Security filter for multip^e users

Similar Messages

• Issue in Implementing OR Logic in Security Filter for Essbase in OBIEE

  I am implementing OBIEE using Essbase as the data source. The requirement is to implement OR logic in the security filter. And I got error message from the MDX query generated by OBIEE. Below is the details. Anyone knows how to solve this issue? Thank you very much.
  1.     The “Booking Location” dimension has three hierarchies (ragged hierarchies).
  http://img.photobucket.com/albums/v216/stewart_life/1.png
  2.     I only want to take the first hierarchy, which is “Total booking”. Thus, I filter the Logical Table Source of “Booking Location” in the business model layer.
  http://img.photobucket.com/albums/v216/stewart_life/2.png
  3.     The “Incorporation Country” dimension doesn’t have any multiple hierarchies.
  http://img.photobucket.com/albums/v216/stewart_life/3.png
  4.     Thus, I don’t filter the Logical Table Source of “Incorporation Country” in the business model layer.
  http://img.photobucket.com/albums/v216/stewart_life/4.png
  5.     I filter the permission of a user. This filter applied to the fact table (RISK) in the business model layer.
  http://img.photobucket.com/albums/v216/stewart_life/5.png
  6.     Then the filter applied so that the particular user can only see the data where the Incorporation Country level is Singapore OR the Booking Country level is Singapore:
  "Risk"."Incorporation Country"."Country" = 'SINGAPORE (INC)' OR "Risk"."Booking Location"."Booking Country" = 'SINGAPORE (CBE)'
  http://img.photobucket.com/albums/v216/stewart_life/6.png
  7.     Here is the first report that is working fine if run by a user without any security filter.
  http://img.photobucket.com/albums/v216/stewart_life/7.png
  8.     The result of that report when run by the user whose security filter above has been applied to.
  http://img.photobucket.com/albums/v216/stewart_life/8.png
  9.     The MDX query generated from that report is shown below. Note that the error refers to the line 4, which is in bold below. Somehow, the query generated always include Incorporation Country and Booking Location in the “With” clause, since both of them are placed in the security filter.-----
  Sending query to database named Risk-MI Essbase (id: <<399750>>):
  With
  set [Booking Location2|http://forums.oracle.com/forums/] as '{[Booking Location|http://forums.oracle.com/forums/].[Total booking|http://forums.oracle.com/forums/]}'
  set [Booking Location4|http://forums.oracle.com/forums/] as 'Generate({[Booking Location2|http://forums.oracle.com/forums/]}, Descendants([Booking Location|http://forums.oracle.com/forums/].currentmember, [Booking Location|http://forums.oracle.com/forums/].Generations(4),SELF), ALL)'
  *set [Incorporation Country4|http://forums.oracle.com/forums/] as ''*
  set [Time3|http://forums.oracle.com/forums/] as 'Time.Generations(3).members'
  set [Year2|http://forums.oracle.com/forums/] as 'Year.Generations(2).members'
  member Measures.[MS1|http://forums.oracle.com/forums/] as 'Rank(Time.Generations(3).Dimension.CurrentMember, Time.Generations(3).Members)'
  set [Axis1Set|http://forums.oracle.com/forums/] as 'crossjoin ({[Booking Location4|http://forums.oracle.com/forums/]},crossjoin ({[Incorporation Country4|http://forums.oracle.com/forums/]},crossjoin ({[Time3|http://forums.oracle.com/forums/]},{[Year2|http://forums.oracle.com/forums/]})))'
  select
  {Measures.[Netted EAD|http://forums.oracle.com/forums/],Measures.[Netted Nominal|http://forums.oracle.com/forums/],Measures.[Wt_LGD|http://forums.oracle.com/forums/],
  MS1} on columns,
  NON EMPTY filter({[Axis1Set|http://forums.oracle.com/forums/]}, [Incorporation Country|http://forums.oracle.com/forums/].currentmember IS [Incorporation Country|http://forums.oracle.com/forums/].[SINGAPORE (INC)|http://forums.oracle.com/forums/] OR [Booking Location|http://forums.oracle.com/forums/].currentmember IS [Booking Location|http://forums.oracle.com/forums/].[SINGAPORE (CBE)|http://forums.oracle.com/forums/]) properties ANCESTOR_NAMES, GEN_NUMBER on rows
  from [http://RISK-P.RISK]
  where ([CRG (ORG)|http://forums.oracle.com/forums/].[Good Book (ORG)|http://forums.oracle.com/forums/], Method.ADV)
  +++stewart:370000:370021:----2009/02/17 13:56:06
  Query Status: Query Failed: Essbase Error: Syntax error in input MDX query on line 4 at token '''

