Security class

Our tree structure, Coroorate is the highest level and has the same security class name. It has 30 child entities and each has a safety class. In our team of consolidation of enterprise accouting, brahim team member need access to all entities to consolidate. Is there an easier way to assign the class of security that the assignment of the entire class of security, including businesses and children?

in other words, is there a safety class that the member assigned to can see all entities?

Thank you very much.

Here's what I do...

For entities, each entity has its own individual security settings class and a group of correspondent. This is done to ensure that I have control of security level very low. (that is, I want to ensure that people only get access to specific entities they need)

There are a few cases where entities have the same class, and it's usually because it's really the same company, but they have different lines of business or the places that have been created as.

Allows you to use the following as an example of hierarchy of entities

CharlesCorp, SecurityClass=CharlesCorp
     NorthAmerica, SecurityClass=NorthAmerica
          EngineCompanies, SecurityClass=EngineCompany
                 Inline4, SecurityClass=Inline4
                 VEngines, SecurityClass=VEngines
                       8Cylinder, SecurityClass=VEngines
                       6Cylinder, SecurityClass=VEngines

Now, the first thing I do is I create a group for each class and assign access to class/group so that each group has access "All". (assuming that we want here to read/write,...)

The next thing I do is I work from the deepest point in the hierarchy, and I do the parent group directly above him a member of the lower group. In other words, just as you can add people to groups, you can add other groups.

Using the example above, the EngineCompany group would be an associate of Inline4 and VEngines.
The Group North America would be associated with EngineCompany
The Group CharlesCorp would be partner in North America

Now if I have a user who needs to access Inline4, I add him to the Group Inline4.
If I have a group leader who needs access to all of the engines, I have him add to the EngineCompany group. Given that this group is also related to all groups directly below, the user linked to EngineCompany also has access to these entities as well.
If I have someone at the top level of society, I just add it to CharlesCorp.

This also gives the now super easy maintenance. If I add a new entity, all I have to do is ensure that the group directly above has access to the entity. I have to make changes to the user number unless they are directly linked to the new group.

Published by: beyerch2 on January 24, 2012 14:53

Tags: Business Intelligence

Similar Questions

  • Is there a way to change the security class for all forms/data grids?

    Working on a 11.1.2.3 HFM application with more than 100 + data forms/grids and I need to change all of the class of security forms/grids to [Default].
    Is there an effective way to do this? At the moment I have only 2 ways...

    1 extract all documents and open each form with a text editor to change the class of security, re - download to the workspace

    2. manually change settings of security class in the workspace

    Any ideas?
    Thank you very much

    Aaron

    Hello

    I think that the best approach I've seen so far is to retrieve all documents via LCM (SSP), edit Web Forms with a text editor which can edit multiple files in the same file (Notepad ++) and then reload via LCM webforms.

    More information about LCM: http://docs.oracle.com/cd/E40248_01/epm.1112/epm_lcm_user.pdf

    Kind regards

    Thanos

  • Custom dimension security class

    There are in our Custom 1, business lines in place. I want to restrict users to specific sectors of activity in Custom 1. I added safety class C1 members and the security file that I have loaded in the system. in the SSP, I assigned asscess control the user with security for the country and the C1 class it needs to access. However, the class of the country's security has worked he can only access these country data. But the C1 security class does not not because he can still see the business sector that I attributed to him.

    What could be the problem? Thanks for the help.

    Since the HFM customer, you must check the box in your settings app for UseSecurityForCustom1 metadata.

    Kind regards
    Jason

  • Hi, is it possible to change the security class for folders that contain data forms?

    Hello

    We would like to change the class of security for a folder that contains the data forms in our application.

    This should be done on two occasions during our monthly closing.

    When I create a new folder I can assign the class of security to the folder. But how it works for an existing folder?

    Thank you very much

    Björn

    HFM 11.1.2.1

    Hello

    To answer your question, there is no way to change the safety classes existing folder with the existing versions of HFM. We have already asked DEV as an improvement. The only solution is to remove the existing form folder and then re-create.

    Kind regards

    Madhu.

  • Class form-Web security

    Hi all

    US version 11.1.2.3 + HFM.

    I wonder how to change the security class for the Web forms and also in the folder that contains the web forms.

    -File A (Web Forms)

    -Web form 1

    -Web form 2

    Thanks in advance...

    Hello

    To change the security for the web form, try to save money, then use the same name for your shape and just change the class of security.

    For the records, I think you need to create a new.

