Migrate Security

while migrating cube from dev to prod . can i also migrate the security which is in shared services.
Do i have to create security again
what would be the best way to do it
can any one help me with this
thank you

If you are using shared services and want to migrate provisioning then that is probably the best route.
If you are using V11 you can also try using LCM.
Parts of the security you may be able to use maxl but that would be extremely limited.
Cheers
John
http://john-goodwin.blogspot.com/

Similar Messages

Can't migrate security

I'm trying to upgrade 5.2 to 6.3.
I tried to do a test migration by copying the production ldap instance folder into the test server. The test server doesn't have 5.2 installed, just the instance directory I copied from production. When I use dsmig to migrate the security settings, I was prompted for the old certificate database password:
root@ldaptest-c:/opt/SUNWdsee/ds6/bin# !257
./dsmig migrate-security -v -p 389 -P 636 /opt/ldap/serverroot/slapd-salt /opt/ldapdata/salt
Backing up file (/opt/ldapdata/salt/migration/migration_status) ..... DONE.
Launching Security Migration of server instance /opt/ldap/serverroot/slapd-salt .....
Stopping server instance /opt/ldapdata/salt ..... Directory Server instance '/opt/ldapdata/salt' is not running
Enter the old certificate database password:
Certificate database password has not been stored.
/opt/SUNWdsee/ds6/bin/dsadm exited with error 11.
Operation "migrate-security" failed.
The person who setup the old instance didn't remember setting up a certicate password and I can't find any information regarding this on the migration manual.
I also tried setting up a fully working 5.2 instance by copying 99user.ldif from the old server, use db2ldif and dump the data, and loading it. When I tried to migrate the fully working 5.2 instance, it didn't prompt for the password.
Is the password prompt normal since the production instance wasn't originally installed on the test server?
thx,
mike

Hi,
I've got exactly the same problem. Has anybody a solution?
What have you done mliang2?
Tobi

Migrating Security from Native to External Authentication mode Servers

Hi All,
I am migrating applications from V7, V9 (doesn't use Shared services) to V11 (Shared Services Enabled) Essbase server.
I am able to migrate the application definition using the Application Migration Wizard.
Take level-0 export from the source server & load on the target server & do the default-calc or series of custom calcs depending upon the application's maintenance process.
Using the Application Migration wizard, we can also migrate security only if both Source & Target servers use Native Authentication mode.
This can be ruled out in my case as only Sources are native & Target is Shared services enabled.
Here are few tools available to do bulk provisioning on a Shared Services enabled Essbase application -
1. MAXL - Works great - But too tedious to create the MAXL statements based on the security definitions on the Source servers.
2. CSS Import-Export utility - I heard it works only when both Source & Target are Shared services enabled. Can this be used for my case. Also heard many didn't find success with this one.
3. LCM - Not sure if this can be used for security.
Are there any other utilities?
Has anyone done similar migrations before? Please let me know the best practice to do this.
Appreciate your thoughts.
-Ethan.

It is much easier to go about that method, it is not always 100% successful with groups/users but gets most done.
If you are past that stage then maybe try using the advanced security manager to extract security from your source environment.
Then you could use the CSSImportExport Utility, first create a template from the information you extracted from your source and then run use the utility to provision users in the new environment.
There are obviously other ways but that is the way I would prefer if using Shared services security.
Cheers
John
http://john-goodwin.blogspot.com/

Unable to connect to environment after migrating Security from BPC 7.5 to BPC 10.1

Hi Experts,
We are working on BPC 7.5 to BPC 10.1 NW migration and after migrating the environment, we are unable to connect to environment.
While trying to access, we are getting the following error:
After taking a backup of the necessary environment in BPC 7.5 NW we are carrying out the 2 steps in the BPC 10.1 NW box:
Step 1 : Tcode UJBR - Restore the environment in BPC 10.1
Results: This is working fine.
Step 2: Program UJT_MIGRATE_75_TO_101 - Running the migration utility in BPC 10.1 to make the objects compatible with BPC.
2.1 Execute without Security Mapping
Results:
This is working fine. We are able to connect to the Environment and access the dimensions and models.
2.2 Execute with only Security Mapping
Results:
After this step, we are not able to access the environments and are getting the Logon error.
cannot get model "" in environment "xxxxxx" from Admin module
The logon attempt failed; contact your administrator.
If you have any options to resolve this error, it would be great.
Else, we will have to re-build the entire security design manually.
Regards,
Sushant Pradhan

