One more on Shared Services - Removing Users w/o De-Provisioning

Similar Messages

• Essbase - Shared Services - Maxl - User creation

  Hi,
  I have an issue looking similar to [Automating User/Group creation & Assigning filters in Shared Services|http://forums.oracle.com/forums/thread.jspa?threadID=1009127]
  When trying to add internal groups to an external MSAD user, I get following messages:
  h3. when adding a group to an external user:
  h6. alter user 'x29027' add 'GR_GROUP';
  Maxl returns:
  h6. Statement executed with warnings.
  h6. User x29027 does not exist
  => the system does not recognize the user
  h3. when trying to create this user first as an internal user
  (based the settings from on another external user)
  h6. create or replace user 'x29027' identified by 'password' as 'i09740';
  Maxl returns:
  h6. Statement executed with warnings.
  h6. A user/group with the same name (x29027) exist at Shared Services
  => the system does recognize the user in MSAD!
  ===> both statements seem to be contradictory!!!
  h3. Other remarks/thoughts:
  - we have two MSAD links (to two different domains), does this matter?
  - no difference when addressing users as x29027@MSAD_FIB (a syntax similar to the HSS security report output)
  - any possibilities in creating a user internally first (using the 'as' option; to copy settings from another user) and then moving to external? (like alter user 'Test_EDR4' set type external;)
  Thanks in advance
  Erik
  Environment: Essbase 9.3.1.3. with Shared Services

  Hi Erik,
  When you create an user in Essbase, the user will be created both in Essbase as well as Shared Service,
  where as when you create an user in Shared service, the user will not be created in essbase untill you perform refresh.
  In your case you can create the external user in Essasbe by using "Create user 'x29027' type external;'.
  By this you will be creating the user in Essbase and the particular user is recognised in Essbase.
  Now you can add him to any group.
  - Krish

• Shared Services Console - User is not authorized for the action

  Hi,
  I have installed Essbase 11.11.3 and configured on Linux. I started EPM and then the Shared Services Console. I created a new group Poweruser and assigned a new user to it. I provisioned the group withall the rights of the admin. This all works.
  When I log on with the new user on the Shared Service Console and go to Essbase Studio Server and click on the Essbase Studio Server application it gives me the message:
  User is not authorized for the action
  This is the same message as I get under the user admin. Can anyone tell me what I can possibly do to make it work.
  The service for EAS is started properly. The one thing that is not configured is HBR.
  Patrick

  Hi,
  What are you trying to achieve, provision a user for essbase studio ?
  EAS is a separate product from Studio.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Sync Shared Services External users & Provisioning for Essbase Applications

  Hi Experts !!
  i have externalised user authentication in Shared services . I provisioned all users for Essbase and refresh the security from Essbase ,So all users are working fine
  and can login in Essbase and "Excel add-in" as well..
  but there is one user who is still not working for "Excel Add in"..
  Error is "Login failed due to invalid login credentials"
  Please suugest me the solutions
  Thank you.

  Hi John !
  Yes, User can login in EAS .
  Also User is available under Users in EAS ,But no applications are displaying in Analytic Server , While I have given Administration Privileges for Essbase app.
  But still error while login in Excel add in ..
  Error : Login failed due to invalid login Credentials.
  Also ,After Provisioning , How Can we Sync all all Externalized users from Shared Services itself for All hyperion Projects ???
  Thank you

• Shared Services: adding users to Planning

  Hi,
  I'm having a problem creating users to and provisioning them to Planning. I'm not getting any error in the web interface but the users are not being added to the relational Planning database (HSP_USERS), however groups are. When I can also add the created users to a group but they are failing in the Planning logs with reference constraints, because the user is not present on the users table.
  Does shared services have a log to check if I'm having any error while creating the users?
  Thank you

