Security Filter Creation Issue

Even after security has been applied in Planning to all dimensions with security enabled the filter being created only has one row that is contains “None”. Can anyone explain why this would be happening?
This is 11.1.2.2 and the application is being managed with EPMA.

The user was not setup to have all of the dimensional security. When the security was applied for all dimensions the filter created as expected.

Similar Messages

Essbase security filter access issue

Hi,
we are facing access issue for users. we have provided the access as filter, its essbase only application. we dont see in display user table APP Access Type column essbase&Planning, only planning its showing..its 9.3.1 version. even sync native dir & essbase refresh done couple of times..but still issue persists.
please help.
:-):-)

Hi John,
I have done same thing, but its just showing filters only.
In Projects->select server/app->selected user/grp->
right click the essbase icon and select "assign access control" > select your user/grp, here i can see only filters which already there and calc (none,no update, all& calcs).
I have selected one filter and none(calc option)->click on tick mark->save......but here i am getting message as "no changes to save" then done EAS refresh ....
still users are not able to login.getting error
"user <> not permitted to access application"
Note: other users have same access can able to login & we are able to see those users in users table as "essbase&Planning", but for problem users its still showing that only 'planning'
please help
thanks

Issue with write Security filter in ASO 9.3.1

Hello All -
I'm having a strange security filter issue in system 9.3.1 ASO cube. We've the native users for the ASO cube and created several write security filters based on cost centers in that cube.
For example, the below security filter sometime works, and sometime not:
Write "Adjustments", @RELATIVE ("S532179", 0), @RELATIVE ("S587724", 0), @RELATIVE ("S525701", 0)
There are total 8 standard dimensions in the cube. I tried all possible combinations to make it work constantly, but it doesn't. Even modified the filter like below so that it has all dimensions (using LEVMBBRS, IDESCENDANTS, RELATIVE) , still users can't load data at level 0 members.
Write @LEVMBRS ("Chart of Accounts",0),@LEVMBRS ("Full Year",0),@LEVMBRS ("Business Unit",0),@LEVMBRS ("Fixed/Variable",0),@LEVMBRS ("Source",0),@LEVMBRS ("Products",0),@LEVMBRS ("Scenario",0),@LEVMBRS ("Cost Center",0)
It looks like the user and filter association is not working. If I give the user direct write access to the cube (bypassing filter totally), the users can write fine. Please help!

I didn't know that the logs didn't work; I tested it and they are not generated for ASO updates in 9.3.1. I didn't see any other setting that would cause them to be created; my guess is that the logs are created based on block manipulations that Essbase does internally using BSO. As there are no blocks in ASO then the same algorithm doesn't apply.
We log Essbase changes in our Dodeca product but we use a different algorithm. We evaluate the update in our server before committing the changes and generate a relational log that has the datapoint information plus the old value, new value and standard 'who' information for the person making the update.
Tim Tow
Applied OLAP, Inc