    Dany

  • You cannot change the security log class

    If a journal has been posted on entity and calculations/consolidations run on this entity, it is not possible to change the security of this journal class (after unposting of course).

    Is this a bug or a feature? ;-)

    UPDATE. Contacted support, showed the problem, conclusion by Oracle - not a bug, the expected features

    11.1.2.2 reviews open in a separate tab. The problem occurs when user unposts the journal button unpost in this tab and then try to change the security class. All in the same tab without closing. Apparently, the only way to make it work is unpost the journal directly on the tab manage reviews, and then only open a separate tab with the newspaper which has already the Unposted status. Otherwise, open the log unpost tab, close tab, open it again, change the class of security

    I said in support of Oracle who struck me really helped understand the problem, but still it is a bit silly and could be improved in the future. Wonder if they would take it into consideration...

    Thank you all,

    Igor

  • Class HFM V11.1.1.3 security issue

    We are implementing V11.1.1.3 HFM and noticed that security is now managed via shared Services module.

    We found it easy to understand how assign "roles" to IDs (like journals charge, to consolidate all the data/w, etc.), but it is not as clear how to assign a security of classes using the same module (if this is even how it's done, maybe there another module of classes). We found no specific mention about how it's done in the documentation.
    In the meantime, we are able to modify a security class ID by extracting security, modify the text and load back, but we believe there must be an easier way.

    Any help would be appreciated.

    Thank you
    Tony

    You can create classes and assign access to classes within shared services. Expand the group that contains your HFM application and right-click on the application to assign access. The first screen displays any user or group that has at least an application role. The second form allows you to create classes, one by one and select classes for which you want to assign access. After that, you will see a table where rows and columns can be rotated. The table allows you to see access to a class and if you want to change it. The screen finally allows you to generate a security report.

    -Chris

  • Security roles for the journals in HFM

    Hi all

    For purposes of verification, we are given an obligation to create two different roles for administrators of the Journal.

    Group 1 can create reviews and submit

    Group 2 may approve journals and post it.

    Can someone let me know the right roles that I should be assigned? I followed the guide of security of Shared Services, but somehow, it does not work. When I delete the Application Administrator role. I can't display the data in any newspaper.

    BTW, the version we use is 11.1.2.2

    Thank you!

    Hi StefRon,

    The ability to view data is defined by the class of access security.

    Have you looked at if you provided the right security class access?

    Kind regards

    S

  • Urgent! Security problem.

    Hi all

    I have a requirement like need to give to "READ" access for the particular user that at the request of HFM, already this user plays many roles with different groups, so I created a group and provided 'DEFAULT' hfm role 'DEFAULT' security role and also a read access to the user, but the user was not able to display the data launch "FORBIDDEN ACCESS" to all cells.

    If I give only the security class by DEFAULT - what will be the effect will it made a difference.

    If I give any class of security I can give access only to specific dimensions, but the user must recover the data for any pov. The user has to work as a viewer for hfm any application as an end user. What I have to give no matter what class of safety other than default.

    I also tested with a test user, I can access the data in the dev environment with the user test, but when I go and access test data and pro "ACCESS FORBIDDEN" circles why this difference.

    Y at - it an order for the supply of the user.

    Or will the hierarchy properties makes a difference

    What can be the possible reasons for 'ACCESS FORBIDDEN'.

    Anyone can share your experience, I need to solve the problem.

    Thanks in advance.

    Maybe you will need to follow the post: How do I display the HFM application data

    Kind regards

    Thanos

  • Security HFM

    Hello

    Can we add LDAP user to create and give access rights using the .sec (no services shared) file?

    Thank you
    Fri

    Hello

    Yes, first make sure that you have a configured LDAP, and then to make sure users are connected to this

    Then, you can move to give these users security/access on request of HFM.
    HFM application security is handled through shared services, but it is also stored in. SEC file in the application.

    There is a specific format. File SEC which includes:
    ! FILE_FORMAT
    ! Version

    ! USERS_AND_GROUPS
    => In this part of the users and groups who have access to this HFM application are

    ! SECURITY_CLASSES
    => In this part of security classes are those that are present in HFM tagged metadata to members

    ! ROLE_ACCESS
    -Online this part presents the roles given to users and groups, for HFM, these roles can be create log, database locking, examiner 1, etc.

    ! SECURITY_CLASS_ACCESS
    This part lists the access of each user and group for classes of whatever security they had access.