  Hi,
  I dug into the logs and found the following:
  EPMCSS-00001: Failed to initialize EPM Shared Services security instance. Component SYSTEM9/FOUNDATION_SERVICES_PRODUCT/SHARED_SERVICES_PRODUCT is null in EPM System Registry. Verify EPM System Registry configuration.
  at com.hyperion.css.registry.RegistryManager.initRegistry(RegistryManager.java:109)
  at com.hyperion.css.registry.RegistryManager.<init>(RegistryManager.java:94)
  at com.hyperion.css.registry.RegistryManager.getInstance(RegistryManager.java:131)
  at com.hyperion.css.CSSSystemFactory.getCSSMode(CSSSystemFactory.java:102)
  at com.hyperion.css.CSSSystemFactory.getCSSSystem(CSSSystemFactory.java:71)
  at com.hyperion.css.CSSSystem.initCSSSystem(CSSSystem.java:319)
  at com.hyperion.css.CSSSystem.getInstance(CSSSystem.java:273)
  [Thu Apr 26 12:51:14 2012]Local/ESSBASE0///1876/Info(1051283)
  Retrieving License Information Please Wait...
  [Thu Apr 26 12:51:14 2012]Local/ESSBASE0///1876/Info(1051286)
  License information retrieved.
  [Thu Apr 26 12:52:01 2012]Local/ESSBASE0///1876/Error(1051223)
  Single Sign On function call [css_init] failed with error [CSS Error: CSS method invocation error: getInstance: Failed to get CSSSystem instance, please check SharedServices_Security_Client.log for more information]
  [Thu Apr 26 12:52:01 2012]Local/ESSBASE0///1876/Info(1051198)
  Single Sign-On Initialization Failed !
  So it seems it's a problems in the EPM System Registry. Can you advise me please? How can I clean the EPM System Registry of problems? I think this might have happened when I changed the database servers, but I configured the registry again and I thought it was healthy again since I only had problems some days ago when I tried to add new users.
  Thank you

• Essbase, shared services, projects, users

  I have installed shared services and cnfigured it
  now installed essbase
  EAS
  Provider services
  and configured in the above mentioned manner
  (DID not start essbase and EAS till now)
  when I log into shared services....i see only bussines rules under projects
  no analytical services under unassigned applications.....
  how can i see essbase server in shared services user management console.......
  it might be a basic funda....i am not getting
  help me in solving this....
  Thanks in advance

  Hi,
  Have you converted essbase from native security mode to shared services security.
  In EAS, right click security and choose "Externalize users"
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Neet to locate the shared services native users in SQL server tables

  Hi All,
  We are using Hyperion Shared services to provision users to essbase, planning and HFM(all version 9.3.1). And we are using SQL server 2000 as the database. We created few native users in shared services and provisioned them to HFM, Essbase and Planning. Now we need to find those native users' information in the underlying SQL tables. I followed the documentation and sync-ed the native to relational tables using shared services, but I cannot see the user info for all the users I have created. I would appreciate if you can suggest me how to find the shared services users' and roles information in SQL tables (in the back end).
  Legards,
  Leo

  Hi,
  There are a number of free Ldap browsers that you can download, e.g.
  http://www.mcs.anl.gov/~gawor/ldap/demo.html
  http://www.ldapbrowser.com/download.htm
  Once you have installed then ldap browser you just need to point it to your Openldap
  Host :- machine with OpenLdap running
  Port :- 58089
  Base :- dc=css,dc=hyperion,dc=com
  User DN :- CN=root,dc=css,dc=hyperion,dc=com
  And just the root password which you can change in HSS in 9.3
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Converting Shared Services (Native) users to MSAD

  Hi All,
  We are on version 9.3.1.
  We have configured FDM with Shared Services and currently only use native users. This means that our FDM users are all authenticated via HSS.
  We are just about to configure an MSAD directory and convert native users to MSAD.
  We will also be configuring FDM with the same MSAD server.
  Does anyone know how FDM handles user migrations? Will FDM automatically pick up MSAD users once they are deleted from the native directory and converted to MSAD?
  Are there any additional steps we need to be aware of??
  Thanks for your help.
  Seb

  Hi,
  Im ok with the config but Im wondering if FDM will be clever enough to convert native users to MSAD.
  Say we have a HSS user called Test1 with a password of Password (the Use Target System field is checked when creating the user in FDM). This user is authenticated against Shared Services when logging on to FDM.
  During the conversation, native users will be deprovisioned and deleted from Shared Services and their provisioning info will be imported against the MSAD provider. At this stage FDM should not be impacted since FDM security is separate from HSS.
  Once I configure the MSAD provider in FDM, my Test1 user will have a password of say Feb2010.
  Will FDM automatically pick up these config changes? Will FDM security for this user remain unaffected?
  Thanks again for your help.
  Seb

