Users having access can't promote planning units during First pass state
Hi,
There is something I do not understand using the workflow in Hyperion Planning 11.1.2 : on first pass state, users having access can not promote a planning unit.
Only the owner can promote... to himself !
I'm lost !
Please help.
Thanks.
Virgile.
Edited by: 808808 on 7 déc. 2010 06:19
Edited by: 808808 on 7 déc. 2010 06:22
Hi,
I tried first with a Planner user, and then with a Interactive user, and there is no difference.
When I try to change the status, I have an error message that tells me that I can't change status of the planning unit.
Similar Messages
-
Query to find the list of users having access to a particular scenario
Hi,
I am learning Hyperion Planning 9.2 x version. I wanted to know the query to find the list of users having access to Plan Iteration - 1 scenarion.
As I am new to Hyperion Essbase and Hyperion Planning, I am assuming these ideas work out to get the desired result.
1) As Hyperion Planning uses Relational DB to store the User Security information, we can query the list of users who is having access to Plan Iteration - 1 Scenario.
I am not sure if this solution works. Please correct me If I am wrong.
2) We can also query from the essbase editor to find out who all having access to this scenario.
If the above is correct, can you please provide me the query.
I am really need of this and I will be happy if any one provide the solution.
Thanks & Regards,
Upendra. BesthaHi,
If you are looking for some SQL to retrieve the access rights by member then you can use something like (SQL Server code though can easily be modified for Oracle)
SELECT usr.object_name as Username,mem.object_name as Member,
'Access Rights' = CASE acc.access_mode
WHEN -1 THEN 'None'
WHEN 1 THEN 'Read'
WHEN 2 THEN 'Write'
WHEN 3 THEN 'Write'
ELSE 'Unknown' END,
'Relation' = CASE acc.flags
WHEN 0 THEN 'Member'
WHEN 5 THEN 'Children'
WHEN 6 THEN 'Children (inclusive)'
WHEN 8 THEN 'Descendants'
WHEN 9 THEN 'Descendants (inclusive)'
ELSE 'Unknown' END
FROM
hsp_access_control acc, hsp_object mem, hsp_object usr
WHERE acc.object_id = mem.object_id
AND acc.user_id = usr.object_id
AND mem.object_name = 'Plan Iteration - 1'
Cheers
John
http://john-goodwin.blogspot.com/ -
Running Rules on "Locked"/Promoted Planning Units
Hi All,
I'm using Hyperion Planning and Smart View Version 11.1.2.2.
Does anyone know if it is possible to prevent users from being able to run rules on data that is supposedly "locked out" by virtue of a Planning Unit? I was under the impression that Planning Units were supposed to control who could change the data rather than simply who could type numbers into forms, maybe I had this wrong? It seems a bit of a transparent piece of functionality if users can still change numbers after they've passed ownership to someone else.
A working Example:
A user can promote their data, but is still able to go back to a form where that data sits and run Rules on-Save, through Right-click menus or through Smart View.
I'm worried about someone accidentally interfering with data whilst another user is analysing it etc.
Am I missing something here?
Regards
EdHi, Ed.
You're right, Planning has so many parts to be developed. PU promotion doesn't prevent users from running BR's
If you're really worry about it you can think up a workaround.
You have to create a new form having design simular to a PU hierarchy. User have to enter data (suppose 1) in intersection of Scenario, Version, Entity and Account (if used in PUH) All others dims member should be Begbalance, Product n/a etc.
All BR's you need to prevent from executing while PU is approved, freezed or just owned by the reviewer or in other cases you think about should include extra code before original calculation takes place. You simply check the value of 1 in all calculated PUs in current BR and throw an error if meet it (@RETURN with some justified text message)
So when one user (lets say first owner) has finished entering data he goes to the form discussed above and enters 1 for related PU. You can build a task list having such steps After that no one can execute BR successfuly
Try this maybe it helps you
Vladimir -
Users having access to various languages in RH7
Hello,
I'm at the beginning of this project using RH7. We used RH5
until now.
Historically, we had 2 separate online helps, One in English,
One in French. Going from one to the other would bring the user at
the top level of the Table of Contents for each language.
Several people are bilingual in Canada, and several people
enjoy having access to both language helps at the click of a
button, without the clutter of having both display at the same
time.
I originally thought the conditional build tags would be able
to provide me with that capability, but that function only enables
to have ONE source file to generate several end-user Online helps.
Is there a possibility to switch or toggle between languages,
while remaining in the same topic, and having the TOC toggle to the
other language at the same time?