    After extraction of the existing. You can manually modify the SEC.
    You can give access to the existing LDAP user assistance. File SEC by making entries in the corresponding sections mentioned.
    And then you can load it. SEC file again to the application.

    This charge does not add new users/groups, classes of security, roles, access of safety class and does not remove existing ones.

    See you soon!

    J

  • HFM 11.1.2.3.00 view Journal issue for the non-administrateurs

    I have a native user of test that has the selected roles...

    • Approve journals
    • Read journals

    When I connect with this user and access management magazines, newspapers do not appear.

    The only way I can get the newspapers to appear is if I'm the administrator user.

    In previous versions, this type of role setting worked.

    What was also required to work in this version?

    Hello

    I think there is a problem with the security classes.

    In the user guide by: to edit a log, you must have all access to the class of security for the newspaper. To publish a newspaper, you must have all access for classes of security of all dimensions in the detail rows that use the security classes.

    Kind regards

    Thanos

  • How to load HFM data into Essbase

    Hello

    How can bring us the HFM data into Essbase cube with using EAL, since we have performance using EAL - DSS as a source with OBIEE reporting problems.

    The expanded use of analytical, I heard we can only only level 0 of HFM Essbase data and need to write the currency conversion and the calculations of eliminating PKI in Essbase to roll the Member parent. Is this true?

    Also how we can convert security HFM to Essbase security.

    Please suggest me on this.

    Thank you
    Vishal

    Security will be a bit tricky as Essbase uses generally filters and HFM security classes. You can potentially use shared groups in Shared Services, but licensing issues soar depending on supply. Your best bet is maybe to look at export artifact LCM to handle.

  • RPM login page not accessible

    Hi all

    I installed Oracle Retail price Management & I try to access it from the browser, a window pops up saying: could not launch the application.

    I write the message in its entirety for reference.

    Need help Kindfull someone answer please with your precious suggetions.
    Waiting for response.



    ERROR: could not load the resource: http://localhost.localdomain:7009/rpm-client/client/rpmconfig.jnlp

    launch files:
    < codebase = spec jnlp "http://192.168.1.17:7009 / tr/min-customer / ' = '1.0 +' >
    < information >
    < title > RPM13 < /title >
    < vendor name > Oracle Corporation < / seller >
    < homepage > http://www.oracle.com < /homepage >
    < description > the retail price management < / description >
    < icon kind = "splash" href="images/retail_logo.jpg"/ >
    < href="images/retail_logo-square.jpg"/ icon >
    < / information >
    < resources >
    < property name = "USE_JAAS" value = "false" / >
    < j2se version 1.7 = "*" href = "http://java.sun.com/products/autodl/j2se" initial-heap-size = "256M" max-heap-size = "512M" / >
    < extension name = href = "rpmconfig.jnlp" / "rpmconfig" >
    < jar href="lib/castor-1.3.1.jar"/ >
    < jar href="lib/castor-1.3.1-core.jar"/ >
    < jar href="lib/castor-1.3.1-xml.jar"/ >
    < jar href="lib/commons-beanutils-1.8.3.jar"/ >
    < jar href="lib/commons-beanutils-bean-collections-1.8.3.jar"/ >
    < jar href="lib/commons-beanutils-core-1.8.3.jar"/ >
    < jar href="lib/commons-collections-3.2.1.jar"/ >
    < jar href="lib/commons-lang-2.5.jar"/ >
    < jar href="lib/commons-logging-1.1.1.jar"/ >
    < jar href="lib/ejb.jar"/ >
    < jar href="lib/foxtrot.jar"/ >
    < jar href="lib/fsm.jar"/ >
    < jar href="lib/log4j-1.2.16.jar"/ >
    < jar href="lib/rpm13-api.jar"/ >
    < jar href = ' lib/rpm13 - ui.jar ' hand = "true" / >
    < jar href="lib/rpm13.jar"/ >
    < jar href="lib/rpm_client_properties.jar"/ >
    < jar href="lib/rpm_server_properties.jar"/ >
    < jar href="lib/platform-api.jar"/ >
    < jar href="lib/platform-client.jar"/ >
    < jar href="lib/platform-common.jar"/ >
    < jar href="lib/platform-conf.jar"/ >
    < jar href="lib/platform-server.jar"/ >
    < jar href="lib/platform-resources.jar"/ >
    < jar href="lib/rib-public-api.jar"/ >
    < jar href="lib/rib-private-common.jar"/ >
    < jar href="lib/rsm13-external-api.jar"/ >
    < jar href="lib/rsm13-api.jar"/ >
    < jar href="lib/rsm13-client.jar"/ >
    < jar href="lib/rsm13-client-resource.jar"/ >
    < jar href="lib/ons.jar"/ >
    < jar href="lib/opmnconfig.jar"/ >
    < jar href="lib/optic.jar"/ >
    < jar href="lib/wlfullclient.jar"/ >
    < jar href="lib/xercesImpl.jar"/ >
    < jar href="lib/xml-apis.jar"/ >
    < jar href="lib/repositorycheck.jar"/ >
    < jar href="lib/pvxTable.jar"/ >
    < jar href="lib/argus.jar"/ >
    < property name = "client_master.properties" value="/retek/client_master.properties"/ > "
    < property name = "java.naming.provider.url" value="t3://192.168.1.17:7009"/ > "
    < property name = "NAMING_URL" value="t3://192.168.1.17:7009"/ >
    < property name = "java.naming.factory.initial" value="weblogic.jndi.WLInitialContextFactory"/ > "
    < property name = "NAMING_FACTORY" value="weblogic.jndi.WLInitialContextFactory"/ >
    < / resource >
    < security >
    < all-permissions / >
    < / security >
    < class main application-desc = "com.retek.rpm.gui.security.RpmUIClient" >
    1349423056243.8952780441742342600.4b725454f31baab643ee2e377fc98b2b3b38fff2 < argument > < / argument >
    RMS < argument > < / argument >
    < / application-desc >
    < / jnlp >

