Security Reports in Shared Services

Hi guys,
Could you please help me with a simple question (well, I believe it's easy, but I'm not able to answer it... :))
I'd like to give a user the permission to run security reports, but it's seems he has to be "Shared Services admin" to do so. Is that correct? Can I give him permission to run this kind of reports without giving him the role of "admin"?
I really appreciate your help.
Thank yo!
Regards,
Lu.

Only Shared Services Administrators can generate and view audit reports to track historical changes to the security data.
Refer: Page 86 of http://download.oracle.com/docs/cd/E17236_01/epm.1112/hss_admin.pdf
HTH-
Jasmine.

Similar Messages

  • Reports in Shared Services 9.2.0.2

    I would like to run a report from Shared Services 9.2.0.2 that shows all the users w/ access to our system and what level of access they have. We assign all of our users to groups and the groups are granted access. Our groups are created in the Native Directory and the users are in our NTLM directory. Is there a way to make this happen? I have not been successful in everything I've tried so far.
    Thanks.
    Terri T.

    Ok just thought I'd check. That solution works fine for us but we use MSAD for external authentication. We use native groups for all our provisioning too.
    Not sure why the report won't work with NTLM users.
    Another solution, which is good because u get your data into excel, is to use the cssimportexport utility to export all the security. Then with some excel machinations you can relate the users to the groups to get the roles for each user. I have done that in the past to build a complete user list by application in excel. I had 50 groups with users and it took less than an hour to put it all together.
    Maybe someone else can advise why the report isn't working for you..

  • Generating user reports ( Hyperion Shared Services)

    When i right click on Active directory->USer and say View Report, it by default generates report by USer ID, Is there any wasy to generate these reports by First and Last name of users?

    Hi,
    I have answered this question in post :- UsersByGroup SS report crashing;Shared Services Users not removed correctly
    Cheers
    John

  • Audit Reports in Shared Services

    Hi guys,
    Appreciate if someone could help me with the following query.
    I have enabled Auditing for a Planning Application from Administration-> Reporting -> Auditing (tab)
    However, when I try to 'View Audit Report' in Shared Services for the same application, it says 'Auditing is Disabled and No Records Audited'. Is there something I'm missing out on?
    Dear John, it would be great if you could provide your valuable insight on this.
    Thanks & Cheers,
    Sahil

    1.Using Shared Services Administrator credentials, log in to the Shared Services Console.
    2.Select Administration, then Configure Auditing.
    3.On the Audit Configuration screen:
    a.Select Enable Auditing to activate auditing. If this option is not selected, Shared Services does not support auditing at any level. By default, auditing is disabled.
    b.Select Allow Global Settings Override to disable application group and application-level auditing. If this option is selected, application group and application-level task selections are discarded in favor of the global selections.
    c.Optional: To remove old audit data from the system, in Purge Data Older than, set the number of days for retaining the audit data and click Purge.
    d.From Select Tasks, select the tasks for which audit data is to be preserved. Tasks are categorized based on the applications registered with Shared Services.
    e.Click OK.
    cheers...!!!

  • Audit Reports from Shared Services

    I am using HFM 11.1.1.2 and want to pull a Audit Report in shared services. My approach are as follows:
    In Shared Services on Application Groups, I select my application and right click and select Audit Report. I get the following error:
    Auditing is Disabled and No Records Audited.
    How and where do I enable this?
    Thanks

    You first have to enable Auditing globally in Shared Services. To do this, login to Shared Services, make sure you have the "Shared Services" node highlighted in the pane on the left-hand side and click Administration-->Configure Auditing.

  • Hyperion Essbase on Solaris & Security issue in Shared services

    I installed Hyperion system 9.3.1 in my dev environment. Every thing is working properlly.
    But i still have questions on couple of things.
    1) I installed essbase on solaris 10. I was just trying to configure the sql interface for ESSBASE.
    I went through the documentation. It says i supposed to get a file called libesssql.so.1
    But i can't able to see this file in ARBORPATH/bin location. But still I could able to load the data
    into sample Essbase application. My essbase is working fine. when i ran the script inst -sql.sh
    it created a file called libesssql.so in the ARBORPATH/bin location. But no libesssql.so.1.
    Can some one help me regarding this................
    2)In the shared services when i clicked under Hyperion system 9 BI+, i cant able to see
    any reporting related files to assign security. i am seeing a message saying refer to the security guide to confiure
    permissions for this application.
    I logged into the shared services with admin privileges.
    Please help me in this...........
    Thanks,

