UpdateNativeDir Utility and HFM security

When we run the UpdateNativeDir utility to fix security for OU moves, do we also need to update security within HFM and the SECACCESS tables used for each HFM application? and if so, what do we need to do?
Thanks
V9.2.0.1

No. HFM will synch up with HSS. No need to do anything in HFM once you run the utility.

Similar Messages

  • HFM Security Class and Security

    Hi All my Peers,
    Can any one explain me What is the difference between Security Class and Security

    No offense, but if you don't understand these concepts well enough, your CV should probably be sent a far distance if you are trying to get an experienced consulting position. Understanding security is an important piece to the puzzle, especially when dealing with large amounts of financial data.
    With that said.......
    Security - Generally speaking, the goal of security is to control access to data, objects, programs, etc. In the Hyperion sense, security is managed in multiple different ways :
    - Program Access : Only users who are linked to Hyperion's Shared Services AND have the proper provisioned rights can open a program. (i.e. HFM, Reports, Workspace, FDM, etc, etc, etc.)
    - Provisioning : There are different types of rights per program that a user can have. Provisioning is the act of assigning these rights. (i.e. HFM has multiple rights such as Appliation Administrator, Default, Provisioning Manager, etc.)
    - Data / Object Access : Even if you have the right to enter the program, there is generally another layer of security which controls what you can do. For instance, inside of HFM, you can configure security for objects such as Data Forms and Data Grids. Furthermore, you can limit the user's ability to change or view data for specific entities, accounts, as well as other dimensions.
    - Security Classes : The security classes that you assign in the metadata are used during the act of assigning the Data / Object access controls. Users (and Groups) and assigned View Only, All (Read/Write), or None access to HFM Security Classes.
    This is a ridiculously high level overview. To get a much better understanding, I strongly recommend that you read the product documentation for the specific products you are using. If you are using 11.1.2.1 / HFM, here are a couple of documents that are of value :
    http://docs.oracle.com/cd/E17236_01/epm.1112/hfm_admin.pdf - Administrators guide which has a section on security.
    http://docs.oracle.com/cd/E17236_01/epm.1112/hfm_user.pdf - Users' guide which talked to security in terms of forms/ grids
    General System 11 doc : http://docs.oracle.com/cd/E17236_01/nav/portal_5.htm
    Hope that helps

  • UpdateNativeDir Utility

    When we have a user move from one OU to another, we are told that this UpdateNativeDir utility fixes the problem.
    1. Does this utility only update the Shared Services relational database?
    2. Are there other steps required to update security for users to access Planning Web?
    This is all for version 9.2.0.1
    Thanks

    Hi,
    This utility cleans up invalid entries stored in the Open LDAP.
    Products affected are usually Planning and web Analysis. There is a readme which comes with the utlity and explains what happens when you run the utility.
    You should just need to run the utility and then try again (maybe refresh the Planning security)
    For info, Planning 9.2.0.3 and 9.3.1 can be configured with a new ObjectGUID attribute which supports moves of OU.
    If your users regularly change OUs I would strongly recommend an upgrade.
    Hope this helps.
    Seb

  • Automate HFM Security extract?

    Hi,
    HFM Security can be extracted in below methods
    1. In workspace > Extract Tasks> Extract Security
    2. In Shared service > Application Groups > Rt Click on App Name> Assign Access control > Security Reports
    Please let me know if any another ways to Extract security reports.
    Can we make Automate the "extracting security reports"?
    Thanks in Advance.
    Regards,
    AVSR

    Overview: create a migration definition file for HFM (migrating what information you need, in your case it would be security)... save the file, don't execute. Using cmd prompt, run the LCM utility.bat, supplying it with the information needed as well as the migration file. Automate it by creating a batch file to run your migration file and the utility. Schedule the batch file in task scheduler and it will run whenever needed.
    Search for it on the oracle knowledgebase. Theres a lot of info on LCM there.

