the passwords are lost when you install the users into a different Oracle XE instance.
  6) If you design the application using approach B you will have to design security in a way that doesn't rely on the Oracle roles / grants security mechanisms. This makes it easier to change the authentication scheme later. For example, later you want to use a LDAP directory, a different custom authentication scheme or even SSO (SSO is not available out of the box but feasible). This is directly possible.
  Using approach A you would have to recode the security mechanisms (which user is allowed to update/delete which data).
  Hope that clarifies your options a bit.
  ~Dietmar.
  Message was edited by:
  Dietmar Aust
  Corrected a typo in (5): Approach B instead of approach A , sorry.
  Message was edited by:
  Dietmar Aust

• Import user and group from dump.txt to ACS Solution Engine 3.3

  I have export the user and group using the CSUtil -d on my acs v2.6. But ACS Solution Engine 3.3 does not have the CSUtil command to import the user and group database. Can anyone advise me?

  I'm trying to do the same thing with no luck so far.
  Documentation seems to indicate you can do this using RDBMS Synchronization but we haven't got it to work yet.
  I read the doco as saying you create a csv and place it on an FTP server and ACS will read from that file. When we've tried, it rights its own file with a different extension and says it can't find the one we place in that same directory.

• People Picker can resolve users and security group from another domain but no validation for groups

  Dear all,
  Here is the scenario of our issue:
  We are migrating from Domain A to Domain B and in Domain A we currently have a SharePoint 2013 on which we want to set permissions for users and groups that have already migrated to Domain B.
  A bi-directional trust exist between the two domains and all applications relying on trust and resolving IDs from on domain to another are working fine (Windows RDS for instance)
  The "bug" that we have is when using the PeoplePicker, it can resolve without any issue a user account in Domain A or B, and a security group (type global, I haven't tried local or universal yet) from domain A or B. But for the security groups
  only (it works well for users), when I click on "Save" to validate the add of the group to the site permissions, I have the following error:
  I have seen a lot of similar issues on the web but no answer so far that work :( 
  Example: https://social.technet.microsoft.com/forums/sharepoint/en-US/74e8d14b-a0f4-4e21-8cfa-b1a937247160/cant-provision-security-to-old-domain-users
  If you have any question that could help you to understand it, do not hesitate. 
  Thanks a lot in advance for your help ! :)

  Can you give the snippet from the ULS log where you're seeing this error?
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Maxl command that differentiates ASO and BSO?

  I want to differentiate between the ASO and BSO db in Essbase(9.3.1) using some MAXL command.
  Do we have some MAXL command that shows the property of Databases?
  I was hoping to use the command
  execute aggregate selection on database ASOSamp.Sample
  This command gives an error when run on a BSO.
  Ex:
  *[admin/localhost]execute aggregate selection on database Sample.Basic
  Execution Message:
  MaxL requires an aggregate storage application for this operation.*
  I was wondering if Maxl generates a return code for this. If it does, how can I capture this return code?

  To give a vague answer, you could run the command in your maxl script and use an iferror statement. It will not tell to the error number but that the command failed.
  Edited by: [email protected] on Oct 13, 2008 1:10 PM
  If I could only spell

• Portal groups/users and security

  Hi,
  I have created an application and that application has forms, reports, meunes, page with three tabs for Admin, Librarian and Reports. I put some portlets of Forms etc in different tabs. Now i want that the Admin can access and see all tabs, Librarian can access and see Librarian and Reports tab while Users just can see and run Reports. For that i created three groups
  Admin_group, Librarian_group and user_gropus. For each group i created test users and attach or add these users to the group. To each group i gave execute permission of the application. After that i went to the page and on the page i assign follwoing permission to the tab.
  Reports: all three groups(view only)
  Librarian: Librarian_group and admin_group view_only
  Admin: Admin_group view_only.
  Then i log on as a test user of the User_groups but i was just able to see the report tab but not the menue (which is portlet in this page). Same with other tabs and users. I want to know what i am missing.
  Your help will be highly appreciated.
  Thanks
  Muhammad Ejaz Azimi
  null

  All the groups has execute permissions of application. Can you please tell me for any documentation for Portal Security i.e group and user management or if possible you can little explain ?
  Your help will be highly appreciated.
  Thanks
  Muhammad

• Check number of users and security

  Gurus,
  In our EPM environment (system 11.1.2), we have four different applications/databases (planning and essbase included) and i need to list the total users in all of the applications and see what there provisioning and security are. How could I be able to do that?
  Do I need to export security on all of them and filter them or is there any way to check the users in all of the applications at once?
  Thanks

  hyperion start wrote:
  Thanks for your reply Celvin
  Is there any way I can view a list of users by department?
  Is there any thing like that to sort by group/department.
  ThanksList of users by department - There are groups in Shared Services, are your groups arranged by department? if the answer for that is "Yes", then yes, the export of all Groups from Shared Services will list the children (member) of each group.
  I don't think there is a sort in Shared Services, however once the csv file is exported, you can do the sorting.

