Shared Services security export utility CSSExport.bat Error

Similar Messages

• How can Manage Permissions for DB in Shared Services Security Mode

  In shared services security mode, after provisioning users for Essbase applications, only can assign database calculation and filter access. How can I grant permissions "Access Databases" like in native mode?

  Essbase will be default be in shared services security mode in 11.1.2, the wizard will not migrate security when in this mode.
  It is possible to revert it back but if you don't know the process then it is worth looking at alternatives first.
  You could use LCM to export the provisioning and then import into your target environment.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Auto Logoff while in Shared Services Security Mode

  Pretty simple question but I still haven't found the answer.
  My client's essbase server is set up in Shared Services Security Mode, so now the auto logoff options for the server don't apply. Is there a way to set this via shared services? Or is there some other means perhaps?
  Thanks for your time.

  Essbase will be default be in shared services security mode in 11.1.2, the wizard will not migrate security when in this mode.
  It is possible to revert it back but if you don't know the process then it is worth looking at alternatives first.
  You could use LCM to export the provisioning and then import into your target environment.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Shared Services Security during LCM migration in 11.1.2.1

  I am migrating a Planning app from 1 environment to another.
  I vaguely remember ( from some presentation) that once I export Shared service security I need to modify the file to reflect the correct Essbase server name and than import the Shared service security file.
  Is this a mandatory step ? If yes which file should I modify ? Is it just listing.xml or any other file as well ?

  If you run an export of provisioning then for essbase you should by default see something like "EssbaseCluster-1", if your target environment is configured in the same way it should also be "EssbaseCluster-1" and you will not need to edit any files.
  If you don't start marking your posts I am not going to reply to any of your questions in future, hopefully everybody else will take that stance seeing as you have so many unresolved questions.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Exclude a user from Shared Services LCM export

  How do I exclude a specific user from the Shared Services LCM export?  In the migration definition file I am trying to specify something like the following:
  pattern="*" and pattern<>"lcm_admin"

  What exactly you want to try after/by exporting users from Shared services?
  Regards,
  Santy.

• Shared services security- Is this even possible?

  I want to know if the following is possible using shared services security:
  I want to set up an MSAD group that will have say 50 sub groups.
  I will define this super group as an external directory in SS.
  I will then assign security (both roles and filters) to each of the 50 sub groups.
  There will be no groups or users in the native directory.
  Based on user needs, the MSAD team will move users from one subgroup to another without logging into Shared Services.
  My expectation is when they move the users from one subgroup to another, the user will have the security of the group they were moved to.
  Is it possible to set up security this way in shared services? I have been experimenting and having a miserable time getting it to work. So just wanted to know if I am doing something wrong or just wasting my time.

  I think this will work, but note that you are not really using SS inherited security.
  What you might do is something like this:
  MasterGroup <--Assign provisioning here
  |_Subgroup1 <--Assign filter
  |_Subgroup2 <--Assign yet another filter
  |_Etc.
  With the above layout you define provisioning roles once at the topmost group (MasterGroup) and then assign unique security at the subgroups.  The users are in the subgroups and their usernames will go to their ids (which will have no provisioning), then their immediate group (ditto), and then the parent group (which will). 
  What you have defined for security (as opposed to provisioning) sounds good to me although I have never tried to do this with MSAD groups.  I don't see a reason for it not to work.
  Regards,
  Cameron Lackpour

• Shared Services Security Migration

  Hi All,
  I need to migrate Shared Services Security from one server to another server(applications already migrated).
  Can you please let me know if we copy essbase.sec file will it work, or any other process we need to follow.
  Thanks,
  Pinky

  Dear Pinky,
  As John just mentioned - it depends a bit on the version that you use as well (11.1.2 is different from 11.1.1.3.x is different from 9.x)
  but you may find useful information in these guides:
  http://download.oracle.com/docs/cd/E12825_01/epm.111/epm_security.pdf
  http://download.oracle.com/docs/cd/E12825_01/epm.111/epm_backup_recovery.pdf
  The CSSImportExport utiity is documented within its own zip folder on your installation of HSS (if you are using version 11.1.1.x)
  Basically you can think of the process as a backup and restore on a different machine.
  The complete list of steps is way too detailed and complex and touches too many sensitive areas to handle it in a thread here.
  (especially as I do not know the versions of HSS/Essbase, the OS or the scope of this migration)
  best regards
  Torben

• Converting to Shared Services Security Mode Error (externalize users)

  Error: 1051549: Can not convert Analytic Services to Shared Services mode when Analytic Services is not configured with Shared Services or the initialization process has failed
  I have tried to register ESSbase with SS again and does not work. All services are started....ideas?