Hi Andy,
Thanks for your response. Yes, my id has SAP_ALL authorization.
Still unable to access the environment after migrating security.
To make things less complicated, we went back to BPC 7.5 NW - deleted all unwanted user ids, we kept only 3 user ids. Then, we took backup of application set and restored it in BPC 10.1.
We created a mapping file of those 3 user ids in BPC 10.1 as NW user ids and executed the Migration utility. Again we have same error.
Regards,
Sushant Pradhan.

How to migrate security from 1 bobj instance to another

Hi ,
I have a requirement
how to migrate security from 1 bobj instance to another
Please help me for the same .
Regards,
Abhishek

Are you using Win AD groups or Enterprise groups to apply security?
What is the BO version of source and Destination?

Migrate security of BIEE11G

Hi,
anyone know how to do migration of BIEE11G?
mainly security migration ,including user ,group,role,policy.
thank you!

Refer below links.....very useful.
http://www.rittmanmead.com/2011/04/oracle-bi-ee-11g-migrating-security-identity-stores-part-1/
http://www.rittmanmead.com/2011/04/oracle-bi-ee-11g-migrating-security-policy-store-part-2/
http://www.rittmanmead.com/2011/04/oracle-bi-ee-11g-migrating-security-credential-store-part-3/

Is there anyway migrate security defined on members via web client Planning

Hello there,
Can somebody help me , I have migrated dimensions and everything, except security from 9.2 to 11.1.1.3.
I see that the security defined on the members using the web client is not migrated which is causing the updateusers uitility to fail! I guess.
Can somebody suggest how I can migarte security without fail.
Thanks
Vince

Hi,
Couple questions:
1. Are you using the same Shared services or new shared services?
2. Have you provisioned all users to the new Planning application
Migrating security for Planning application has below steps: --
SHARED SERVICES STEPS: --
1. Make sure all users are migrated in shared services. [If you are using the same shared services, then this is not valid]
2. If you are migrating MSAD, make user that MSAD is correctly configured in new Shared services.
3. Since you are directly assigning access to users in Planning, all users need to be provisioned to minimum "Planner" access to the new planning application in Shared services. Do this for for native users as well as MSAD users.
PLANNING STEPS: --
4. Export planning security in old planning application v9 to a text file using ExportSecurity.cmd utility in $PLANNINGHOME\bin folder. A new fileSecFile.txt will be created in the same folder
ExportSecurity.cmd /A=AppName,/U=adminuser,/P=password,/TO_FILE=SecFile
5. Check the file for any access that needs to be revoked and manually edit the file.
6. Copy the security file to bin directory on new instance.
7. Goto new Planning application in V11 and migrate identities in web front end.
8. Import security in Hyperion Planning using ImportSecurity.cmd utility in $PLANNINGHOME\bin folder in new planning application.
ImportSecurity.cmd "AppName,adminuser,password,SL_COMMA,,SL_CLEARALL"
9. Generate security filters by going in Planning app and "Administration" -> "manage security filters"
10. Refresh database and security filters in v11
Lets me know if this helps.
Cheers,
RS

Planning : migration security of business rules

Hello,
Unfortunetly the migrator for business rules (v. 9.2.0.3) don't migrate the security. Do somebody have a solution to migrate the securtiy with the business rules ? And, is there a solution to associate the BR with the forms automatically ?
Thank you

It's almost easier to treat the migration of rules as text objects.
Basically cut/paste the rules, store in a repository as you would other source code a, cut/paste to target environment. This means the security on the rules in the target environment for existing rules is retained. Now for new rules you would have to provision the rules. The XML export does have a known issue with really large business rules (those about 485k or so when in text form) whereas the cut/paste method will always work. Now if you do have large rules, you can use Macros or Sequences to break up the size.
Your process ends up being dictated by corporate policy and the roles assigned to various individuals.
Regards,
-John