English TOC French TOC
White Blanc
Blue Bleu
Red Rouge
(simple illustration above of what I need.)
I'd need a button while browsing the RED topic that takes me
to the ROUGE topic (corresponding French Topic) and to the French
TOC. (and back, obviously)
A solution that would accomplish this will enable me to plan
my project adequately.
Thank you
ChipCorbeil
Ottawa, CanadaWelcome to our community, Chip
It would be a bit of work, but could be done. You might first
review fellow Adobe Community Expert Peter Grainge's site about
calling WebHelp. I'll insert a link below.
Click
here to see the article
As you said, you would need to discrete WebHelp outputs. One
in English and one in French. Then you would use the technique
Peter talks about to create links to the matching topics in the
other language. You would probably have to use the Parent or Top
attribute for the links to cause the linked WebHelp to replace the
frameset you are in when you click.
Cheers... Rick -
Risk of Users having Access to RSBDCOS0
Hi all. I'm carrying out a security review. I know that it allows users to input UNIX commands but was wondering what the risk was associated with this and what damage could be done?
ThanksThe report can be run from anywhere but makes the same checks as SM69 etc.
You need to concentrate on the application authorizations of the users (all of them). Particularly S_RZL_ADM (very blunt) and S_LOG_COM (which provides some degree of granularity).
A developer can also use DATASET commands and CALL 'SYSTEM' to achieve the same, so add all aspects of S_DEVELOP to the list as well.
If you set your gateway control files to "local" or "internal" only then the risk is transfered to the application layer (hence, the 3 above mentioned auth objects).
That leaves only Z* and Y* and /* programs as the "blackbox". It makes sense to check them as well....
Cheers,
Julius -
Can Auto-Promote be engaged during initial Meeting Setup?
We have usually gone about setting up our meeting as to where the Host can set the option to Auto-Promote Participants as they come in once the Meeting has been started. What we were curious of was wehter or not this setting could be set and remain so that anyone accessing the link would be Auto-Promoted without the Host being present. This way we could send the link to the requesting parties and they could send out to whoever they needed to in order for them to interact on their own free time without IT involvement. Any response would be a great help. Thanks!
The auto-promote will remain engaged until a Meeting Host disables it.
So long as you have Concurrent User licensing, the individual should be able to join the room and be promoted up to Presenter.
I have my test room set up with the auto promote on http://realeyesconnect.adobeconnect.com/openroom/. You should be able to join, and will see that you have Presenter Level rights. -
User Interface Access Customisation for non admin users
Hi,
It is understood that for non-admin users, some features of the Planning Interface is not enabled and this can be controlled by proper access permissions. But, is it possible to extend the customization to provide some additional features in the menu bar for an user?
For example, if View User wants to manage task lists. Is it possible by some sort of customization? Please advise.
Thanks.Hi,
You can create right click menus, and you can also create links on the tools page. Would any of these help you?
Here is the doc on those subjects:
Creating and Updating MenusAdministrators can create right-click menus and associate them with data forms, enabling users to click rows or columns in data forms and select menu items to:
Launch another application, URL, or business rule, with or without runtime prompts
Move to another data form
Move to Manage Approvals with a predefined scenario and version
The context of the right-click is relayed to the next action: the POV and the Page, the member the user clicked on, the members to the left (for rows), or above (for columns).
When designing data forms, use Other Options to select menus available for Data Form menu item types. As you update applications, update the appropriate menus. For example, if you delete a business rule referenced by a menu, remove it from the menu.
To create, edit, or delete menus:
Select Administration, then Manage, then Menus.
Perform one action:
To create a menu, click Create, enter the menu's name, and click OK.
To change a menu, select it and click Edit.
To delete menus, select them, click Delete, and click OK.>
Specifying Custom ToolsAdministrators can specify custom tools, or links, for users on the Tools page. Users having access to links can click links from the Tools menu to open pages in secondary browser windows.
To specify custom tools:
Select Administration, then Application, then Settings.
For Show, select Advanced Settings.
Click Go.
Select Custom Tools.
For each link:
For Name, enter the displayed link name.
For URL, enter a fully qualified URL, including the http:// prefix
For User Type, select which users can access the link.
Click Save. -
How to find which user has access to Discoverer Reports?
I need to find users having access to Discovered reports using a script. How can I do that?
Hi,
You need to give more details...
Are you using oracle applications? are the users database users?