Issue in Implementing OR Logic in Security Filter for Essbase in OBIEE

I am implementing OBIEE using Essbase as the data source. The requirement is to implement OR logic in the security filter. And I got error message from the MDX query generated by OBIEE. Below is the details. Anyone knows how to solve this issue? Thank you very much.
1.     The “Booking Location” dimension has three hierarchies (ragged hierarchies).
http://img.photobucket.com/albums/v216/stewart_life/1.png
2.     I only want to take the first hierarchy, which is “Total booking”. Thus, I filter the Logical Table Source of “Booking Location” in the business model layer.
http://img.photobucket.com/albums/v216/stewart_life/2.png
3.     The “Incorporation Country” dimension doesn’t have any multiple hierarchies.
http://img.photobucket.com/albums/v216/stewart_life/3.png
4.     Thus, I don’t filter the Logical Table Source of “Incorporation Country” in the business model layer.
http://img.photobucket.com/albums/v216/stewart_life/4.png
5.     I filter the permission of a user. This filter applied to the fact table (RISK) in the business model layer.
http://img.photobucket.com/albums/v216/stewart_life/5.png
6.     Then the filter applied so that the particular user can only see the data where the Incorporation Country level is Singapore OR the Booking Country level is Singapore:
"Risk"."Incorporation Country"."Country" = 'SINGAPORE (INC)' OR "Risk"."Booking Location"."Booking Country" = 'SINGAPORE (CBE)'
http://img.photobucket.com/albums/v216/stewart_life/6.png
7.     Here is the first report that is working fine if run by a user without any security filter.
http://img.photobucket.com/albums/v216/stewart_life/7.png
8.     The result of that report when run by the user whose security filter above has been applied to.
http://img.photobucket.com/albums/v216/stewart_life/8.png
9.     The MDX query generated from that report is shown below. Note that the error refers to the line 4, which is in bold below. Somehow, the query generated always include Incorporation Country and Booking Location in the “With” clause, since both of them are placed in the security filter.-----
Sending query to database named Risk-MI Essbase (id: <<399750>>):
With
set [Booking Location2|http://forums.oracle.com/forums/] as '{[Booking Location|http://forums.oracle.com/forums/].[Total booking|http://forums.oracle.com/forums/]}'
set [Booking Location4|http://forums.oracle.com/forums/] as 'Generate({[Booking Location2|http://forums.oracle.com/forums/]}, Descendants([Booking Location|http://forums.oracle.com/forums/].currentmember, [Booking Location|http://forums.oracle.com/forums/].Generations(4),SELF), ALL)'
*set [Incorporation Country4|http://forums.oracle.com/forums/] as ''*
set [Time3|http://forums.oracle.com/forums/] as 'Time.Generations(3).members'
set [Year2|http://forums.oracle.com/forums/] as 'Year.Generations(2).members'
member Measures.[MS1|http://forums.oracle.com/forums/] as 'Rank(Time.Generations(3).Dimension.CurrentMember, Time.Generations(3).Members)'
set [Axis1Set|http://forums.oracle.com/forums/] as 'crossjoin ({[Booking Location4|http://forums.oracle.com/forums/]},crossjoin ({[Incorporation Country4|http://forums.oracle.com/forums/]},crossjoin ({[Time3|http://forums.oracle.com/forums/]},{[Year2|http://forums.oracle.com/forums/]})))'
select
{Measures.[Netted EAD|http://forums.oracle.com/forums/],Measures.[Netted Nominal|http://forums.oracle.com/forums/],Measures.[Wt_LGD|http://forums.oracle.com/forums/],
MS1} on columns,
NON EMPTY filter({[Axis1Set|http://forums.oracle.com/forums/]}, [Incorporation Country|http://forums.oracle.com/forums/].currentmember IS [Incorporation Country|http://forums.oracle.com/forums/].[SINGAPORE (INC)|http://forums.oracle.com/forums/] OR [Booking Location|http://forums.oracle.com/forums/].currentmember IS [Booking Location|http://forums.oracle.com/forums/].[SINGAPORE (CBE)|http://forums.oracle.com/forums/]) properties ANCESTOR_NAMES, GEN_NUMBER on rows
from [http://RISK-P.RISK]
where ([CRG (ORG)|http://forums.oracle.com/forums/].[Good Book (ORG)|http://forums.oracle.com/forums/], Method.ADV)
+++stewart:370000:370021:----2009/02/17 13:56:06
Query Status: Query Failed: Essbase Error: Syntax error in input MDX query on line 4 at token '''

From what I have read on this forum, people have managed to get the DC In Board replaced for a little over US $100. This would be at an Apple authorized repair shop rather than by Apple itself. This is much less than the cost of a new MacBook. I don't know what might be available in your area, but it would be worth asking at a repair shop.
Good luck!

Essbase Security Filter issue.

Hi,
Its regarding the security filter issue.
The major problem is whosoever user is provisioned under that security filter, if the user is trying to connect to Application using Excel Addin / Smartview, it crashes the essbase server [Network Error [10061], timed out error)]
When we figured out because of this filter essbase server is crashing, we tried to edit the filter. sometimes if we click on edit, it crashes the server or sometimes we can see some junk characters in the filter.
We have applied the security on Entities dimension and problematic filter is ASP.
Now the hirerachy is like this.
Entities dimesnsion and then ASP member and under ASP we have our several members.
Filter is like this:
Write : @Idescendants("ASP")
It was working fine for almost 15 days.
Now if i edit the filter, i can see like this:
Write : @Idescendants("ASP")
Metaread:@Idescendants("*&^%?)
Junk characters are coming in and no idea from where they are coming.
I can't delete the filter also, again it crashes the essbase server.
As a workaround i have created a temp filter and dome the assignation for this group, according to that.
Everything is working fine.
I just wanted to know, has anybody faced such kind of problem earlier.
What cud be the root cause for this.
How could I delete the filter.
I have also get messages like security file is corrupted (we have restored it from old backup) but really worried about security file as we are moving the whole thing to production server this weekend.
Please advise me on this, Please help me. Any help would be highly appreciated.
I am really in trouble.
Thanks,
Pankaj Mehta.