  From what I have read on this forum, people have managed to get the DC In Board replaced for a little over US $100. This would be at an Apple authorized repair shop rather than by Apple itself. This is much less than the cost of a new MacBook. I don't know what might be available in your area, but it would be worth asking at a repair shop.
  Good luck!

• Change default security settings for new Discoverer users? How?

  Hello, using Discoverer 10g with SSO integration.
  I've created two roles and create in advance users in the DB user, granting them
  one of the two roles. The two roles privileges for Discoverer are already configured.
  This way, when I create the user in the DB before launching Disco, granting the user one or the other role, I should be all set about what the user can or cannot do on Discoverer (Plus).
  So far the theory :)
  The problem is that the full permission given by Discoverer to each new user override the role settings, so each new user can do everything (instead one of the roles forbids saving and sharing, for example).
  I have to go to Disco Admin and uncheck the "Plus/Viewer" checkbox for the user to make roles actually work as expected.
  How can I set Discoverer user default as "Cannot do anything" on Plus/Viewer so that roles apply without further admin intervention?
  Thanks
  Mario

  Thanks a lot Rod.
  The problem here is we need to allow portal users the ability to access Discoverer Plus without using Disco Admin: once a user is registered in the SSO, he should be able to connect successfully to Discoverer.
  So we need creating user privileges on behalf of Disco Admin.
  Tough job, but it seems it ca be done.
  Regards,
  Mario

• Security Setting for a User

  Hi,
  Can we invoke and revoke security settings for a particular user at any time?What i mean by this is,
  For a particular document user1 can add/modify the document and user 2 and user3 cannot,but in another moment user2 can see the same document but user3 cannot.And finally when user3 add/modifies it all three of them can view the same document.
  Is there a possible way to do such kind of operation using UCM?

  Hi,
  I think the answer for the most part is yes, though security is not mapped to the document level, rather access is granted to groupings that contain documents.
  So in the scenarios you listed, theoretically the document would be contained in a grouping which user1 has access to and users 2 and 3 do not. In the next "moment" the document could either be moved to a new grouping or user2's access could change allowing them to see the document while still hiding it from user3.
  The third scenario is a little trickier, because user3(who did not have access to the document in scenario 2) modifies it and then everyone can see it. I'm not sure if you were inferring a series of actions on the same document, or three seperate scenarios, but if it was a series of steps, then that one probably wouldn't fly without a customization at least.
  Hope that helps
  David

• [OBIEE 11g] Enforce star-schema without security filter?

  I have imported my first OLAP cube using the instructions <a href = 'http://www.oracle.com/webfolder/technetwork/tutorials/obe/db/11g/r1/olap/biee/createbieemetadata.htm'>here</a> and have applied the necessary security filter to force the star join between the cube and dimension views. However, the security filter does not apply to users in the BI Administrator user group. Is there any way to do this without a security filter, or somehow apply the security filter even when the user is an administrator?
  Edited by: islan on Jan 22, 2013 7:56 AM
  Edited by: islan on Jan 22, 2013 7:57 AM

  The link in your first posting points to the old-way of creating OBIEE metadata for OLAP objects.
  Starting with OBIEE 11.1.1.5, it is much simpler as Oracle-OLAP is one of the data sources in BI-Admin Tool.
  So do not use the old way.
  Start with this doc:
  http://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/bi/bi11115/olap/olap.htm
  For your other issue, you need this troubleshooting doc:
  http://www.oracle.com/technetwork/database/options/olap/troubleshootingbieeconnections-504856.pdf
  Note that even though it says OBIEE 11.1.1.5, the above two docs are applicable to 11.1.1.6 and future releases.
  For security, you should define it in OBIEE instead of doing in OLAP.
  .