If you use oracle application you can use the following:
SELECT DISTINCT Disco_Docs.Doc_Name "Discoverer Workbook"
,Trunc(Disco_Docs.Doc_Created_Date) "Workbook Create Date"
,CASE
WHEN Instr(Disco_Docs.Doc_Created_By
,'#') = 0 THEN
Disco_Docs.Doc_Created_By
WHEN Instr(Disco_Docs.Doc_Created_By
,'#') > 0
AND Instr(Disco_Docs.Doc_Created_By
,2) = 0 THEN
(SELECT Fu.User_Name
FROM Fnd_User Fu
WHERE Fu.User_Id = Substr(Disco_Docs.Doc_Created_By
,2
,5))
ELSE
NULL
END "Workbook Owner/Creator"
,Disco_Users.Eu_Username
,CASE
WHEN Instr(Disco_Users.Eu_Username
,'#') = 0 THEN
Disco_Users.Eu_Username
WHEN Instr(Disco_Users.Eu_Username
,'#') > 0
AND Instr(Disco_Users.Eu_Username
,2) = 0 THEN
(SELECT Fu.User_Name
FROM Fnd_User Fu
WHERE Fu.User_Id = Substr(Disco_Users.Eu_Username
,2
,5))
ELSE
(SELECT Resp.Responsibility_Name
FROM Fnd_Responsibility_Tl Resp
WHERE Resp.Responsibility_Id =
Substr(Disco_Users.Eu_Username
,2
,5))
END AS "Shared Name / Responsibility"
FROM Eul_Us.Eul5_Documents Disco_Docs
,Eul_Us.Eul5_Access_Privs Disco_Shares
,Eul_Us.Eul5_Eul_Users Disco_Users
WHERE Disco_Docs.Doc_Id = Disco_Shares.Gd_Doc_Id(+) AND
Disco_Users.Eu_Username(+) NOT IN ('EUL5', 'PUBLIC') AND
Disco_Users.Eu_Id(+) = Disco_Shares.Ap_Eu_Id
Tamir -
How to get list of users with access of MM01 (create & change)
Hi all,
i have to take out list of user having access for MM01 (create material), when i use SUIM to get the list it shows all the list of users including the users with DISPLAY & CHANGE, but i want only those users who had the access of CREATE & CHANGE.
please help out me, its very urgent.
Thanks & Regards
Syed..Hi Syed,
You can try to get it from S_BCE_68001398. Key in the required transaction code.
Thanks and Regards
Points reward is much appreciated -
User In Planning unit Hierarchy unable to see data form in editable mode
hi all,
we are facing a problem in planning unit hierarchy in Hyperion planning, where we have 4 users, Hierarchy is define as
hierarchy: budget approved
version: approved
Entity: Finance
Senario:Budget
haroon asghar ( owner)
adeel javid (Reviewer)
Naeem asghar (Reviewer)
Imtiaz (Reviewer)
Issue is that,after start the budget activity (promotional path) by Admin, the data form editable to Owner haroon asghar
but after completing his work by haroon,when he promote the planning unit ,the next user in Hierarchy "Adeel javid" unable to see data form in respective planning unit in uneditable data form not only for this user but all rest of the users as well,while i think data form should only uneditable(grayed) for user Haroon Asghar who promote the planning unit.
we have checked all security rights to the users those are "Write access" but still Adeel javid is unable to enter data,so the budget activity is stop due to this problem.
when i remove the planning unit then i log in with all user one by one and see all data form required version,scenario and entity were editable to all users mention above
we want to run budget activity with the above planning unit hierarchy.
plz any one provide the proposed solution of the said issue
we are using Product Version 11.1.2.0.00
Regards
AnwarReviewers will not be able to write data to the intersection. Reviewers can only review the data and follow-up with a Reject, Promote, Sign off, Delegate, Originate or Freeze.
Please refer Article ID 1226783.1 in MOS.
HTH-
Jasmine. -
Approvals Process: Cannot promote a Planning Unit
Hi, Am new to the Approvals process in Planning 11.1.2.2
Have set up a Planning unit and assigned owner and reviewers to entities. Approvals template is set to "Bottom Up". Have also assigned a version and scenario to the Planning Unit H. When the Planning Unit is Started , the current owner changes to the user assigned as the owner and all is good. However when the owner attemptes to promote the planning unit to the next reviewer the promotion action fails with the message "Change status cannot change ownership to the new owner due to insufficient access". For my testing, have assigned the owner and all reviewers "Approvals Administrator" access to the planning application.
Any ideas as to what access the error message is talking about ?