Try to edit the filter from MaxL command line using
alter filter sample.basic.filt7 add write on '@IDescendants("ASP")';
here sample=application
basic=database
filt7=filtername
have good luck

Please Help!!! Deployment failure error Jps servlet filter creation failed.

Hello All,
We are trying to move from 10g to Jdev 11g. We are in the process of deploying the WAR application to weblogic server. However, we keep getting one error after another. This is the latest one:
[12:40:02 PM] [Deployer:149193]Operation 'deploy' on application 'webapp1' has failed on 'AdminServer'
[12:40:02 PM] [Deployer:149034]An exception occurred for task [Deployer:149026]deploy application webapp1 on AdminServer.: JPS-00063: Jps servlet filter creation failed. Reason: oracle.security.jps.JpsException: JPS-00065: Jps platform factory creation failed. Reason: java.security.PrivilegedActionException: oracle.security.jps.JpsException: JPS-00065: Jps platform factory creation failed. Reason: java.lang.ClassNotFoundException: oracle.security.jps.wls.JpsWlsPlatformFactory...:oracle.security.jps.JpsRuntimeException:JPS-00063: Jps servlet filter creation failed. Reason: oracle.security.jps.JpsException: JPS-00065: Jps platform factory creation failed. Reason: java.security.PrivilegedActionException: oracle.security.jps.JpsException: JPS-00065: Jps platform factory creation failed. Reason: java.lang.ClassNotFoundException: oracle.security.jps.wls.JpsWlsPlatformFactory....
[12:40:02 PM] Weblogic Server Exception: weblogic.application.ModuleException: JPS-00063: Jps servlet filter creation failed. Reason: oracle.security.jps.JpsException: JPS-00065: Jps platform factory creation failed. Reason: java.security.PrivilegedActionException: oracle.security.jps.JpsException: JPS-00065: Jps platform factory creation failed. Reason: java.lang.ClassNotFoundException: oracle.security.jps.wls.JpsWlsPlatformFactory...:oracle.security.jps.JpsRuntimeException:JPS-00063: Jps servlet filter creation failed. Reason: oracle.security.jps.JpsException: JPS-00065: Jps platform factory creation failed. Reason: java.security.PrivilegedActionException: oracle.security.jps.JpsException: JPS-00065: Jps platform factory creation failed. Reason: java.lang.ClassNotFoundException: oracle.security.jps.wls.JpsWlsPlatformFactory...
[12:40:02 PM] See server logs or server console for more details.
[*12:40:02 PM] weblogic.application.ModuleException: JPS-00063: Jps servlet filter creation failed. Reason: oracle.security.jps.JpsException: JPS-00065: Jps platform factory creation failed. Reason: java.security.PrivilegedActionException: oracle.security.jps.JpsException: JPS-00065: Jps platform factory creation failed. Reason: java.lang.ClassNotFoundException: oracle.security.jps.wls.JpsWlsPlatformFactory...:oracle.security.jps.JpsRuntimeException:JPS-00063: Jps servlet filter creation failed. Reason: oracle.security.jps.JpsException: JPS-00065: Jps platform factory creation failed. Reason: java.security.PrivilegedActionException: oracle.security.jps.JpsException: JPS-00065: Jps platform factory creation failed. Reason: java.lang.ClassNotFoundException: oracle.security.jps.wls.JpsWlsPlatformFactory...*[12:40:02 PM] Deployment cancelled.
I am sorry to have made the post title so eye catching, but we keep getting issues, one after the other and we are fast approaching the deadline for this upgrade. Thanks for being understanding.
Please help!!!
Edited by: user12054715 on Aug 29, 2011 7:16 PM

UPDATE:
I have been trying to find the class JpsWlsPlatformFactory and some sites say that it is present in the jar - jps-api.jar. So I looked in D:\Oracle\Middleware\oracle_common\modules\oracle.jps_11.1.1 and found a jar called jps-api.jar but the class JpsWlsPlatformFactory was not there. I also tried to find this class on the web but no success.
This is very wierd that oracle.security.jps.wls.JpsWlsPlatformFactory is nowhere to be found on the internet!!!
NOTE: Our application is based on JSF/ADF.
Please help!
Edited by: user12054715 on Aug 29, 2011 9:43 PM

[OBIEE 11g] Enforce star-schema without security filter?

