Security in planning group
Hi allI have a question related to the safety of dimensions with planning groups. Say there are user A, user B, and user-C and I created 2 groups using these 3 users in follows Hyperion Shared Services
Group 1: User A and user B
Group 2: User B and user c.
(User-B is present in the Group 1 and group 2).
In planning, the question is if I that follow the access rights to these two groups for a member in a dimension, the type of access User-B would get this member?
Group 1-read/write
Group 2 - no (NoAccess)
There is None or Read/Write?
Any help would be greatly appreciated.
Thank you
Prashanth
Published by: HypUser on March 29, 2011 08:46
None has priority over the read/write.
Tags: Business Intelligence
Similar Questions
-
Cross dimensional security in planning
Got a scenario where the client asking to cross the security dimension in the planning and do not know if it is possible
Simple example
Suppose 2 dimensions. Account and entity
Entity has 2 members E1234 and E1235
Has 2 members Axxx1 and Axxx2
The user is user1
User must have the following access (guess that's all the ReadWrite)
Axxx2 but only for E1234 (so don't ReadWrite for Axxx1 in E1234)
Axxx1 but only for E1235 (so don't ReadWrite for Axxx2 in E1235)
Based on the SecFile.txt
I could write
User1, a member of Axxx2, ReadWrite,
User1, a member of Axxx1, ReadWrite,
User1, Member E1234, ReadWrite,
User1, E1235, ReadWrite Member,
But I now gave him access to everything...
I'm afraid that the answer is that you can't do. I know that you could do in Essbase itself, but do not find something for planning.
My problem is actually much more complicated than that, but if I could understand this simple example, I think I can do everything I need.Hello
This has been asked several times in the past, the cross-dimensonal security is not currently available in the planning, security in planning unfortunately does not work the same as the essbase filters.
Reading of:- Re: security on Hyperion Planning/Essbase
See you soon
John
http://John-Goodwin.blogspot.com/ -
Planning security with nested groups
Hi all
We have a CapEx Planning Application and have a problem with the security of the entity. We have users within their own groups of HSS. Some groups are nested in other groups. For example
User1 is in Analyst_Group and Analyst_Group is in another group, Operations_Group.
On a specific entity (11122), we give the Analyst_Group and Operations_Group write access no access.
Planning should take the least restrictive security (for User1 in this case should be writable by 11122), but taking the security defined for Operations_Group. If set to None, then he cannot see this entity. If his game to play, then he gets only read access.
Does anyone know why it does not work the way in which the Admin planning guides say it should (IE its not to take the least restrictive permissions)?
We use the 11.1.2.1.0 planning.
Thank you!
Good read on the nested groups
So in your case Operations_Group is the parent, then Analyst_Group will inherit the parent's access.
Concerning
Celvin
-
ASO Plan type of problem of security filters planning application
Hello
We have a planning application that has 3 plantypes BSO and a kind of ASO. Security for the OSB is made by the secFile.txt and works perfectly. For the ASO cube, we tried to create filters and their allocation to the groups, but we receive the below error
"Cannot change the access authorization on the application of planning in shared services mode.
The groups are provisioned with Planner for the planning application and the access under the Cluster Essbase server.
Groups or user tables are displayed as planning instead of planning and Essbase.
Please let us know how to create filters and their assignment to the plantype of ASO by EAS/Maxl planning without errors (syntax is known)
version 11.1.2.4
Public sector, planning an application
Cube DP_ASO
Thank you
SravanIt is designed to be used via the planning layer and not directly to Essbase, you can access the layer of planning using Smart View and reports
-
Security vs planning Essbase filter
For example, suppose I "Sample" user and I give write access to the child member of the entity dimension
Entity
Chicago
New York City
So in this case, I give write access to @ides (chicago).
And I update safety (filter) in the planning.
When I connect EE and go to the database and filter, I don't see NO AND/OR LU. As I applied the write filter, suppose to show SCRIPTURE in environmental assessments as well. ?
If it is not the case, how am I supposed to see what type of access available to the user or the filter (other than checking the SECFILE in Planning)?
Any suggestions please.
Access the report should really be used to view permissions.
Provide the access permissions for at least one Member overall of all dimensions of security is enabled for this user and then refresh the filter and check.
Also role of planning:
-
Hello again everyone.