    Hi,
    What version are you using ?
    Just to be clear are you saying that the utility only exported one native user and you expected it to export more ?
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • Problem assigning Essbase Security filters in Shared Services

    We recently upgraded Planning/Essbase to System 9 version 931 in Test. Everything went smoothly except for few users Security didn't migrate properly.
    In Shared Services, it shows that user has access to Planning & Native Essbase Applications. But in Essbase, only Planning Application access is shown.
    Also when I try to apply security filters for these users in Native Essbase Applications (in Shared Services), I don't see these particular users.
    There is no problem with Planning security, except when I refresh Security from Shared Services in Analytic Admin Console it wipes out Planning Application access in Essbase.
    For other users there are no issues. Only for few users this is the problem. I have tried to deprovision user & provision back, but no use.
    Please Help

    Essbase/Planning security is multi tiered. In Shared Services you setup your groups. You provision your groups with adequate security access. Depending on whether you have updated a cetain .css file(to fix bug) you may have to assign the read, write calc access to the group not just calc, but all three if your users need the access to actually, read, write & calc. of need user to just read & write etc... then you have to go to EAS refresh, run maxl script to assign environment access to user, go back to shared services go into projects assign any needed access to calc & filter groups and essbase is setup. For planning you also have to go to workspace and migrate identities within the security setup for any of your dimensions. this comes into play when adding or removing users as filters are created in planning workspace. I just learned this from one good tech that helped me setup & remove users as I had issues getting them in and out of the system..Now to move on to actually getting security reports that make sense for planning with the associated access. If anyone has the maxl code let me know.

  • Security Refresh of Shared Services Failing 11.1.1.3

    I executed a manual refresh of SS security in EAS after provisioning a new externally authenticated user and the refresh failed. I researched the issue in the log files, and the automatic daily refresh I have set to run via the config file has been failing since the last recycle of services (complete stop and start of services from reliable scripts).
    Oracle suggested I stop and restart certain services including a longer pause between SS and EAS/Essbase to resynch Essbase and Shared Services. This did not work, neither did a complete stop, reboot, restart.
    I'm approaching desperation, I cannot provision new users in a production environment...
    There are no other symptoms. All users are externally authenticated in the AD, and they are not experiencing any login problems at all. Users have changed their p/w even locked out their accounts and and had them unlocked.
    I'm attaching some log file snippets. I would greatly appreciate your insight.
    Failure message:
    Essbase failed to get roles list for [ESB:Analytic Servers:CORPESS:1] from Shared Services Server with Error [32:1062:Failed to connect to the user directory [Cabot2, Cabot].]
    From SharedServices_Security_Client.log after services restarted:
    2010-09-23 07:12:19,531 INFO [main] Got native directory location from Registry:corpfs.cabotog.com:28089 com.hyperion.css.registry.RegistryManager.getNativeProviderLocationFromRegistry(Unknown Source)
    2010-09-23 07:12:19,531 INFO [main] URL constructed out of values in Registry database:ldap://corpfs.cabotog.com:28089/dc=css,dc=hyperion,dc=com com.hyperion.css.common.configuration.CSSConfigurationImplXML.initConfiguration(Unknown Source)
    2010-09-23 07:12:21,062 ERROR [Thread-3] 27:1062:Failed to connect to the user directory Cabot2.[Root Cause: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
         'OU=Corp,DC=cabotog,DC=com'
    ] ] com.hyperion.css.spi.util.jndi.pool.JNDIConnectionPool.getBorrowObject(Unknown Source)
    2010-09-23 07:12:21,062 ERROR [Thread-4] 27:1062:Failed to connect to the user directory Cabot.[Root Cause: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
         'OU=Corp,DC=cabotog,DC=com'
    ] ] com.hyperion.css.spi.util.jndi.pool.JNDIConnectionPool.getBorrowObject(Unknown Source)
    2010-09-23 07:12:21,062 ERROR [Thread-3] 60:1101:JNDI error.[Root Cause: 27:1062:Failed to connect to the user directory Cabot2. ] com.hyperion.css.spi.impl.msad.JNDIHelper.getURLContext(Unknown Source)
    2010-09-23 07:12:21,062 ERROR [Thread-4] 60:1101:JNDI error.[Root Cause: 27:1062:Failed to connect to the user directory Cabot. ] com.hyperion.css.spi.impl.msad.JNDIHelper.getURLContext(Unknown Source)
    2010-09-23 07:12:21,062 WARN [Thread-3] Failed to update Cache for provider Cabot2[Root Cause: 60:1101:JNDI error. ] com.hyperion.css.spi.impl.msad.MSADCacheUpdater.refreshProviderCache(Unknown Source)
    2010-09-23 07:12:21,062 WARN [Thread-4] Failed to update Cache for provider Cabot[Root Cause: 60:1101:JNDI error. ] com.hyperion.css.spi.impl.msad.MSADCacheUpdater.refreshProviderCache(Unknown Source)