  • Trying to reconnect airport express to time machine but express not showing up in base station.  unfortunately clicked forgot in airport utility and express no longer shows up.  how to reconnect?

    trying to reconnect airport express to time machine but express not showing up in base station.  unfortunately clicked forgot in airport utility and express no longer shows up.  how to reconnect?

    I would recommend setting the wireless encryption on the AirPort Express BEFORE configuring it for the AirPort Extreme in this case. This issue also comes up often when configuring AirPorts into a WDS.
    If setting up security in my recommend order does not work, temporarily connect the Express by Ethernet to the Extreme; make the security changes, and then, move the Express back to the desired location.

  • HFM Security Issue - User can submit a journal by by-passing the approval step even though they are not an admin.

    Hi All,
    I was wondering if anyone could help me with a HFM security issue on HFM 11.1.2.3 we are facing please?
    The problem is that a user can by-pass the journal approval stage and post directly after submitting if Custom4 access control=All is selected.
    If any of the other access controls (None, Read, Promote) for custom 4 are selected, the first two steps of the process are possible -
    input and approval of the journal are possible but final posting of the journal is not and returns an error that says:
    "User does not have the access right to perform this journal task"
    The options I have thought for a workaround are as follows:
    1.       1. Set up a 3rd user called data poster and remove submit journal role from user 1 (data inputter)
    2.       2. Put in place process control and use the various review levels (could be quite time consuming given there is no time left for development)
    Have anyone experienced this before and come up with a quick way of resolving this please? It would be very much appreciated.
    We have two types of users who are associated with groups in HFM and have the appropriate roles assigned to them to complete their tasks,
    they are:
    1. A data Inputter (who inputs base data and journals, who has access to create and submit journals)
    2.   2. A data reviewer (who approves journals)
    The process is as follows:
    1.       1. Logon as Data inputter to submit the journals
    2.       2. Logon as Data reviewer to approve the journals
    3.       3. Logon as Data inputter to post the Journals
    We are using the custom 4 member to identify different adjustment types. At the moment we are able to set it up in such a way whereby Steps 1 and 2 can be completed
    but once it comes back to step 3, we get an error as follows:
    "User does not have the access right to perform this journal task"
    (This error comes about when the access control on custom 4 is set to None, Read, Promote)
    Custom 4 Access Rights looks as follows:
    C4_ADJ01
    C4_ADJ02
    C4_ADJ03
    C4_ADJ04
    HFMDefault
    Read
    Read
    Read
    Read
    HFMLoad
    All
    Promote
    None
    Read
    HFMReview
    Read
    All
    All
    All
    When Custom 4=C4_ADJ01 all 3 steps can be completed but it by-passes step 2 (journal approval).
    For all other Custom 4 we complete steps 1 and 2 successfully but not step 3 due to access issues.
    Roles for the groups that users assigned look like the following:
    Test User Name
    Test User Name
    Access Rights
    1
    Base Data input/Journal Data input
    test_HFMLoad
    Reviewer 1
    Review Supervisor
    Create Journals
    Read Journals
    Database Management
    Enable write back in Web Grid
    Load Excel Data
    Generate Recurring
    Post Journals
    Create Unbalanced Journals
    Manage Templates
    Data Form Write Back from Excel
    Consolidate
    2
    Data Reviewer
    test_HFMReview
    Reviewer 1
    Review Supervisor
    Create Journals
    Read Journals
    Database Management
    Approve Journals
    Consolidate
    Reviewer 2
    Generate Recurring
    Manage Templates
    Create Unbalanced Journals
    Any help or advice would be much appreciated.
    Thanks in advance,
    M.