• Security Filter Problem

  Hi ,
  I am facing one problem related to security Filter for one user. We are on the Hyperion Version 11.1.2.1 Fusion Edition.
  We had one user created in Shared Services with ID : TESTUSER and added in the group. Initially access for this user was working fine. Later on we deleted this user from shared services as we no longer needed this.
  As per new requirement we are supposed to create a same user with same user name so we created again new user 'TESTUSER' and added into the same user group then we refreshed security from Planning Application through " Administration -> Application -> Refresh Database->Security Filters ". Refreshing security Filters created filter for above user and we checked this from EAS consol.
  However when we log in to the Application through Smart View we are getting the below Error.
  Cannot Open cube View.Essbase Error ( 1054060 ):Essbase Failed to select
  Application APP1, because TESTUSER@Native Directory is not\
  completely Provisioned by Planning.
  Could you please advice how could we resolve this issue.

  Check whether the user is only an Essbase user. (I don't think that is the case, but in case)
  Try changing the access type using
  alter user username add application_access_type Planning; (don't know whether this works in latest release)
  Try the stepsRAvery and _RahulS_mentioned.
  Tried that in 11.1.2.2 access_type Planning is defered.
  Regards
  Celvin
  http://www.orahyplabs.com

• Group Policy for Remote Desktop Users

  Hi,
  Currently my users use desktops and have user and computer GPOs applied (typical things like logon scripts etc.) at the OU level where they reside e.g. Finance Users, Sales Users etc.
  I am planning a Remote Desktop 2012 environment.
  I have read the following:
  TechNet cc779327
  So, my understanding is that I create a new OU for my Remote Desktop Server only (not users), and create a new security Group for my RD Users and a security group for my RD server.
  Remote Desktop Servers OU
             * RD User GPO (filter on RD User security Group and RD Computer Security Group)
             * RD Computer GPO (filter on RD User security Group and RD Computer Security Group)
  I then apply all computer settings to the RD Computer GPO (loopback processing, Windows installer, hide shortcuts etc.).
  I then apply all user settings to the RD User GPO (app specific, templates etc.)
  Why not consolidate the two GPOs into one?
  If I set computer settings in the computer GPO, and apply it as above to filter to the RD Server group and RD Users Group will this apply to only users un the RD User Group...or ALL users since I added the server to the filter?
  If a user currently gets a setting in their normal OU e.g. Finance logon script, will they still get it on the Remote Desktop? Or do I need to copy that GPO setting to my new RD User GPO also?
  Am I right to add both RD Server and RD User groups to the filter on both RD User and RD Computer GPOs?
  Loopback processing - merge or replace typically for Remote Desktop?

  Hi,
  Thank you for posting in Windows Server Forum.
  Create OU for RDS Server in Active Directory. Create security group for users who will use Remote Desktop Host (i.e. RDS Users). Create GPO (i.e. RDS Server Lock Down). In Security Filtering delete Authenticated Users, add RDS Server Account, and the security
  group created in previous step.
  Please check beneath article might useful for better understanding.
  Lock Down Remote Desktop Services Server 2012
  How to secure your remote desktop server with GPO
  Hope it helps!
  Thanks,
  Dharmesh