I have imported my first OLAP cube using the instructions <a href = 'http://www.oracle.com/webfolder/technetwork/tutorials/obe/db/11g/r1/olap/biee/createbieemetadata.htm'>here</a> and have applied the necessary security filter to force the star join between the cube and dimension views. However, the security filter does not apply to users in the BI Administrator user group. Is there any way to do this without a security filter, or somehow apply the security filter even when the user is an administrator?
Edited by: islan on Jan 22, 2013 7:56 AM
Edited by: islan on Jan 22, 2013 7:57 AM

The link in your first posting points to the old-way of creating OBIEE metadata for OLAP objects.
Starting with OBIEE 11.1.1.5, it is much simpler as Oracle-OLAP is one of the data sources in BI-Admin Tool.
So do not use the old way.
Start with this doc:
http://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/bi/bi11115/olap/olap.htm
For your other issue, you need this troubleshooting doc:
http://www.oracle.com/technetwork/database/options/olap/troubleshootingbieeconnections-504856.pdf
Note that even though it says OBIEE 11.1.1.5, the above two docs are applicable to 11.1.1.6 and future releases.
For security, you should define it in OBIEE instead of doing in OLAP.
.

Essbase Security filter in OBIEE 11.1.1.6 request

Hello Experts
I have got a requirement whereby I need to apply Data Level Securityfor the Essbase sourced cube in OBIEE11g. But the issue is the dimension value where I need to apply security filter has 25K distinct values and is Unbalanced Hierarchy where the leaf members is distributed across differnet level . Actually it is ragged heirarchy in Cube which when imported in OBIEE becomes a Level Based Heirarchy where the leafs becomes shared across differnet level. Now the general OBIEE rule says - Create separate application groups for each lowest level dimension vales and apply security filters for each values respectively for each group and assign users in those groups.
But the issue is :
1. Here there are 25 K members in the dimesional value where I need to apply Data Level Security . So it is not possible to create 25K distinct group.
2. The dimension which needs to be used for Data level security has Ragged Hierarchy where the lowest leaf (which would eb used in security filter) is shared across differnet levels.So there is no single column that I can select in RPD to apply security filter.
Pls. suggest a solution.
Is there a way that I can source the Essbase Filters to work as Data Level security in OBIEE 11.1.1.6

You can upgrade to 11.1.1.7 and use Weblogic to assign security, then EAS to apply filters, and then OBIEE Enterprise Mgr to apply the application roles (i.e. via Essbase Filters). The gotcha is that you need to install OBIEE 11.1.1.7 and include the Essbase component as part of the install.
If you need more info let me know.
Daniel Poon

Financial Reporting prompt-Show only members as defined by security filter?

Hello all,
Maybe another simple question but i have been unable to perform this task so far-
We have created a security filter against the Company dimension in essbase, assigned it to a user, and that works ok.
We have a report that prompts the user to choose members from for the Company Dimension.
We would like this prompt to present the users only the members that are accessible per the security filter (i.e. al the descendants of the 'Northwest' member) for that particular user, since by default it presents all members of the Dim.
Is this possible to do?
Thank you very much for your help
Hector

I think what you want are METAREAD filters.Not that you're on Planning, but Planning goes to Essbase (eventually) and when it does so, it inexplicably uses READ instead of METAREAD -- it's the same issue.
Here's an overview of it: http://camerons-blog-for-essbase-hackers.blogspot.com/2009/07/fixing-plannings-filters.html
It should be as simple as clicking on the filter type dropdown in EAS to test if it works.
Regards,
Cameron Lackpour

Security filter verification failed

Hi All,
We are trying to create security filter which is combination of 4 sparse dimensions.
The relationship between members in the filter is AND (so the filter will be created under one row).
We encountered the below error in applying security filter
====
[Mon Apr 13 03:42:16 2009]Local/GLOBAL///Error(1200467)
Error parsing formula for [REGION DEFINITION]: status code [1130203] in function [@_U]
[Mon Apr 13 03:42:16 2009]Local/GLOBAL///Error(1200467)
Error parsing formula for []: status code [1130203] in function []
====
It seems like if the combination of the members on the filter hit the limit of allocated memory, the filter got failed.
Is there any way to calculate how many memory absorb in one filter?
or is there any memory limitation for security filter?
It will be great If anyone can share the experience of this issue.
Thanks.
Regards,
Ai

That's interesting, I have never head of a limit on the number of members that a filter can address. How many accounts do you have in your database?
I took a look at the Limits section of the DBAG and found the following re filter limits:
Filter name
* Non-Unicode application limit: 30 bytes
* Unicode-mode application limit: 30 characters
Number of security filters
* Per Essbase Server, 65535
* Per Essbase database, 32290See: http://download.oracle.com/docs/cd/E10530_01/doc/epm.931/html_esb_dbag/limits.htm#limits_1
That's it -- nothing on the number of members that can be addressed in a filter. Of course it is possible (insert sacarsm, irony, or wonder per your personality) that the documentation is not correct.
I have never run into what you described, but Essbase is vast and mysterious country, so perhaps that isn't so surprising.
I'm glad you were able to find a workaround.
Regards,
Cameron Lackpour