Migrating Security In Oracle BI 11g - Project Amelia

We'd like to introduce an open source project that assists with the migration of basic security from an OBI 11g (FMW) source environment to a target environment. The project generates a WLST script that executes a security artifact migration process. It is also great for creating an inventory of application roles and principal assignments that can be used in project documentation.
This is a perfect tool for upgrades from OBI 10g to OBI 11g.
Advanced users should have no problem testing and running the solution. Please provide feedback or potentially consider contributing to the project.
The project page can be found here,
http://amelia.artofbi.com/
The project code can be downloaded from here,
https://github.com/artofbi/Oracle-FMW-Amelia
The first post and description of the project can be found here,
http://www.artofbi.com/index.php/2011/09/introducing-project-amelia-easier-migration-of-obi-11g-security/
This project was originally designed to provide a quicker mechanism for migrating Oracle BI 11g security. It clearly has a resounding place in other OPSS based FMW applications. Project Amelia is a new open source project to assist with migrating and documenting Policy Store Security in Oracle Fusion Middleware, specifically for but not limited to Oracle Business Intelligence 11g. The project contains the core scripts and binary files required for utilization in any Java ready Operating System.
The project is released under the Apache License 2.0 which means it is free to use, free to share, and free to copy.
Please feel free to leave any comments or questions in the forum thread.
Cheers,
Christian
http://www.artofbi.com

Check this http://www.rittmanmead.com/2011/02/obiee-11g-migrations/
and http://docs.oracle.com/cd/E23943_01/doc.1111/e15722/toc.htm

Migrating security from 11.1.1.3 to 11.1.2.2 and EIS Export issue in 11.1.2.2

Hello All,
We are currently using Hyperion 11.1.1.3 on Windows Server 2003 Ent. Edn. 32 bit.
Now we are planning to upgrade to 11.1.2.2 but we are doing a fresh install because we are upgrading OS also to 2008R2 Server 64 bit.
1. For Testing purpose we have installed and configured successfully on Windows Server 2008 R2 64bit.
For Security migration: I just exported security in 11.1.1.3 and imported to 11.1.2.2, migration status showing as "Failed"
But usres are migrated to 11.1.2.2.
Can you please let me know how to perfrom security migration from 11.1.1.3 to 11.1.2.2
Error
Error in migrating artifact, "/Native Directory/Users".
EPMCSS-02614: Failed to get user by identity native://nvid=911?USER. User not found. Verify Native user directory configuration.
Error in migrating artifact, "/Native Directory/Users".
EPMCSS-02614: Failed to get user by identity native://nvid=aa9322e19afe6bf1:-4bf27cb6:12ff20cff91:3cfa?USER. User not found. Verify Native user directory configuration.
Error in migrating artifact, "/Native Directory/Users".
EPMIE-00020: Failed to update user brobinson during import. Invalid identity for user. Please ensure that the user is available in the system with the identity specified in the import file.
2. Another known issue with EIS Import/Export option with 2008R2 64bit Server.
Can you please let me know is there any workaround for this?
Thanks,
Prathap

Have a read of the following support doc - "Migrating Native Users and Groups Via Lifecycle Management (LCM) Fails (Doc ID 1379619.1)"
For EIS you can install on 32bit OS and then you should be able to export/import, then you can point the 64bit to the relational db, alternatively it may be possible to point to the existing db as I doubt anything much has changed with the EIS database structure between those versions.
Cheers
John
http://john-goodwin.blogspot.com/

Migrating security provider in WebLogic

Hi,
I want to migrate the security provider from dev to test and I experience the following behaviour: new users and their groups are inserted properly, but existing users and their memberships to groups are not updated nor overwritten. Is this expected behaviour? Do I need to put some settings when I import or export the security provider in the WebLogic Administration Console?
Thanks!
Regards,
Stijn

Morning Stijn,
the migration mechanisms of the built-in WLS LDAP aren't really made for a properly structured deployment process. I guess this stems in part from the fact that Oracle doesn't really counsel you to use the WLS LDAP as the primary means of handling authentication and authorization in productive environments but rather through a proper OID, MSAD or other LDAP. All you "normally" migrate are the LDAP configurations and the group/AppRole assignments rather than physically importing users.
Granted, that "normally" comes with quite big quotes as you may have to use the WLS LDAP since there's nothing else. But I'd say your workaround is one of the valid solutions to cope with this issue and since you can script all these steps it shouldn't be too awkward to use.
Cheers!