    Hi All,
    I was wondering if anyone could help me with a HFM security issue on HFM 11.1.2.3 we are facing please?
    The problem is that a user can by-pass the journal approval stage and post directly after submitting if Custom4 access control=All is selected.
    If any of the other access controls (None, Read, Promote) for custom 4 are selected, the first two steps of the process are possible -
    input and approval of the journal are possible but final posting of the journal is not and returns an error that says:
    "User does not have the access right to perform this journal task"
    The options I have thought for a workaround are as follows:
    1.       1. Set up a 3rd user called data poster and remove submit journal role from user 1 (data inputter)
    2.       2. Put in place process control and use the various review levels (could be quite time consuming given there is no time left for development)
    Have anyone experienced this before and come up with a quick way of resolving this please? It would be very much appreciated.
    We have two types of users who are associated with groups in HFM and have the appropriate roles assigned to them to complete their tasks,
    they are:
    1. A data Inputter (who inputs base data and journals, who has access to create and submit journals)
    2.   2. A data reviewer (who approves journals)
    The process is as follows:
    1.       1. Logon as Data inputter to submit the journals
    2.       2. Logon as Data reviewer to approve the journals
    3.       3. Logon as Data inputter to post the Journals
    We are using the custom 4 member to identify different adjustment types. At the moment we are able to set it up in such a way whereby Steps 1 and 2 can be completed
    but once it comes back to step 3, we get an error as follows:
    "User does not have the access right to perform this journal task"
    (This error comes about when the access control on custom 4 is set to None, Read, Promote)
    Custom 4 Access Rights looks as follows:
    C4_ADJ01
    C4_ADJ02
    C4_ADJ03
    C4_ADJ04
    HFMDefault
    Read
    Read
    Read
    Read
    HFMLoad
    All
    Promote
    None
    Read
    HFMReview
    Read
    All
    All
    All
    When Custom 4=C4_ADJ01 all 3 steps can be completed but it by-passes step 2 (journal approval).
    For all other Custom 4 we complete steps 1 and 2 successfully but not step 3 due to access issues.
    Roles for the groups that users assigned look like the following:
    Test User Name
    Test User Name
    Access Rights
    1
    Base Data input/Journal Data input
    test_HFMLoad
    Reviewer 1
    Review Supervisor
    Create Journals
    Read Journals
    Database Management
    Enable write back in Web Grid
    Load Excel Data
    Generate Recurring
    Post Journals
    Create Unbalanced Journals
    Manage Templates
    Data Form Write Back from Excel
    Consolidate
    2
    Data Reviewer
    test_HFMReview
    Reviewer 1
    Review Supervisor
    Create Journals
    Read Journals
    Database Management
    Approve Journals
    Consolidate
    Reviewer 2
    Generate Recurring
    Manage Templates
    Create Unbalanced Journals
    Any help or advice would be much appreciated.
    Thanks in advance,
    M.

  • Monitoring HFM security

    I am using Hyperion 11.1.2.1. and want to monitor some HFM security.
    Is there any way we can find that :
    how many number of users are currently accessing a particular HFM Application and can identify them with their user-details and login-details whenever required ?
    how many number of users are currently accessing the whole HFM Application(Schema) and can identify them with their user-details and login-details whenever required ?
    -----Sunny

    Hi Sunny,
    As the subject was about HFM Security i have given you the query or details which i was aware about HFM.
    1.I mean to say for the tables i have listed in the query there are other columns as well so if you want to get more details then you can select which are all the columns you would require and add them accordingly in the query.
    2.Yeah its possible to get the details about user connected to application even. here is the query you need to change for this as below
    select h.sservername,h.sappname,s.susername,to_char((to_date('01/1900','MM/YYYY')+h.dstarttime-2),'DD/MM/YYYY hh24:mi:ss'),h.lactivitycode,h.sactivitydesc
    from hsv_users_on_system h,hsv_activity_users s
    where h.luserid in s.luserid
    order by sservername
    Also as you were asking for Historical/past login times & details here is the below query which will help you in analysing the things better with activity they did and time they logged in and carried out activity.
    select g.servername,g.appname,to_char((to_date('01/1900','MM/YYYY')+g.starttime-2),'DD/MM/YYYY hh24:mi:ss'),to_char((to_date('01/1900','MM/YYYY')+g.endtime-2),'DD/MM/YYYY hh24:mi:ss'),g.strdescription,s.susername
    from Appname_task_audit g,hsv_activity_users s
    where g.activityuserid in s.luserid (optional if you want to search excluding admin id then you can add this line to existing query at the end [and s.susername not like '%admin%'])
    As the audit logs are specific to applications you need to replace "appname" in the query with your application name for which you wanted to check audit.
    Ex: if your application name is abcd then your query should be something like this
    select g.servername,g.appname,to_char((to_date('01/1900','MM/YYYY')+g.starttime-2),'DD/MM/YYYY hh24:mi:ss'),to_char((to_date('01/1900','MM/YYYY')+g.endtime-2),'DD/MM/YYYY hh24:mi:ss'),g.strdescription,s.susername
    from abcd_task_audit g,hsv_activity_users s
    where g.activityuserid in s.luserid (optional if you want to search excluding admin id/any specific user  then you can add this line/change  existing query at the end [and s.susername not like '%admin%'])
    Hope this helps !!!!
    Thanks
    Amith