    We are using 11.1.1.3. We had the same issue you described. External users could login to all applications, but all security refreshes failed (in both EAS and Planning) with the failure error in your original post. The patch our consultant applied was "Shared Services Service Fix 11.1.1.3.06" per Oracle support. The following entries in our SS client log are what prompted Oracle's remedy (after several weeks of escalation):
    2010-09-24 15:01:38,110 ERROR [Thread-54] 27:1112:Failed to connect to <ldapserver> at <portnumber>. com.hyperion.css.spi.impl.ldap.LDAPProvider.isAvailable(Unknown Source)
    2010-09-24 15:01:38,110 ERROR [Thread-54] The folowing providers are not initialized, check configuration [ED] com.hyperion.css.spi.CSSManager.pingConfiguredProviders(Unknown Source)
    2010-09-24 15:01:38,110 ERROR [Thread-54] 32:1062:Failed to connect to the user directory <ldapdirectory>. com.hyperion.css.spi.CSSManager.pingConfiguredProviders(Unknown Source)
    2010-09-24 15:01:38,110 DEBUG [Thread-54] getRolesListForEntries() failed : [43842 ms]
    Edited by: 799357 on Oct 4, 2010 12:33 PM
    Edited by: 799357 on Oct 4, 2010 12:38 PM

  • UsersByGroup SS report crashing;Shared Services Users not removed correctly

    Apparently, there are not many experts on Shared Services – nor is there much documentation.
    We have an urgent need to get a Users By Group report successfully run from an Shared Services installation today (auditors!)! Opening a support ticket as well as making last ditch attempts to get more suggestions on how to resolve.
    It appears as those the users causing the problem (the UsersByGroup Shared Services reports crashes) are NTLM. Apparently, several users were removed – before they were de-provisioned. Now they are not appearing on the default area but are appearing in other areas within SS. An attempt to re-add them failed to sync them back up (likely gave them each a new SID). We believe it is likely that the two issues are related (the not quite completely deleted users and the User By Group report bombing out – due to a user – since the provisioning is there, but the user is not, for these instances). Two of the Users show under Admin also, which should not be the case.
    Any suggestions on next steps would be greatly appreciated.
    Thanks!

    Hi,
    You should have a look at using the Update Native Directory Utility, this will clear out any stale users in your OpenLdap.
    It should be situated in \Hyperion\common\utilities\SyncOpenLdapUtility
    There is a zipped file called UpdateNativeDir.zip
    It does have a read me on how to use it but it is pretty simple, on windows it is something like updateNativeDir.bat -cssLocation <location to your>CSS.xml
    e.g updateNativeDir.bat -cssLocation C:\Hyperion\deployments\Tomcat5\SharedServices9\config\CSS.xml
    You may need to update the bat file to include the correct location to your Java Home, you will get an error message anyway if it is not set correctly when you run the batch file.
    It will create a log of all stale users removed.
    Good luck.
    John

  • Trouble assigning security filters in Shared Services

    In Shared Services/Application groups - right click on database to "Assign Access Control" and get the following error "Cluster Name specified is invalid" Anyone seen this one before? - thanks.

    Hi,
    are you sure you configuration of Essbase and Shared services went on fine?
    does your essbase cluster name during configuration contains special characters?

  • Security issue-Hyperion shared services console

    Hi,
    I want a user to access worspace planning but not EAS.
    how to do with hyperion shared services console.
    Regards,
    DK
    Edited by: 972210 on Nov 20, 2012 5:19 AM

    Yes, the user has the Provisioning role and can edit and save user roles, but they cannot update native groups that users are assigned too.