  Start Essbase in Foreground.... and capture the error..
  Blow the Security and replace it from Backup which was wormking fine..start all over again for Externalisation
  You can also check for PREUPM/ POSTUPM files in Essbase/Bin..if they are present then Essbase is partially externalised..you can try taking a copy of the PREUPM and rename the PREUPM to Essbase.sec and start essbase..Rexternalise.

• Hyperion Shared services Migration/Export import

  Hi, We are migrating the OS from Windows to UNIX in Essbase System 9. I am trying to export the exixting grous/filter access from the Windows environment (shared services--Single sign on) to the unix server. There are several cubes in the Windows, but I am tryign with only a single cube. as a part of that I have modified importexport.properties file
  #import export operations
  importexport.css=http://windows_server:58080/interop/framework/getCSSConfigFile
  importexport.cmshost=windowsserver
  importexport.cmsport=58080
  importexport.username=admin
  importexport.password={CSS}MRcYv323uzxGr8rFdvQLcA==
  importexport.enable.console.traces=true
  importexport.trace.events.file=D:\trace_19Nov.log
  importexport.errors.log.file=D:\errors_19Nov.log
  importexport.locale=en
  # importexport.ssl_enabled = true
  # export operations
  export.fileformat=xml
  export.file=D:\export.xml
  export.internal.identities=false
  export.native.user.passwords=true
  export.provisioning.all=false
  export.delegated.lists=true
  export.user.filter=*
  export.group.filter=*
  #export.role.filter=*
  export.producttype=HUB-9.3.1,ESBAPP-9.3.1
  export.provisioning.apps=(Analytic Servers:server:1=DlyCube)
  # import operations
  #import.fileformat=xml
  #import.file=C:\exportNew.xml
  #import.operation=update
  #import.failed.operations.file=c:/failed.xml
  #import.maxerrors=0
  I am not gettign any export error; it says 50 groups have been exported,
  my import is
  importexport.css=http://fbiapld06.uk.db.com:58080/interop/framework/getCSSConfigFile
  importexport.cmshost=fbiapld06.uk.db.com
  importexport.cmsport=58080
  importexport.username=admin
  importexport.password={CSS}MRcYv323uzxGr8rFdvQLcA==
  importexport.enable.console.traces=true
  importexport.trace.events.file=/apps/hyperion_data/trace.log
  importexport.errors.log.file=/apps/hyperion_data/errors.log
  importexport.locale=en
  importexport.ssl_enabled=false
  import.fileformat=xml
  import.file=/apps/hyperion_data/import.xml
  import.operation=CREATE/UPDATE
  import.failed.operations.file=/apps/hyperion_data/failed.xml
  import.maxerrors=10
  While importing also i am not getting any error, it sayd 50 groups have been imported successfully.
  but in shared server unix box, i can't see the groups for that applicaiton.
  can u please help me?

  You can call CSSEXPORT.bat script using following statement
  Call CSSExport.bat importexport.properties
  Make sure your importexport.properties file is present in the same location as CSSExport.bat files
  format of importexport.properties file needs to like this
  Send me your email id and I can send you a document on import/export utlity for version 9.3.1
  #import export operations
  importexport.css=file:/C:/Hyperion/deployments/Tomcat5/SharedServices9/
  config/CSS.xml
  importexport.cmshost=localhost
  importexport.cmsport=58080
  importexport.username=admin
  importexport.password={CSS}MRcYv323uzxGr8rFdvQLcA==
  importexport.enable.console.traces=true
  importexport.trace.events.file=trace.log
  importexport.errors.log.file=errors.log
  Import/Export Utility 3
  importexport.locale=en
  # importexport.ssl_enabled = true
  # export operations
  export.fileformat=xml
  export.file=C:/exportNew.xml
  export.internal.identities=true
  export.native.user.passwords=true
  export.provisioning.all=true
  export.delegated.lists=false
  export.user.filter=*@Native Directory
  export.group.filter=*@Native Directory
  export.role.filter=*
  export.producttype=HUB-9.2.0
  #export.provisioning.apps=(HUB=Global Roles)
  # import operations
  import.fileformat=xml
  import.file=C:/exportNew.xml
  import.operation=update
  import.failed.operations.file=c:/failed.xml
  import.maxerrors=0