• Essbase - Shared services security , User provison

  Hi,
  I am new to 11.1.1.2 Hyperion version.(worked on 9.3.1) I have some doubts on the user security in 11 version.
  We have Distribution environment setup like Essbase on linux and remainng applications on windows 2003 server. Essbase is also registerd with shared services. Here are my questions.
  1. If I change the Shared services Admin password (default password) will it effects any other applications?
  *2. How to change essbase admin password (default password)?(from foreground we can change first time only)*
  3. I am trying to login into EAS as well as essbase admin user but under essbase I am not able to create New User. The Create users option on security is disabled seems like already externalised. I am not able to get those users who are created in shared services evnthought using Refresh from Shared servcies+ option in essbase.
  4. If I want to a user with only essbase applicatons provisioned what is the procedure.
  Here i followed the procedure. Created xyz user in shared services and provisioned Only Demo applications. trying to loing EAS with xyz credentials login successfull and prompted for essbase credentials with server name , username (Extername authentication) getting failed. If i provide admin password at essbase server leverl i am able to connect and see all applications.
  Please help me on this...
  Regards
  PrakashV

  Hi,
  Is it the base install of 9.3.1 or is it a later version like 9.3.1.3
  I know there have been a number of security issues being addressed since the base version.
  e.g.
  Security. Users are not de-provisioned properly, causing Essbase applications to remain accessible to
  them. [7197541]
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Hyperion Shared Services -- External user containers getting missed out .

  Hi All ,
  In my hyperion enviornment user authentication is done through native directory and also through External directories configured to LDAP - OIDM . Frequently the external containers are getting disappeared from the shared services console. But when i restart the services its getting back some time. Some times it take some time to reflect back. I dont understand why this is happening.Quick hep is appreciated.
  Thanks,
  roshi

  It was network problem

• Hyperion Shared Services (WebHal) user retrieval - slow

  Hi,
  I applied the Hyperion Shared service patch 9.3.1
  After that i am noticing a significant decrease in the user retrieval response time.
  Will deleting the users help me in any way ?
  Could you anyone point me as to how could i increase the response time ?
  Thanks,
  COldFIre
  Edited by: coldfire on Sep 15, 2010 9:17 PM

  Did you notice this behavior with nativ openldap or with an external directory ?

• Export shared service active users (provision for Hyperion)only using MSAD.

  Hi..
  I m using Hyperion 9.x . and using active directory in shared services.
  while i m using importexport utility to export the active users list with provisioning.
  Issue is :
  Hyperion external authentication have all users of Active directory but i need to export only active users which are provisioned for Hyperion projects .
  I dont need the complete users list .
  Also i m unable to export the provisioning of users in exported file.
  Please can you help me in getting the correct export statement for the above.
  Thank you very much

  Thanks John !!
  I am using the following statement for 9.3.0 but not getting provisioning section in exported file.
  Only users/Groups/Roles are there in exported file.
  Please help me to overcome the problem .
  importexport.css=file:/C:/Hyperion/SharedServices/9.3/AppServer/InstalledApps/WebLogic/8.1/css.xml
  importexport.cmshost=HSS machine name
  importexport.cmsport=58080
  importexport.username=User name **User name i m using is Active Directory user with administrative rights in Hyperion**
  importexport.password=password
  importexport.enable.console.traces=true
  importexport.trace.events.file=C:/Hyperion/common/utilities/CSSImportExportUtility/importexport/trace.log
  importexport.errors.log.file=C:/Hyperion/common/utilities/CSSImportExportUtility/importexport/errors.log
  importexport.locale=en
  # export operations
  export.fileformat=csv
  export.file=C:/export.csv
  export.internal.identities=true
  export.MSAD.user.passwords=true
  export.provisioning.all=true
  export.delegated.lists=false
  export.user.filter=*@MSAD
  export.group.filter=*@MSAD
  export.role.filter=@MSAD
  export.producttype=*
  export.provisioning.apps=*
  Thank you very much
  Vivek Jaiswal
  Edited by: user11966901 on May 25, 2010 8:16 PM
  Edited by: user11966901 on May 25, 2010 8:19 PM
  Edited by: user11966901 on May 25, 2010 8:20 PM

• One More Time: Shared Memory

  I've heard the designers of Java (Gosling, Et. Al.) are against supporting the concept of shared memory natively.
  However, have they given any more thought to simple native shared memory support?
  I know there are several "C" libraries with JNI that provide shared memory for Java. I just really would like native support.