    exception:
    com.sun.deploy.net.FailedDownloadException: could not load the resource: http://192.168.1.17:7009/rpm-client/client/rpmconfig.jnlp
    at com.sun.deploy.net.DownloadEngine.actionDownload (unknown Source)
    at com.sun.deploy.net.DownloadEngine._downloadCacheEntry (unknown Source)
    at com.sun.deploy.cache.ResourceProviderImpl.getResourceCacheEntry (unknown Source)
    at com.sun.deploy.cache.ResourceProviderImpl.getJreResource (unknown Source)
    at com.sun.javaws.LaunchDownload._downloadExtensionsHelper (unknown Source)
    at com.sun.javaws.LaunchDownload.downloadExtensionsHelper (unknown Source)
    at com.sun.javaws.LaunchDownload.downloadExtensions (unknown Source)
    at com.sun.javaws.Launcher.prepareLaunchFile (unknown Source)
    at com.sun.javaws.Launcher.prepareAllResources (unknown Source)
    at com.sun.javaws.Launcher.prepareToLaunch (unknown Source)
    at com.sun.javaws.Launcher.prepareToLaunch (unknown Source)
    at com.sun.javaws.Launcher.launch (unknown Source)
    at com.sun.javaws.Main.launchApp (unknown Source)
    at com.sun.javaws.Main.continueInSecureThread (unknown Source)
    to com.sun.javaws.Main.access$ 000 (unknown Source)
    to com.sun.javaws.Main$ 1.run (unknown Source)
    at java.lang.Thread.run (unknown Source)

    wrapped exception:
    java.net.SocketException: end of file unexpected server
    at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown_Source)
    at sun.net.www.http.HttpClient.parseHTTP(Unknown_Source)
    at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown_Source)
    at sun.net.www.http.HttpClient.parseHTTP(Unknown_Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown_Source)
    the impossible (unknown Source)
    at com.sun.deploy.net.BasicHttpRequest.doRequest (unknown Source)
    at com.sun.deploy.net.BasicHttpRequest.doRequest (unknown Source)
    at com.sun.deploy.net.BasicHttpRequest.doGetRequest (unknown Source)
    at com.sun.deploy.net.DownloadEngine.actionDownload (unknown Source)
    at com.sun.deploy.net.DownloadEngine._downloadCacheEntry (unknown Source)
    at com.sun.deploy.cache.ResourceProviderImpl.getResourceCacheEntry (unknown Source)
    at com.sun.deploy.cache.ResourceProviderImpl.getJreResource (unknown Source)
    at com.sun.javaws.LaunchDownload._downloadExtensionsHelper (unknown Source)
    at com.sun.javaws.LaunchDownload.downloadExtensionsHelper (unknown Source)
    at com.sun.javaws.LaunchDownload.downloadExtensions (unknown Source)
    at com.sun.javaws.Launcher.prepareLaunchFile (unknown Source)
    at com.sun.javaws.Launcher.prepareAllResources (unknown Source)
    at com.sun.javaws.Launcher.prepareToLaunch (unknown Source)
    at com.sun.javaws.Launcher.prepareToLaunch (unknown Source)
    at com.sun.javaws.Launcher.launch (unknown Source)
    at com.sun.javaws.Main.launchApp (unknown Source)
    at com.sun.javaws.Main.continueInSecureThread (unknown Source)
    to com.sun.javaws.Main.access$ 000 (unknown Source)
    to com.sun.javaws.Main$ 1.run (unknown Source)
    at java.lang.Thread.run (unknown Source).