• Failed to refresh user's security filter

  Hi - I'm having an issue with a user ID. User was having a lot of problems doing Essbase retrievals in Excel, so tried refreshing their security filter in Hyperion Desktop. I get a 'security filters were created successfully except for: username."
  So I recreated her ID in Planning, removed her ID in Essbase and removed her filters in Essbase. I added back all the groups that she belongs to in Planning, now I am back in Hyperion Desktop trying to do a push down for her ID and I still get the same error message.
  Then I went to some other people's ID, highlighted their name and did a refresh, some of the say successful, some of them give me the same error message about security filter refreshed except for: username".
  What in the world can be causing this?
  Planning 3.5.1
  Essbase 7
  Edited by: CLAU on Feb 25, 2010 7:29 AM

  also<BR><BR>DISPLAY PRIVILEGE USER ALL; will list all privileges granted to a user directly. Any line that isn't "no access" means that the user has privileges assigned outside a group. I periodically do ann audit on our systems to ensure we have't got any direct users that have privileges granted outside groups.<BR><BR>Of course anyone tagged individually as a supervisor will come up on this check.

• Setting a Default Page Filter for Large Number of Users?

  Hi Everyone,
  I'm currently running Oracle Business Intelligence (OBIEE) 10.1.3.3.3 and have a quick question regarding page filters.
  I have a report with several page filters. One of the page filters is a multi-select filter of values A, B and C.
  I want to configure my report such that all of my users who log into this report, will automatically be defaulted to the results where the page filter is pre-selected to be equaled to "A". Obviously, if the user wants to then choose another option, he/she may do so manually by toggling the page filter after the report initially renders.
  The only simple way I know how to configure this is through a manual process of logging into the user's account, selecting Page Filter = 'A' for them, and saving their selections under Page Options. Once saved, there is a checkbox that I can select to make this saved selection the default home page for this report for that particular user.
  The problem is that if I have several hundred users, it would be unfeasible for me to go and manually modify each user's account one by one to set the page filter = 'A' for each login.
  There has to be an easier way to universally set a page filter on a certain report such that any group of users (that I can define) will see the same initial, default page filter value settings that I choose.
  Does anyone know of an easier method to accomplish this?
  Thanks,
  Alan

  Hi,
  1. Please put filter value default A then when user login in OBIEE it will display always A data only.
  2. Which security method are you implemented means LDAP/External table kindly conform.
  If you want see the same page across all users.you have to create table in Database.
  Follow below steps.
  1. create table in database like below.
  col1 col2
  groupname Dashboard portal path
  2. Create system variable Go--> Manage-->Variables --> select system variable --> New Portal Path option.
  3. This variable apply in group level.
  I am not sure this what your looking so far.
  Award points it is useful.
  Thanks,
  Satya

• How to Define Workbook / Business Ares Security Correctly for new Users

  Hi All,
  Please could you help me understand the Security Model for Workbooks and business Areas as I believe I am very close to understanding it, but missing something important.
  Background Information:
  We are using the predefined Oracle Business Areas (Payables, Receivables, Purchasing & General Ledger) to build our reports on. These are the steps I am taking to try and assign a new user & responsibility access to the existing report.
  1. I create the Report in Discoverer Desktop under the ‘General Ledger Responsibility’ logged in as myself – assume report name = ‘Report_1’.
  2. I create a new Responsibility in Oracle Apps called ‘Discoverer Resource Coordinators’.
  3. I create a new User in Oracle Apps called ‘Joe Bloggs’ and assign the responsibility ‘Discoverer Resource Coordinators’ to the Joe.
  4. Logged in as myself in Discoverer Desktop, Responsibility ‘General Ledger’ I Share the Report (Report_1) to the new Responsibility I just created ‘Discoverer Resource Coordinators’.
  5. In Discoverer Administration, Security, I assign the new Responsibility ‘Discoverer Resource Coordinators’ to the predefined Oracle Business Areas (Payables, Receivables, Purchasing & General Ledger).
  6. In Discoverer Administration I set privileges so that the Responsibility ‘Discoverer Resource Coordinators’ can do all tasks, query data, administer. .etc. etc..
  7. I therefore believe everything has been done and attempt to Login and run the report under Joe Bloggs, but am unable to retrieve any data.
  Help… what am I missing!
  Thanks,
  Lance
  Message was edited by:
  Lance