Thanks !Dear,
-Please check with the Provision that you have given to the USER,
-Use file based export and checke wheater you missed any user to mention that hierarchy.
-IN the approval hierarchy check every node weather you have given the user there or not, chances are that even if you miss one member you will get
this error.
-We faced the same issue and we got resolved it by checking the Provision of the User and following the above steps
Thanks
Bejagam Naveen -
User having all authentication but unable to login in planning why ?
user having all authentication but unable to login why in planning ?
You might need to give some more details.
For example, what kind of provisioning in shared services, under what groups if any, what kind of dimension level access in planning etc? -
How can I restrict more then one user to access the table?
Hi !
I have a problem and two solutions and I am a bit confused as to
which one is the best one and/or can there be any better way of
handling the problem ?
Problem : I have to update a key field of a table when I update
it in the form 5.0 screen. I am basically doing a maintenance of
a table and if a certain field is updated then the change has to
be reflected in two more tables. But the issue is that the field
is a part of the key in those two tables. So all I can think of
is that I need to insert new set or rows for that new value of
the field and delete the old set of records for old values of
the field.
There are two ways of doing it;
1.One option can be to explicitely define two cursors separately
and fetch the values in them one by one and then insert the new
records and then delete the old records in both the tables. This
I feel will be a cumbersome process both in terms of processing
time and the coding.
2.Second option I was thinking can be to create two flat tables
(without keys) and insert the values in them and update the
changed field there and then insert the rows in the respective
tables. Delete the old records in the main tables and delets the
records in these flat tables. This is a bit more faster and
easier to predict and code. This seems to be a better option for
me.
Any comments on these ?
In both the cases I was thinking of making some provision so
that more then one person can't update the table simultaneously.
Since if there are more then one persons doing the processing
then some inconsistency might creep into the whole process.
This is easier to do in the second process as if I check the
data in the flat tables and if there is some data then I can
presume that some one is doing the processing and I can ask the
other person to hold for a while. But in this case how can I
stop more then two people to simultaneously check for the empty
table and start inserting the record ?
I was just thinking of having a sepatare table having only one
field and this will be a key field and as the process begins the
process will insert a fix value say 'Y' in the key field and at
the end of the process the record will be deleted and this way
we can restrict the user to access the process more then one at
a time..? Since you can't have same value of the key in a table
more then once.
Any better way of handling it will be deeply appreciated.
How about locking the table at the begining and releasing the
lock at the end ? Will there be any issue in that? since I am
inserting and deleting the rows in the same transaction.
Comments welcome,
Shobhit
nullHow about performing the update IN the database using a stored
procedure?
By using non-database fields on your form to get the
information, you can then call the procedure in the database to
perform the updates. If an error occurs in the procedure you
rollback, if necessary, and send a message or status back to the
form. If it succeeds you might wish to commit and then re-
execute the form's query -- using either the original key values
or the new key values...
null -
I am in the final stages of a cross-forest migration. Users have Windows 7 workstations with redirected folders on a Windows Server 2012 box running in the old forest. User accounts were not migrated. The accounts in use have always
been in the "new" forest. One of our challenges was the large volume of data in redirected folders. I made sure users in the target forest had continued to have access to their redirected folders in the old forest and robocopied
the entire users share, copying the permissions with the files. By doing incremental robocopies, we can get a final copy done now in about six hours. The plan was simple: copy the files, do an incremental copy every night, on the night of the cutover
change the folder redirection policy Documents path from
\\oldserver\users\%USERNAME% to
\\newserver\users\%USERNAME%. The policy is configured to NOT copy user files from the existing folder to the new redirected folder. Everything was going well until I tested the policy change. After the folder redirection policy is updated
and applied, the user cannot access the private Documents folder. For example, user Chester Tester logs on as ctester. I open Windows Explorer and click the Documents shortcut. I see one subfolder, which is subfolder of Public Documents.
So I can look at Public Documents but when I click on the Documents folder (Under the Documents library link) I get an access denied error. Now for the kicker, if I open another Windows Explorer window and edit the address bar to
\\newserver\users\ctester, I can navigate the Documents folder tree and see my thousands of documents. What the ....?
I'm hoping this is something really simple to fix!
TIAHI Vivian,
Thank you for your reply. Yes, the path in Group Policy Folder Redirection Root Path was updated to
\\NEWSERVER\users. I had planned to point this to the distributed file system, so the first used was actually
\\domain\dfs\users. To simplify things I have backed off to copying to just a normal share
\\newserver\users.