• Hyperion Shared Services - Security in excel file

  Hi all,
  Is there a way that we can get security info in an excel format from Shared services and then we can play around with that excel file. Once changes are done, we import it back to Shared services.
  We use active directory for user maintenance.
  Regards,

  They are stored in the Planning application and not Shared Services, export the access permissions from the planning applications using either LCM or the exportsecurity utility.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• CSSExport.bat Error

  Hi,
  When I tried to export security from shared services 9.3.1.
  I got following error:
  Trace...
  2008-08-20 10:31:40,002 Attempting an export operation
  1406 [main] INFO httpclient.HttpMethodDirector - Failure authenticating with BA
  SIC 'WebLogic Server'@<ServerName>:58080
  Unable to connect to the CMS subsystem... Authenticated has failed using
  the supplied credentials
  Aborting program...
  I am able to connect to SS through IE and it is running.
  Code is also working for me on another Shared Services 9.2.0 .
  Please let me know if anyone else had same issue or any suggestion?

  Apparently this issue occurs with Weblogic 8.1.5 and 8.1.6
  There is a patch available from BEA - Patch ID CR287255 which is a .jar file to place on the server. you also need to edit your config.xml and add a line.
  Hyperion support can refer you to page 36 of the documentation on configuring shared services in the shared services install documentation.
  Wags

• Shared Services Users Export............

  Hi All,
  I want to export shared services users for a particular application.
  Is there any way for this?
  Thanks

  Yes, you can export / import the provisioning for a particular application.
  By default the utility export all Users / Groups and provisioning for all applications.
  To export provisioning for a particular application you need to modify the below parameters in CSS Import Export properties file.
  export.provisioning.all=false
  export.provisioning.apps=(<Project Name>:<Application Name>)(<Project Name 1>:<Application Name 1>)
  Hope this helps you...
  Kind regards,
  Manmohan Sharma

• Shared Services Security Issue with Financial Reporting - 11.1.1.3

  Hi,
  So we have some users that are provisioned in some groups. Those groups have Essbase Server Access and Planner access to an application. That access is working great. They have access to the app and they have access via Smartview to the cube.
  Now we need them to be able to see all the Financial Reports (FR) created for that application. There are so many provisioning choices under 'Reporting and Analysis', that I'm not sure how to get this done correctly. Right now we have to assign 'Viewer' access and 'Explorer' access under 'Content Manager' tree in order for this to happen. I just think this seems wrong. We just need the user to be able to run and view a report from Workspace.
  Any help is appreciated as this is a very green area for me.

  Hi,
  You will need both Viewer and Explorer access for users to run reports.
  the reason is that without the Explorer, users will not be able to see any reports or the explorer in Workspace.
  Without Viewer, users will not be able to view/open any of the reports. You also have to give report access to users anyway related to the groups.
  You can see anll information about different security roles for Reporting and Analysis in the shared Services admin guide.
  The documentation is the best place to start for any information needed and confirming what fulfills your needs.
  Cheers
  RS

• Shared Services Security information not updating in Essbase

  Hi,
  I have created few users in Shared Services and performed the sync operation. Created users are not reflecting in Essbase server. why?
  Also tried by externalizing the users... performed sync from shared services and refreshed the shared security from EAS console...then also... user information not updating in Essbase?
  What could be the reason?

  Have you provided Essbase application access rights to those users in shared services?
  If not, then try after providing Essbase access to users. This might be the reason for your issue.
  Regards,
  NitinGupta

• Re:shared services security

  Hi
  I have standalone essbase in 6.5 where users plan their forecasting and budgeting through front end excel vb6 macros
  now they want to upgrade to 11.1.2 since the security in the front end application is through a NTID where orcl triggers a common password to log into
  essbase which matches the same password in essbase.
  severity is when we upgrade to 11.1.2 how does this work as shared services are to be maintained
  and how does shared sevrices talk to the front end vb macros ?
  any suggestion would be really appreciated.

  If you are moving to 11.1.2 then it is probably worth moving to Smart View as the excel add-in is pretty much at the end of its life and soon to be retired.
  You can configure shared services to add in an external directory such as Microsoft active directory, then the AD users/groups will be available in Shared Services and you can provision them against the essbase applications.
  Smart View / Excel add-in will authenticate against Shared Services and shouldn't need to worry too much about the code, if you move to Smart View then you have to prepare for code changes
  Cheers
  John
  http://john-goodwin.blogspot.com/