  Dear All,
  This has now been adjusted according to your recommendations but to no avail.
  Myself and Lance have ensured that this new responsibility has unlimited access to all the existing Business areas to eliminate joins within folders not being recognised, we have also ensured that the workbooks that have been created are shared with the correct responsibility.
  I have thoroughly tested this set up by logging in as this new responsibility within Disco. Client to try and retrieve data in a new Workbook, but even for the simplest of queries this fails.
  It seems that there may be a problem with the Responsibility linking to the EUL, could this be due to the new responsibility being created after the Current EUL was set up?
  Does anyone have any information or knowledge where this could happen?
  Regards
  Si

• Query security settings for users

  Hi again.
  I'm looking for a way of querying security settings for a user.
  ie I understand that company/division etc security is implemented through responsibilities.
  In which case, is there a way to retrieve those exclusions per user?
  (eg User 1 cant see company 50)
  Thanks,
  g.

  Hi again.
  I'm looking for a way of querying security settings for a user.
  ie I understand that company/division etc security is implemented through responsibilities.
  In which case, is there a way to retrieve those exclusions per user?
  (eg User 1 cant see company 50)
  Thanks,
  g.

• GRC AC Filter for System in GRC AC End user Home

  Hi,
  I need to create a filter for system (for all user) in the ALV, from END USER HOME when try to select roles and system from Model User
  I see the instructions in the link:
  http://scn.sap.com/community/grc/blog/2013/09/04/customizing-access-request-and-approval-screens-in-grc-access-control
  But i try to open application GRAC_UIBB_END_USER_LOGIN from SE80 transacction, appears a error in the navigator.
  This is what I want to accomplish

  Hello Cristian,
  Try to add the below string at the end of the URL for which you are getting error.
  &SAP_CONFIG_MODE=X&OBJECT_ID=ACCREQ
  Hope it helps.
  Regards,
  Neeraj Agarwal

• Filter base on CallerID to VM for only 1 User

  Hi
  CM4.0.2sr2a - Can I Filter base on CallerID to VM for only 1 User.
  Reason: This user gets constant sales calls from certain vendor that they recognize the callerID and don't want to answer their calls but rather have it go to VM

  perhaps you can setup a phone template that has an "idivert" button where if the user sees an incoming number they don't want to answer, they can just press the 'idivert' button and the call goes straight to voice mail.
  see the following link for more info:
  http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_administration_guide_chapter09186a00801ed115.html

• Will there be a java security update for OS 10.7/10.8 users like the one for OS 10.6 users (update 12) ?

  There is a security risk for all 10.7/10.8 users according to Oracle.  When will we get a resoltuion and/or recommendation for the vunerablilities found in the Java version 1.6.0.37?

  When will we get a resoltuion and/or recommendation for the vunerablilities found in the Java version 1.6.0.37?
  There will never be a permanent resolution. Java is inherently insecure by design.
  Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was never a good idea, and Java's developers have had a lot of trouble implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style "virus" affecting OS X. Merely loading a page with malicious Java content could be harmful. Fortunately, Java on the Web is mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice.
  Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers. In Safari, this is done by unchecking the box marked Enable Java in the Security tab of the preferences dialog.
  Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a specific task, enable Java only when needed for the task and disable it immediately when done. Close all other browser windows and tabs, and don't visit any other sites while Java is active. Never enable Java on a public web page that carries third-party advertising. Use it only on well-known, password-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.

• Unsort user selection in setting security filter in ASO database

  We found one very inconvenient feature of Essbase : when we perform security filter setting in ASO database via EAS console, we found that the user list selection is unsorted. It is very very difficult to identify the suitable username to set the security filter.
  Any tips and tricks can improve the process?

  CL wrote:
  I don't think this issue is related to ASO -- filters are filters.
  All you need to do to sort the filter column is to edit the filters and then click on the "Filter Name" column header. It sorts just fine in EAS 9.3.1.
  Regards,
  Cameron LackpourMaybe I am confused with security filter and some ASO database setting. I need to check details in EAS later and find out the setup screen I mentioned that the username is unsorted.