  • Erased free space in Disk Utility, and after it finished it kept a DMG there.

    I erased free space in Disk Utility, and after it finished it kept a DMG there called "DeveloperDiskImage.dmg", why is it left behind? can it be deleted? how? if erasing free space is supposed to help get memory and remove all the files truly, it shouldnt be creating anything, it created a DMG at the start, but it went away, after a hour and a half it made the DeveloperDiskImage, i went to eat dinner and when i came back it was done but that was left.

    Delete it. Erasing the free space isn't supposed to free up any space; it's there in case someone deleted a file insecurely when they meant to securely delete it.
    (65417)

  • Is there a utility to import security for Forms?

    I have used the importsecurity.exe utility to successfully import entity, account, and other dimension security. But it doesn't work for Form security. Is there another way or a way to trick the utility and use it for forms?
    Version 9.2.1 Windows environment. SQL server is the database
    Thanks
    Wags

    Thanks John.
    I have over 200 forms for one application with over 700 lines of security.
    As a test, I manually added a few rows of security directly into the HSP_access_control table and restarted the planning service and that worked. So it looks like I could load all the data directly via a SQL query to accomplish this. I merely need to match-up my object names and related object security from PROD to the object_id's and group ID's in Dev (which are slightly different due to dev and prod security being out of sync)
    Any thoughts on what could go wrong??
    Jeff

  • Disk Utility and repair permissions problem after upgrade 10.5.1

    *Problem with Disk Utility* - +repair permissions don't work anymore+
    After upgrading to OS X 10.5.1 tried to correct permissions with Disk utility. But I'm not able to repair permissions, because I get this message every time "fault: The underlying task reported a fault at concluding." and permissions repair stops. Has anyone else had this problem and does anyone have any idea how to get this working again?

    Will try installing OS X 10.5.1 again from the downkoad that you recommended. Won't be able to do this untill after the New Year but I'll let you know if this helped. I had another problem after he 10.5.1 upgrade and that was that the Security update 2007-009 also refused to install. Could this be related too the problems with Disk utility and the permissions problems.

  • HFM Security Class Java API

    Dear All,
    I'm trying to get HFM Security Class info using Java APIs. Recently I was able to connect to the Hyperion Shared Services using the hyperion css.jar java file. Is there a similar jar to access the Security classes and get users, groups and vice versa?
    Any examples would be great as well.

    Thanks for the reply. I was hoping this was not the case...
    In 9.2 I used these objects but I was hoping to move away from this and use provided API's.
    I'm using c# to talk to the object which I expose to java using web services so I guess that is what I'll be using!!!
    Cheers,

  • What is the basic difference between Hyperion Planning and HFM

    Hi GURU'S,
    what is the basic difference between Hyperion Planning and HFM and when do we choose them.