  I like it. Although it does leave a file around that I have to delete.
  Any issues with this method?
  BTW, here is the code from the reference:
  import java.io.*;
  import java.nio.*;
  import java.nio.channels.*;
  import java.util.*;
  class TestShared1 {
  public static void main(String[] args) throws Exception {
  Random r = new Random();
  //-- Opening the file
  RandomAccessFile raf = new RandomAccessFile ("myshared", "rw");
  FileChannel fc = raf.getChannel();
  //-- Getting the memory-mapped byte buffer
  MappedByteBuffer mbb = fc.map (FileChannel.MapMode.READ_WRITE, 0, 1024);
  //-- Writing a random integer in the first 4 positions of the memory
  //-- every second
  for (int i = 0; i < 1000; ++i) {
  try { Thread.sleep(1000); } catch (InterruptedException ex) {}
  int x = r.nextInt();
  mbb.putInt(0, x);
  System.out.println ("Written to the shared memory: " + x);
  fc.close();
  raf.close();
  and
  import java.io.*;
  import java.nio.*;
  import java.nio.channels.*;
  import java.util.*;
  class TestShared2 {
  public static void main(String[] args) throws Exception {
  Random r = new Random();
  //-- Opening the file
  RandomAccessFile raf = new RandomAccessFile ("myshared", "rw");
  FileChannel fc = raf.getChannel();
  //-- Getting the memory-mapped byte buffer
  MappedByteBuffer mbb = fc.map (FileChannel.MapMode.READ_WRITE, 0, 1024);
  //-- Printing the integer that is in the first 4 positions of the memory
  //-- every second
  for (int i = 0; i < 1000; ++i) {
  try { Thread.sleep(1000); } catch (InterruptedException ex) {}
  int x = mbb.getInt(0);
  System.out.println ("Read from the shared memory: " + x);
  fc.close();
  raf.close();
  }

• One more time? gtkam, root, user. [solved]

  Hey guys,
  I've read all the posts I can find about this, but still haven't got it working.  I can get both gtkam and digikam working with my camera as root, but not as a user.  I did what the wiki page told me--no love. 
  Can somebody give me a hint?  thanks.
  Last edited by scrawler (2008-12-29 14:44:48)

  It could be that your camera is not one known to libgphoto2.  Have a look in /etc/udev/rules.d/54-gphoto.rules for the vendor and product ID shown by lsusb.  If it's there but it's listed after the check-ptp-camera line then fixing that to read
  PROGRAM="/lib/udev/check-ptp-camera", MODE="0660", GROUP="camera"
  should get it working after restarting udev.  If it's not there then making a local rule ought to work, e.g. for my Fuji FinePix S5700 I used to have to put
  ATTRS{idVendor}=="04cb", ATTRS{idProduct}=="01c4", MODE="0660", GROUP="camera"
  in my /etc/udev/rules.d/91-local.rules.

• Shared Services User Directory

  Hi Gurus,
  I was wondering if there is a way of hiding the groups from the Microsoft Active Directory.
  For example,
  we want the users from Active directory, but when we check the properties of the users in shared services, it shows the user belonging to a lot of groups that are not hyperion-related. Is there a way to make sure that we see the user to be under only the native directory groups.
  Thanks

  In my production environment, i have a user "john"
  When i look at the user's properties in shared services, the user is under only hyperion-related groups.
  However, we have secondary environment, which we just imported the active directory, and on this one, the same user is under several more groups that are not related to hyperion, for example the user is under CITRIX group, and all other different ones.
  Is it possible for us to filter so that the users will show only under the hyperion related groups