• Command Line - Remove user and group updates

  I am remote at the moment and not able to access the GUI on a number of OS X server boxes. How do I remove a user and the user from group via the command line.
  Thanks

  I am remote at the moment and not able to access the GUI on a number of OS X server boxes. How do I remove a user and the user from group via the command line.
  Thanks

• "oracle" user and security

  I am running Oracle 10g XE on a Linux machine (RHEL 4.0).
  I am fairly new to Linux. In the LogWatch report I receive every day, I notice that hackers are trying to log in as the "oracle" user, e.g.:
  Authentication Failures:
  unknown (200.3.248.22): 4159 Time(s)
  oracle (200.3.248.22): 36 Time(s)
  How do I know that the password for the "oracle" user is secure? I didn't create it and I don't even know what it is.
  Can I change the password to something strong without affecting my system?
  Thanks!

  Can I change the password to something strong without affecting my system?
  I just wonder if it will cause any problems if I change the password? I don't want to mess up my system.Well for Oracle SW (and whole local OS) there is no problem. Problem could be if you are using some external scripts that you are using on remote machine (and which using login password sequence to access the OS).
  How do I know that the password for the "oracle" user is secure? I didn't create it and I don't even know what it is.To check the password strength you can use some utilities. For example John is very good for that: http://freshmeat.net/projects/john/
  I am fairly new to Linux. In the LogWatch report I receive every day, I notice that hackers are trying to log in as the "oracle" user, e.g.:Why aou are running your database in untrusted network segment (internet). Best practice is to place such system to secured segment (DMZ, VLAN). If the reason is that your 3rd party partner needs to connect to database you can do IPSEC tunnel.
  Of course don't allow to connect anyone to your machine and to any port. So the recommendation about iptables (netfilter) is appropriate.

• Importing user and group database from 2.6 to 4.0

  Hi,
  I need to import the user and groups from version 2.6 ACS to version 4.0. The 2.6 online documentation talks of using the CSUtils to create a .txt back up of the users and group. But I cannot see how to import that into 4.0. Has anyone done this. Any info would be appreciated,
  cheers,

  Hi Darran,
  I looked at what I had imported using the instructions you had supplied me and it looked fine, all users and group, tacacs privelege levels had been imported. I modified a router on our network to point at the ACS 4.0. on testing it looks like the passwords hadn't been copied across successfully. Logins are failing with 'invalid CS password' in the failed authentication log. If I changed the password manually it was fine.
  Have you seen that before?
  Thanks for your help on this.
  Rgds,
  Russell.

• AD - import users and check AD group membership

  Hi I'm relatively useless with PowerShell and I am wanting to write a script that will do the following and am just getting stuck with part B.
  Part A- import a list of users from a CSV
  Part B- check if the users are members of an ad group and if so remove from group A and add to group B 
  Can anyone point me in the best direction ? that would be amazing.

  Hi,
  I happen to have something already written that will do what you're after:
  Import-Csv .\userList.csv | ForEach {
  $userDetails = Get-ADUser -Identity $_.Username -Properties memberOf
  If ($userDetails.memberOf -contains 'CN=Test Group 1,OU=Security Groups,DC=domain,DC=com') {
  Remove-ADGroupMember -Identity 'Group A' -Members $userDetails.SamAccountName -Confirm:$false -WhatIf
  Add-ADGroupMember -Identity 'Group B' -Members $userDetails.SamAccountName -Confirm:$false -WhatIf
  This will require in input CSV file with a header of Username that contains the usernames to test. You'll also need to update the names of the groups for 'Group A' and 'Group B' along with the DN of the group to test against.
  Remove the -WhatIf parameters from the Remove/Add lines if you're happy with what you see in the output.
  Don't retire TechNet! -
  (Don't give up yet - 12,830+ strong and growing)

• Maxl command to logout users for particular application

  Hello Everybody,
  Can you please help me on the below question.
  I have essbase 11.1.2.2 and I have a maxl script which does copy of applications A to B for maintenance, but during this process, the script logs out all the users from the system even though users dont access to A and B since they working on other applications eg., C, D and E.
  Currently I see the below command for logging out all users in the maxl script.
  "alter system logout session all force"
  Can you please let me know how I can logout user accessing only particular applications/database ( example A and B) in maxl script instead of logging out all the users from Essbase.
  Thanks for your help in advance.

  You can use...
  alter system logout session on application A force
  You will need to use one command per application.  Further details in the documentation for the same command (alter system):  http://docs.oracle.com/cd/E17236_01/epm.1112/esb_tech_ref/maxl_altsys.html  In particular, see the section titled "Session Specification" in the notes at the end.

• Can't import users and group backup

  I exported the list of user names and groups prior re-installing 10.6 server.
  Now when I try to import the backup, I get the error:
  "The following users could not be imported because each of their first short names contains an invalid character (such as a period.)"
  followed by the list of my users.
  According to Apple's user creation documentation, the following characters are allowed:
  "For the first short user name, use only these characters. Subsequent short names can contain any Roman character.
  * a through z
  * A through Z
  * 0 through 9
  * _ (underscore)
  * - (hyphen)
  . (period)"
  Is that a bug? is there a way around it ?
  Thanks

  I am also encountering the same problem. Can anyone assist?? I had to demote my OD due to a DNS change and lost 200+ accounts unless we can find a solution.
  Thanks for anyones suggestions.