    On a high level the difference is this:
    1. HFM is best for global collection (collecting data from scattered entities), group consolidation and for easily structuring financial reporting (mainly consisting of financial data)
    2. Planning is best for modeling your business, starting from a demand forecast and arriving to capacity planning and finally to financial statements, by utilizing business drivers (non-financial data like volumes, prices, productivity rates etc)
    Of course, differences may be analyzed at several levels down to technical, but the discussion may turn out to be too long, yet adding little value to the question: "when do we choose the one over the other". Bear in mind that your requirements may turn out that you need both.

  • HFM Security Access

    I have a query on HFM security which I have got from the business.
    1)     Change Doris and Jeanie access to read/display only in HFM production. We should have access to display all data in HFM. – I was not sure which access should I give to get this requirement.
    2)     In Process Management, Please provide “Start”, “Signoff”, “Approve”, “Reject”, “Publish” in process management for Rob Sage, Debbie Indrieri and Doris Lai. Also, Please provide “Promote” and “Submit” Access to Elisa Ha and Jaime Akiyama. – Shall I give Review Supervisor for Rob Sage, Debbie and Doris for this access and not sure which one should I give for Elisa and Jaime.
    Kindly help me in this regards.

    I don't use process management so I will not attempt to answer that part of your question.
    In regards to the first part, you need to go into Shared Services and assign those users the Read permission for the required security classes. For instance, if all entities are tied to a class called ALLENTITIES, you could go into Shared Services, click on projects, click on the project that holds your application, and then click on the application you are managing. Then you would search for the users/groups in question and add them to the selected list, next you would select the classes you want to assign them access to (i.e. ALLENTITIES). On the next screen you will see a grid with users/groups and classes. Go to the cells and set the Access Rights to read. (Be sure to hit the SAVE button when done)
    Alternatively, you can do a security extract from the application, make the updates in the security file, and load that back to the system.

  • HFM security refresh

    - Changed the value of attribute ID (objectGUID to CN) in user directory MSADAM in shared services
    - Restarted services
    - executed updateNativeDir.bat and CssImport.bat importexport.properties
    80% of the users are able to access HFM.
    This is system 9.3.3 used mainly used for HFM.
    Has anyone run into this issue and know to resolve?

    Hi,
    nope, a log off and log on is required. If you fear that your users don't log out, you can log them out centrally through administration --> Users on System

  • Differences between app copy utility and LCM

    Hi all
    Our version of HFM now is 11.1.1.3.
    we need to update it from 11.1.1.3 to 11.1.2.1.
    First of all we update HFM in one Server ,and then we need to migrate it from one server to another .
    Now what i want to know is the difference between app copy utility and LCM .
    the following is i know :
    Financial Management data migration is not supported in Lifecycle Management,so why users use lcm,we just need use app copy utility can solve all the Migration problems !
    who can tell me that does "app copy utility" have any shortcomings ??
    thanks

    actually the copy utility used for all the hfm applications are moved to new server.
    for using lcm we can migrate the shared services users ,groups , icp, journal,etc
    for my preference go for LCM...
    Edited by: Kimi on Jan 31, 2012 6:17 PM

Maybe you are looking for

  • Error while importing an existing project into workspace

    hi, I am trying to import an existing project into workspace but getting an error 'vfamilychange' doest not have a .project file .But while checking into the folder structure of project vfamilychange' shows the .project file is already there. Please

  • Authorizations required in ECC to test a service from CE

    I am getting <faultstring xml:lang="e">Authority check failed</faultstring> when i test my service from service register. The RFC function module is tested and exposed as service correctly, we are in ECC 50 (NW 2004s). Please let me know what authori

  • Single .rar file for multiple data sources

    Can we configure multiple data sources into single .rar file? . Currently, we are creating a seperate .rar file to configure each datasource by 'only' modifing ra.xml file. This is proving to be a tedius operation in some cases when the application i

  • Why does my phone take red pics in low light

    When I use my flash in low light it looks red why is tht so

  • Flash Projectors-distribute on CD

    Hello. I am hoping someone can answer a question for me regarding Flash Projectors. We are trying to build something for CD use and are running into a problem when trying to view them on Mac OS X machines. It seems that unless the user as admin right