I was able to work on a lot of this code to other people's questions, but I hit a snag in my if/else clause structure... I need to make a plan to work around each groupItem of high-level layer [0]. This part is cake... unless there is a clipping mask. Visible limits do not work when there is a clipping mask. So, I built some of the loops that browse the pathItems search the clipping mask and return the visibleBounds said mask. However, I can't find how to structure the if clause in a way that will create the plan of work around the clipping mask when one exists.
I am successful to find the visibleBounds of the mask and the creation of the appropriate graphic board, but it is ALSO to create a work plan around the visible boundaries of the entire group. How framing an if clause to determine if a work plan has been done around the clip path already and therefore not create a second work plan around the visible boundaries of the groupItem together? I guess I would need some sort of function to determine if createdArtboardAroundClip = true and if so, skip this group...
Thank you all.
Here is the code:
var aB = docRef.artboards; var docLayers = docRef.layers; var layer1 = docLayers[0]; var groupLevel1 = layer1.groupItems; for (a = 0; a < groupLevel1.length; a++){ var groupLevel2 = groupLevel1[a].groupItems; var vB = groupLevel1[a].visibleBounds for (b = 0; b < groupLevel2.length; b++){ var paths = groupLevel2[b].pathItems; for (c = 0; c < paths.length; c++){ if (paths[c].clipping == true){ var clipBounds = paths[c].visibleBounds; aB.add(clipBounds); break; } } } aB.add(vB); }
Oh sorry, I forgot that one. I was able to view the image basically to see what is happening. Okay, so I saw a problem, you have one of your straps closure irrelevant. Your first nested for loop does not close where you want.
-
Question about security lines filters group
Hello
I put a lot of filters of the time lines for my groups in 'Administration tool'.
(Manage-> Security-> Permissions-> filters) without problem.
But now, I want to better understand behavior. When I click on the Add button
I see a window where I can select the objects to be filtered.
In the lower left corner there are two tabs 'Présentation' and 'Business '.
Model ". What is the difference? What happens if I select an object
the first tab? And what about the other? To avoid any problems, I always
selected object in both tabs.
Thank you
GiancarloThe MDB one business model layer can be a source of more of a catalog of presentation, so their might two catalog users who use the same logic table MDB, however, a user must now be restricted. Placing the restriction to the MDB will layer affect users, putting the presentation layer will affect the selected user.
I hope this makes sense
-
Alternative to apply dimension security in planning?
Hi all
I created a new application and need to apply the security settings that are in the old version of the application. Is there another way to do accept via Administration-> Dimension. See if there is security on a member, note that what kind of security and groups that are assigned to this security? For example, the dimension entity and account are very deep and there are a lot of groups of users, so it will take me ages to reply to this. Another way to do this?
Thanks in advance!
MathijsHello
Make sure that you use the utility with the account of the owner of applications.
See you soon
John
http://John-Goodwin.blogspot.com/ -
Security in planning error when you access a data form
Hello
I have a question about access of dimension-level security and the user.
We have a user who has received a data form, but he is still not able to access it. It has dimension security level applied to each user. When he tries to access the form it throws an error-
"Security and/or filtering resulted in a necessary dimension is not represented on this form of data.
How to know what size is? Is there any other means other than the manual method of entering each dimension and to check it out?
Please let me know your ideas.
Thank you so much in advance.
~ HervéI'm not sure of any other way apart from the Suggestion of the Alp of overlapping security export or play with USER_ID and OBJECT_ID of Table HSP_Access_Control or take an export of LCM of just security and take a look at users.xml.
See you soon... !!!
-
Drop an annex in a planning group
I created 4 custom individually planning...
BEGIN
dbms_scheduler.create_schedule ('schedule_name_1', repeat_interval = > ' FREQ = YEAR;) BYDATE = 20090706; BYHOUR = 15; BYMINUTE = 30; BYSECOND = 00');
dbms_scheduler.create_schedule ('schedule_name_2', repeat_interval = > ' FREQ = YEAR;) BYDATE = 20090707; BYHOUR = 15; BYMINUTE = 30; BYSECOND = 00');
dbms_scheduler.create_schedule ('schedule_name_3', repeat_interval = > ' FREQ = YEAR;) BYDATE = 20091009; BYHOUR = 15; BYMINUTE = 30; BYSECOND = 00');
dbms_scheduler.create_schedule ('schedule_name_4', repeat_interval = > ' FREQ = YEAR;) BYDATE = 20091010; BYHOUR = 15; BYMINUTE = 30; BYSECOND = 00');
END;
... then I combined them all in a calendar
BEGIN
() dbms_scheduler.create_schedule
schedule_name = > "main_schedule"
start_date = > null,
repeat_interval = > ' schedule_name_1, schedule_name_2, schedule_name_3, schedule_name_4',
End_date = > null,
Comments = > null);
END;
... created a job using the main_schedule
BEGIN
DBMS_SCHEDULER. () CREATE_JOB
job_name = > 'process_job_1 ',.