Security Filter Problem

Hi ,
I am facing one problem related to security Filter for one user. We are on the Hyperion Version 11.1.2.1 Fusion Edition.
We had one user created in Shared Services with ID : TESTUSER and added in the group. Initially access for this user was working fine. Later on we deleted this user from shared services as we no longer needed this.
As per new requirement we are supposed to create a same user with same user name so we created again new user 'TESTUSER' and added into the same user group then we refreshed security from Planning Application through " Administration -> Application -> Refresh Database->Security Filters ". Refreshing security Filters created filter for above user and we checked this from EAS consol.
However when we log in to the Application through Smart View we are getting the below Error.
Cannot Open cube View.Essbase Error ( 1054060 ):Essbase Failed to select
Application APP1, because TESTUSER@Native Directory is not\
completely Provisioned by Planning.
Could you please advice how could we resolve this issue.

Check whether the user is only an Essbase user. (I don't think that is the case, but in case)
Try changing the access type using
alter user username add application_access_type Planning; (don't know whether this works in latest release)
Try the stepsRAvery and _RahulS_mentioned.
Tried that in 11.1.2.2 access_type Planning is defered.
Regards
Celvin
http://www.orahyplabs.com

Security filter couldn't refresh to Essbase from Planning but could create

Please kind help on look at this issue.
I updated some dimension access in Planning,and did a security refresh in management database menu.But the access didn't refresh to Essbase filter.
Then created filter in management security filter menu,it refreshed to Essbase successfully.
I would grateful if someone could tell me why the first way unsuccessful.
Thanks,

If you go to Oracle Support and search on "planning security refresh" you will see lots of articles on this subject.
Cheers
John
http://john-goodwin.blogspot.com/

"OR" function in Security filter

HI All,
I am trying to implement "OR" function in security filter. i mean for security i have created on group and i am trying to implement following query i am getting error. if i replace "AND" with "OR" then report is showing data. but that is not perfect data because of AND
"Employee ID" = VALUEOF(NQ_SESSION."”EMPLOYEEID”") OR T_CLBI_SV_VISIBLE_OPTY."Employee ID" = VALUEOF(NQ_SESSION."”EMPLOYEEID”") OR T_CLBI_SV_VISIBLE_OFFICE."Employee ID" = VALUEOF(NQ_SESSION."”EMPLOYEEID”") AND T_CLBI_SV_VISIBLE_OFFICE.INHERITED_FLAG = 'F'
my question is how i can i use OR in security filter.
Please help me to solve this issue. really appreciate for your help.

Thank you for your response.
but it is not working even i did try with following simple query
"Employee ID" = VALUEOF(NQ_SESSION."”EMPLOYEEID”" OR T_CLBI_SV_VISIBLE_OPTY."Employee ID" = VALUEOF(NQ_SESSION."”EMPLOYEEID”")
it is giving following error
State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. [nQSError: 14026] Unable to navigate requested expression: Pipeline Fact.Office ID. Please fix the metadata consistency warnings. (HY000)
any idea?????????

Security filter setup missing in one of the planning applications

We noticed recently that our users in one of the planning applications were not able to access any data.
Then we noticed that the entire security filter setup went missing/wipped out for that application and had to set up manually and then a security refresh had to be done to restore security.Any suggestions about the root cause for this issue.We have not been able to find out much about this
Thanks

jts wrote:
It would have been curious if you would have gone to Essbase and sync from Shared Services in the security section to see if the security filters would have repopulated in planning.Filters are stored on the essbase side (essbase.sec) and not in shared services so I wouldn't of thought syncing from HSS to essbase would make any difference
Cheers
John
http://john-goodwin.blogspot.com/

Unsort user selection in setting security filter in ASO database

We found one very inconvenient feature of Essbase : when we perform security filter setting in ASO database via EAS console, we found that the user list selection is unsorted. It is very very difficult to identify the suitable username to set the security filter.
Any tips and tricks can improve the process?

CL wrote:
I don't think this issue is related to ASO -- filters are filters.
All you need to do to sort the filter column is to edit the filters and then click on the "Filter Name" column header. It sorts just fine in EAS 9.3.1.
Regards,
Cameron LackpourMaybe I am confused with security filter and some ASO database setting. I need to check details in EAS later and find out the setup screen I mentioned that the username is unsorted.

Security Filter Creation Issue

Similar Messages

Maybe you are looking for