    Console:
    Java Web Start 10.7.2.11
    With the help of 1.7.0_07 - b11 version JRE Java hotspot Client VM
    User home directory = C:\Documents and Settings\admin
    ----------------------------------------------------
    c: clear console window
    f: finalize objects on the finalization queue
    g: garbage collection
    h: display this help message
    m: print memory usage
    o: trigger logging
    p: reload the configuration of the proxy
    q: Hide console
    r: reload the policy configuration
    s: dump system and deployment properties
    t: dump thread list
    v: dump thread stack
    0-5: set the level of trace to < n >
    ----------------------------------------------------
    # Java Web Start Error:

    Hello

    : http://localhost.localdomain:7009/rpm-client/client/rpmconfig.jnlp

    Here localhost.localdomain points to 127.0.0.1.

    Change link above to http://192.168.1.17:7009:7009/rpm-client/client/rpmconfig.jnlp and try.

    Let me know the results.

    Kind regards
    PPS

  • New to OAF (using the api IBY)

    Hello
    I am building a customized OPS page.

    I need to use some API application IBY (some public methods in oracle.apps.iby.security.SecurityUtil).
    For this we have to import the oracle.apps.iby.security class in my java class.
    I'm not able to find which library application abdellah classes are included.

    Can anyone help?

    Thank you
    Haritha

    Harita... u need to import the file oracle.apps.iby.security.SecurityUtil to your project local jdev and in your file, you can tell
    Import oracle.apps.iby.security.SecurityUtil;
    and then the u should be able to all the public methods of the class...

    Thank you
    REDA

  • Hide the account in the grid

    Our account tree structure, there are a few accounts that I don't want the end user to see in the grid. I know that I can implement the security class to limit the ability of the user to see the balance of the account but not the name of the account. How can I limit the ability of the user to see the name of the account. For example, there are 10 account, when the user draws on a grid, I just want them to see 7 of 10 account names.

    Thank you!

    There is a property in the seting EnableMetadataSecurityFiltering aplication if you set at the Y, the user sees only the account, the entity that they authorice

    It may be useful
    Sofia

Maybe you are looking for

  • Satellite Pro L850 - 1 L 4 - cannot boot from Win 8 Upgrade disc

    Bought there is a little less than 2 years. With the upgrade of Windows 8.0 DVD.Let me now turn to Win 8 (then Win 8.1). No matter what I try (the BIOS changes) peut t get the DVD of start-up. Under the boot of CSM (default for the laptop), it return

  • Pavilion G4 IDT pilot Audio XP32

    Driver XP32 needed for: HDAUDIO\FUNC_01 & VEN_111D & DEV_7605 & SUBSYS_103C1666 I tried 9 different SoftPAQs (intresting they always call em SoftPAQs, it's a return to the old days Compaq) all labelled "IDT High Definition Audio Codec". Unfortunately

  • HP pavilion p108ne 15: controller Ethernet not installed

    I can't find the right drivers for Ethernet controller, I got a yellow "!" mark. PCI\VEN_10EC & DEV_8136 & SUBSYS_2281103C & REV_08PCI\VEN_10EC & DEV_8136 & SUBSYS_2281103CPCI\VEN_10EC & DEV_8136 & CC_020000PCI\VEN_10EC & DEV_8136 & CC_0200

  • Part real and imaginary FFT in Labview

    Hi all I have a very quick question after performing a FFT in LabView, I want to isolate the real part of the FFT of her imaginary part for further processing. Should what VI I use? Could you please direct me step by step for it? Is this possible? Th

  • OfficeJet 6600: Officejet 6600 turns off

    Our 6600 OfficeJet was itself switched off service intermittently. When I unplugged the power cord and repluged inside, the printer went through its boot sequence, to the end that he suddenly stopped again. Through trial & error, I found that I could