job_type = > 'EXECUTABLE. "
job_action = > ' / usr/local/directory/sched_process.ksh',
schedule_name = > 'main_schedule');
END;
My questions are:
-What happens if I drop (for example) schedule_name_3?
-It causes an error on the main_schedule or in process_job_1?
-Is this the oracle Scheduler will not run the JOB defined in process_job_1 when the next execution date is schedule_name_3?
- Or it does not produce an error and doesn't do anything more?
If a fall generates an error
-How could I stop the process_job_1 running oracle Scheduler if the next execution date is schedule_name_3?
Thanks in advanceFunny things happen.
(1) you can file the schedule_name_1, 2, 3, 4, despite the fact that another calendar depends on it. (apparently a calendar does not count as a dependent object...)
(2) you cannot remove the main_schedule because another object depends on it.
(3) labor remains steady but will not be postponed to a date that no longer exists in the main_schedule.
(4) the main_schedule still shows the repeat interval original containing the collection of paintings where it depends on.You expect that the main_schedule would become broken. There is no status for planning, so it cannot be broken.
The definition of main_schedule shows still all schedules of void.The main_schedule can silently rendering can be used also by recreating the void schedules and from there, a new job can be activated again using the main_schedule.
I hope this helps.
Ronald
http://ronr.blogspot.com -
Hello
I am trying to understand the cause of the following problem:
I've added several groups native SSP and filled with Active Directory users. After that, I added this includes forms security in planning.
For some reason any when I arrived at work this morning there was no security more forms of planning. Only thing I know is that Hyperion services were arrested and began last night while the file system has been saved.
Another thing is, I have more than 100 forms. Is the only way to security must enter one by one on them and affecting access?
Thank youHello
You can import security member in 9.2, have a read of:-http://download.oracle.com/docs/cd/E12032_01/doc/epm.921/html_hp_admin/hpamin-07-08.htm
I don't think you can import security shape well only up to 9.3See you soon
John
http://John-Goodwin.blogspot.com/ -
Combined security problems (user assigned to two groups)
Hello Experts,
Group 1 has access to entity A - produced X. Group 2 has access to entity B - y. If a user is assigned to the two groups, he has access to unwanted as A entity - combinations product Y / entity B - product X.
What is an expected behavior because of the way access filters are generated? Is it possible to avoid the undesirable combinations?
Steps to reproduce:
1. create the Group A and Group B
2. create user
3. assign security access of Group of axis 1 - members 1 / axis 2 - Member
4 assign security access Group B of Dimension 1 - member 2 / axis 2 - Member B
5. create a web form with axis 1 and 2 of Dimension in the form of pages (by selecting the members 1 member 2, A and B)
6 assign user to group A and B
7 confirm that the undesirable combinations are allowed
Please suggest.
Thank you
SonuHello
You talk about using security on dimensions in planning? If you are then it is not behaviour whereas security enhanced planning filters as essbase using formulas.
See you soon
John
http://John-Goodwin.blogspot.com/ -
Hello
I need to set the security of user group and the role of E-Capture but not no matter what doc and I configured 5 reviews in web logical console with the administrator group, but faced with a problem that is mentioned below
Problem:
(1) in the E-capture show only user weblogic and I'm not able to search for any user.
(2) not yet able to connect to e-capture console and client using another user except weblogic.
Please guide me how to set security for e-capture console and customer e-capture.
Thanks in advance
Sanjeev
Hello
Connect to Enterprisemanger-> right click on the domain-> titles-> roles and policies
Then select capture and navigate to capture roles add LDAP users and groups to roles according to your requirement to capture. If faced with any LDAP related issues can create the user with the admin role and try to add it all first by assigning the two roles out there. Hoping that this will certainly help.