We are using BASIC folder redirection and we create a folder for each user under the root path.
We did not want the policy to move content, as we were seeing users requiring 15-20 minute logon times (or higher) after the policy is changed.
Grant the User exclusive right to Documents - Disabled
Move the contents of Documents to the new location - Disabled
Related folder settings
Video - Follow Documents
Music - Follow Documents
Pictures - Follow Documents
Now when I change the folder redirection from old server to new server I now have TWO My Documents folders in the user's redirection folder on the server. The redirected Documents points to an empty folder set. The copied folders with all user
data are there, but folder redirection refuses to recognize the original folder.
I am looking at the full view of the folder, nothing hidden, so I'm wondering how a folder can have two subfolders with the exact same name. For now, I just want the redirection to move from the old server to the new server properly. I deleted
the new My Documents folder, rebooted the user's workstation and tried again. The behavior repeats itself, i.e., a new My Documents folder is always created when the redirection policy is changed from the old server to the new server. The environment
has about 1500 users with approximately 1.3TB of data in the redirected Documents folders. OUCH! -
User in hr can able to create records in PA30.But will give read only access for all infotypes
Hi Team,
I have created one test role in HR. It will give Read access to all info types.
But user can able to create Info type records in PA30. Please find the P_ORGIN values below.
Authorization level R
Infotype *
Personnel Area US
Employee Group 1
Employee Subgroup U*
Subtype *
Organizational Key *
OOAC values.
AUTSW ADAYS 15
AUTSW APPRO 0
AUTSW DFCON 4
AUTSW INCON 0
AUTSW NNCON 0
AUTSW NNNNN 0
AUTSW ORGIN 1
AUTSW ORGPD 4
AUTSW ORGXX 0
AUTSW PERNR 1
AUTSW XXCON 0
Note : user does not have access to any structural profile.
I suspect is this bcz, if any user has proper 0105 and 0001 in HR master data can able to create records.Bcz user will be assigned to default sap structural profile "ALL" in OOSB ?
I can see user was not assigned to "ALL" profile in OOSB or in T77UA. and user cant able to write or change infotype data in pa30.
Please suggest how the user can able to create inftotype records in PA30.(Info :0002 for example)
Appreciate Quick response.
Regards,
Venu.Sorry did not get the below comment.
"The maintain flag in the structural profile does not relate to any maintenance authorization in PA. It only affects the OM objects authorized by the structural profile. For example the user may be able to delimit a position. It will never grant any write authorization for any PA infotype "
Do you mean , suppose if we give Org unit and evaluation path like attached screen ,user will get access to only the ORG UNIT as its object type (can able to perform activities as mentioned in the role PLOG ) but cant perform any activity like address infotype change on the person (P) (as mentioned in P_ORGIN) who comes under the org unit mentioned in Structural profile ?
My understanding is that i believe user total auth is an intersection of general +structural authorization.lets take HR admin wanted to change 0002 data for some imps in org.We need to give access to that particular org to which the emps belongs to (through structural auth) and SHOULD CHECK the maintenance box in strucural auth and will access change access via role.
And user cant able to edit his own data.
Please find the Screens as requested. Please let me know if my understanding is correct or not ?
Regards,
venu.
Maybe you are looking for
-
Web gallery images not showing in Firefox
I have just created a web gallery in Adobe Bridge CS4. I had it working perfectly in all browsers and now all of a sudden the images are not showing up in Firefox. Anyone else have this problem?
-
Where can I get my audio driver?
The model number is 610-1068cn,made in China,and the pre-installed system is win7 64-bit , I've changed it to 32-bit. Where can I find the audio driver ? The type of the sound card is IDT 92HD89D3 , anyone who knows ,please mail to me, thank yo
-
I have a 4th gen ipod toch. As of the past two weeks I have been unable to receive my hotmail on the ipod. I get a "unable to connect to the server" message and all older emails are now gone.
-
Can't install Outlook conector
Hi I get this error when trying to install the Outlook conector. (win XP with Outlook 2003) 2:00:39 [5179] Trying to login to shared session. 22:00:39 ERROR: [5501] Unable to find MAPI directory. 22:00:39 No directory "C:\Program files\common files\S
-
6100 connectivity problems using Nokia CA-42 cable...
I have PC Suite 6-85-14-1 - the latest as at 11Feb'08, a new Nokia USB CA-42 cable, as listed for the 6100. The PC is recognizing the cable, but there is no recognition of the phone, within PC Suite. I am attempting to download all the contact inform