Migrating security settings from embedded oc4j to preconfigured oc4j

Hi,
I was able to configure security in my 11g TP3 ADF application, and run it successfully against embedded oc4j.
Now, when I want to migrate this to preconfigured oc4j, I am getting ERROR:null.
Please see the steps I follow:
set CLASSPATH=C:/JDeveloper/j2ee/home/jazn.jar;C:/JDeveloper/BC4J/lib/adf-share-base.jar;C:/JDeveloper/j2ee/home/lib/security-api.jar;
After that, I run the migration tool:
java oracle.security.jazn.tools.JAZNMigrationTool -sr jazn.com -dr jazn.com -st xml -dt
xml -sf "C:\Documents and Settings\nneelaka\Application Data\JDeveloper\system11.1.1.0.22.47.96\o.j2ee\embedded-oc4j\config
\system-jazn-data.xml" -df "C:\Documents and Settings\nneelaka\Application Data\JDeveloper\oracle.adfp.seededoc4j.11.1.1.0.
0.071218.1800\j2ee\home\config\system-jazn-data.xml" -m policy
This is because, as I mentioned in the earlier mail, the webcenter preconfigured oc4j's configurations are read from the directory :
C:\Documents and Settings\nneelaka\Application Data\JDeveloper\oracle.adfp.seededoc4j.11.1.1.0.
0.071218.1800\j2ee\home\config\system-jazn-data.xml
and, the embedded oc4j's configuration is read from the directory :
C:\Documents and Settings\nneelaka\Application Data\JDeveloper\system11.1.1.0.22.47.96\o.j2ee\embedded-oc4j\config
\system-jazn-data.xml
However, when I run the migration tool, I get a message ERROR:null. Also, I dont have adfshare.jar, and instead, I have put adf-share-base.jar. Is there something I could be missing here ? Please advise.
Best Regards,
nattu

Hi,
Try enabling java logging to see what the exact error is. That might give you an idea of what the error could be..
When I tried, I got the below error though I added jps-common.jar, which contains CredStoreResources, into the classpath
java.util.MissingResourceException: Can't find oracle.security.jps.internal.common.resources.credstore.CredStoreResources bundle
     at java.util.logging.Logger.setupResourceInfo(Logger.java:1293)
     at java.util.logging.Logger.<init>(Logger.java:203)
     at java.util.logging.Logger.getLogger(Logger.java:274)
     at oracle.security.jps.util.JpsLogger.getLogger(JpsLogger.java:108)
     at oracle.security.jps.service.credstore.CredentialAccessPermission.<clinit>(CredentialAccessPermission.java:60)
~ Bijesh
P.S:check the destination file path. Are you sure that's correct. I believe It should be something like ""C:\Documents and Settings\nneelaka\Application Data\JDeveloper\system11.1.1.0.22.47.96\o.adfp.seededoc4j.11.1.1.0.
0.071218.1800\j2ee\home\config\system-jazn-data.xml"

Migrate security from production to test platform

Is there a method by which security that exists on production platform, can be migrated back to the test platform (groups, users & passwords, and application filters)?Thanks

HiThere is a security utility available on this website, that allows for importing and exporting all security etc.This is the simplest way to complete.Hope this helps.Andy Kingwww.analitica.biz

How to migrate security associated to BR and FR

Hi,
We are planning a migration from 9.2 to 11. I am looking for a way to migrate bussiness rules and reports WITH their current security. Actually, I assign manually security to BR and reports after each environment migration.
I am not aware on how export and import security associated with those components as it is possible for HSS security through the CSSImportExport Utility. Is there any solution beyond the scene through Oracle schema or an utility.
I found those steps but it doesn't seem to work between 9.2 to 11 for BR: http://download.oracle.com/docs/cd/E12825_01/epm.111/hbr_admin_help/frameset.htm?launch.html
I didn't find any information for Financial Reporting.
Any clue?
Thank you!
Martin