-
I'm creating an application that uses the authentication of the APEX and characteristics (work) registration and forgot password forms (does not work).
My I forgot the password is public (requires authentication). The user provides the user name and a secret answer, which are validated and then provides the new password. I try to use htmldb_util.reset_pw to reset the password of the user, but it does not work.
I have a process on the new password page call a PL/SQL anonymous block that looks like this (see below), where username = P16_ITEM1 and P18_ITEM1 = new password.
BEGIN
apex_040000.htmldb_util.reset_pw (V ('P16_ITEM1'), V ('P18_ITEM1'));
END;
I don't know how to send a message of success/failure of such PL/SQL block to the APEX, but that's a separate issue, I guess.
In any case, during the trial through SQL Developer as the user with APEX_ADMINISTRATOR_ROLE, I get the following error:
ORA-20001: unauthorized access (package for the undefined security group variable).
ORA-06512: at "APEX_040000.WWV_FLOW_FND_USER_API", line 22
ORA-06512: at "APEX_040000.WWV_FLOW_FND_USER_API", line 1220
ORA-06512: at "APEX_040000.HTMLDB_UTIL", line 1253
ORA-06512: at line 8 level
I've searched previous discussions and tried different suggestions with no luck.
I'm on Oracle DB 11g XE and APEX 4.x.
Any help will be appreciated. Thank you
Alex.In any case, during the trial through SQL Developer as the user with APEX_ADMINISTRATOR_ROLE, I get the following error:
ORA-20001: unauthorized access (package for the undefined security group variable).
When executing code outside the Apex which depends on the security defined Apex group, perform the following steps before your own code:
wwv_flow_api.set_security_group_id(apex_util.find_security_group_id('YOUR_SCHEMA_NAME'));
Google "wwv_flow_api.set_security_group_id" for more details, like this blog:
http://www.easyapex.com/index.php?p=502
-Morten
http://ORA-00001.blogspot.com
-
Security at the level of the object by creating groups of catalog in OBIEE - 10 G
Hi all
I have a requirement to display the dashboard based on the user login. Ex. Mike belongs to HR, Smith to accounts
When Mike connects, he should see only these three dashboards. View of CF, commune data1, data2 common. When Smith connects, he should see only these three dashboards. Display accounts, common data1, commondata2.
Commondata1 and commondata2 dashboards has joint reports for all departments. Other dashboards is particular department with all the different reports. How can I implement this?
One of my previous posts, I was told to do by using the object-level security by creating groups of catalog. Can you please provide me with instructions to end-to-end on creating object groups of catalog-based security level.
Thanks for your time and your help.Hello
Mike to HR
Smit - accountYes, groups reach you by security at the object level by creating catalog
(1) create a catalog group and users partially RPD (Ex: Account_grp, HR_grp)
(2) assign user to this particular group (say Ex: Account_grp = Smith and HR_grp = Mike)(3) login (username Admin) dashboard and---> gale dashboard page layout--> add users to this particular
Dashboard users and save it then
try to connect to the user mike and smith, it will workyou see link below
http://www.rittmanmead.com/2010/01/OBIEE-10G-Web-catalog-best-practices/
http://www.rittmanmead.com/2007/05/OBIEE-and-row-level-security/
Thank you
Deva
Maybe you are looking for
-
Gmail does not open in firefox
Just switched to firefox from IE, but it won't open my gmail account. Forefox does not work with gmail? How can I fix it or if I should try another browser?
-
I followed the instructions and can't do full screen to quit.
I clicked on the button menu, then on the button fullscreen. He gave me a full screen. Then I clicked the menu button and clicked the button fullscreen. The top bar is returned to the normal size and then disappeared leaving me with a full screen. Ho
-
"Put it back" option (Trash) not.
Hello I'm on El Capitan 10.11.2. I just discovered that if I opened the bin and just right-click on a file, the "Deliver" option is no longer there (was there in Yosemite). The option is also not displayed by pressing and holding the Option key and c
-
My his default keeps beeping while I'm on my lap top
My his default beep warning while I have on my lap top How to find why he do this?
-
Spa2102 Provisioning (problems)
Hello, my name is Dhaniels, I'm internet & phone service provider,And I did this because I am having some problems with the supply on the Cisco Spa2102 (I have many features of something like 300 units), so I don't know how to disable personalization