  • User report in shared service

    Hi, I have many user and many group. I would like to check what group that each user in. (actually I can check in properties for each user but it's too many user)
    Is there any report can show member of user group?
    Thanks in advance

    If you are on version 11, you can use Life Cycle Management to export security. This will include all the users and the groups that they belong to. Have a read of this: http://download.oracle.com/docs/cd/E12825_01/epm.111/epm_lifecycle_management/lcm_security_migration.htm
    Cheers,
    Mehmet

  • HFM Security Report Automation?

    Is there a way to automate the running of the HFM (Hyperion Financial Management) Security Report in Shared Services.?
    version: 11.1.2.0
    Is this possible with using Task Automation? ---> If yes please provide details
    If this possible using other reporting tools like HFR, web analysis..etc ---> This is not recommended
    If any other way, Please provide details.
    Thanks All!!
    Regards,
    AVSR

    I think the best way to produce custom security files is using the HFM API. You can use this to report on group memberships and roles and class access. You can read all about it in the Web Developer's Guide Chapter 10. The chapter starts:
    The HFMwSecurity type library contains the HFMwSecurity component. This component
    provides methods that enumerate an application’s security classes, indicate whether a user has
    rights to perform a given task, and return other types of security information.
    I have seen these used to great effect.

  • Where is the Shared Services user security stored?

    On Hyperion Planning 9.3. I can view the security of my users/groups via the report in Shared Services, yet I would like to put the output in Excel and there is no option other than Print/Print Preview.
    which repository database contains the Shared Services security?
    Thanks
    JTS

    Hi,
    If you are talking about the security to members, forms then this is held in the planning application database.
    If it is provisioning of the application then it is a combination of the Shared Services database and OpenLdap database. (not so easy just to create a report on the provisioning by looking at the database)
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • Shared Services User Reports - for HFM Users

    Does anyone have some good material or knowledge they can share with me today regarding the following Shared Services topics?
    1. What might cause a run of the Users By Group report to fail? After about 15 mins bombs out and receive the following error: "User not found with identity = ntlm:SID=S-1-5-21-787380144-986785343-375376054-10174?USER(-2147216700). Then gives much more detail on error.
    2. How to remove users that appear under admin role but not in default?
    3. For audit (TODAY), ideally should produce a report of HFM users – including dates (when added, when security /provisioning was changed for them) – is there a report or combo of reports that will provide this information?
    Any help or a point in the right direction is hugely appreciated.
    Thank you!

    Ok - just some pointers, so use as suits.
    1: this looks like it is not seeing your AD/NTLM user. You see a similar SID if in Properties of any file share where the connection to the domain is not available, or the user no longer exists. Remember, if a user ID in NTLM or AD has been changed, Shared Services does not recognise this, and stores the original SID, so you need to remove and reprovision the user.
    2. The cleanest INHO is to do a CSS Import/Export and 'clean' the file. RTFM :)
    3. There are some reports in Shared Services, but see if this is of use - especially the Security Matrix, (http://www.epmmaestro.com/dnn/Products/EPMWebSymphony/tabid/56/Default.aspx)
    Good luck

Maybe you are looking for

  • How to split H.264 video file then playback with FlashPlayer

    Hi all, I want to develope a Flash or Flex application that can stream a video file in H.264 codec. It's easy to do this with FMS, but it becomes difficult with my budget I have an idea to do the streaming (not really streamming ) via HTTP. My idea i

  • How to add web template in actions

    i want to add a website in my app using action i tried to do that with Http but website open in browser after using http option. i want  that website to be open inside the app like webtemplate

  • ISight recording

    I'm getting the new 20 in iMac in June, and have a question about the iSight. Can you record directly to your computer? As an example, record a video message or greeting and email it as a file to someone? Or hypethticaly, as a security device? Have t

  • Software that could optimize your site on search engines

    Is  there even a such thing as a SEO Friendly site other than the usual keywords,meta tags and backlinks or even software that can do such a thing?  www.createmeasuccessfulwebsite.com

  • Hi InDesign CC 32bit / 64 bit in one Package?

    Hi everybody, I am using the manual bundling tool which includes the manifest file. I have windows builds for 32 and 64 bit, but I do not understand how to create a bundle that contains both and that only copies the files that are labelled with the p