Hi John,
LDAP users are provision in native groups. Native groups provision BR and FR. It would be a native group migration as the name will be exactly the same. However, native groups have a unique identifier per environment.
I don't see any reference to security in the FR:
<?xml version="1.0" encoding="UTF-8"?>
<EXPORT>
<DATASOURCE APPNAME="Corporate" DATASOURCE_ID="6682b7e9_121acdbbcb8_-7d3d" DATASOURCE_NAME="DEV-A_Corporate_Finance_Commentaires" DBNAME="Finance" SERVER="localhost" TYPE="Planning"/>
<DESIGN DESIGNNAME="/Corporate/PARF_XXXXXX" REPORT_DESCRIPTION="" REPORT_FOOTER_HEIGHT="720" REPORT_HEADER_HEIGHT="1296" REPORT_HEIGHT="20160" REPORT_ORIENTATION="22131" REPORT_PAPER_FORMAT="22092" REPORT_PRINT_BOTTOM_MARGIN="360" REPORT_PRINT_FIT_TO_PAGE="3" REPORT_PRINT_LEFT_MARGIN="1080" REPORT_PRINT_ORIENTATION="22131" REPORT_PRINT_PAGE_SIZE="22092" REPORT_PRINT_RIGHT_MARGIN="1080" REPORT_PRINT_TOP_MARGIN="360" REPORT_UNITS="22121" REPORT_WIDTH="12240" VERSION="7.0">
<LAYOUT NAME="Header">
<TEXTOBJECT FONT_BOLD="Faux" FONT_COLOR="0" FONT_ITALIC="Faux" FONT_NAME="Arial" FONT_SIZE="10" FONT_STRIKEOUT="Faux" FONT_UNDERLINE="Faux" NAME="\\\Texte1" OBJECT_HEIGHT="975" OBJECT_LAYOUT="0" OBJECT_LEFT="0" OBJECT_TOP="0" OBJECT_WIDTH="7770" TEXT_AUTOOPTION="0" TEXT_BORDER="0" TEXT_RAISED="0" TEXT_SHADE="16777215" TEXT_UNDERLINE="Faux" VERSION="2.0">
<TEXTVIEW DESIGN_NON_RTF_TEXT="LOTO-QUÉBEC - SECTEUR CORPORATIF
PREMIÈRE V.P. DIRECTION CORPORATIVE
Vice-présidence corporative technologies de l'information (XXXXXX)
BUDGET <<MemberAlias("Grille2", K, "Year")>>
(en milliers $)"/>
</TEXTOBJECT>
</LAYOUT>
Idem for BR
Thank you!
Martin

About migrating security settings from embedded oc4j to preconfigured oc4j

Hi,
I was able to configure security in my 11g TP3 ADF application, and run it successfully against embedded oc4j.
Now, when I want to migrate this to preconfigured oc4j, I am getting ERROR:null.
Please see the steps I follow:
set CLASSPATH=C:/JDeveloper/j2ee/home/jazn.jar;C:/JDeveloper/BC4J/lib/adf-share-base.jar;C:/JDeveloper/j2ee/home/lib/security-api.jar;
After that, I run the migration tool:
java oracle.security.jazn.tools.JAZNMigrationTool -sr jazn.com -dr jazn.com -st xml -dt
xml -sf "C:\Documents and Settings\nneelaka\Application Data\JDeveloper\system11.1.1.0.22.47.96\o.j2ee\embedded-oc4j\config
\system-jazn-data.xml" -df "C:\Documents and Settings\nneelaka\Application Data\JDeveloper\oracle.adfp.seededoc4j.11.1.1.0.
0.071218.1800\j2ee\home\config\system-jazn-data.xml" -m policy
This is because, as I mentioned in the earlier mail, the webcenter preconfigured oc4j's configurations are read from the directory :
C:\Documents and Settings\nneelaka\Application Data\JDeveloper\oracle.adfp.seededoc4j.11.1.1.0.
0.071218.1800\j2ee\home\config\system-jazn-data.xml
and, the embedded oc4j's configuration is read from the directory :
C:\Documents and Settings\nneelaka\Application Data\JDeveloper\system11.1.1.0.22.47.96\o.j2ee\embedded-oc4j\config
\system-jazn-data.xml
However, when I run the migration tool, I get a message ERROR:null. Also, I dont have adfshare.jar, and instead, I have put adf-share-base.jar. Is there something I could be missing here ? Please advise.
Best Regards,
nattu

Please post JDeveloper/ADF questions to the JDeveloper/ADF forum here on OTN.
-steve-

Migrate Security

Similar Messages

Maybe you are looking for