2 Replies Latest reply: Jan 19, 2012 7:13 AM by 715835 RSS

    Security - Planning switching to Essbase

    910104
      Working in Version 11

      We have Planning installed and a BSO cube we are using. I created a new ASO cube and gave some new users access in Shared Services and updated in EAS and they are able to use Smart View to see the ASO cube. Old Planning users can't see it in Smart View until I remove them from the Planning group Security and update; then give them Essbase access and update.

      Is this a bug or is it security design? I would think Security would allow Planning users to see Essbase. (When I look in the User List in EAS it show Planning; not Essbase until I remove and add them back.)
        • 1. Re: Security - Planning switching to Essbase
          900736
          you mean now you removed access for planning groups & gave only for essbase?

          It should work for both planning & essbase apps, provide group access through groups for planning and if you r going to provide new essbase app, you can create group & provide the access instead of direct access...either do all access only thru groups or individual, some times if you give both it will create issues...

          Note: If you are going to provide access only thru groups, you can give individual only essbase server access...its optional (some exceptional cases will do this).

          If you can apply the security 'Planning and Essbase' then it will work for both applications, looks it was not sync when you gave the access.
          you can de-provision & provision when strange issues comes...

          Also you can use maxl command(alter user) to provide access to essbase & planning, it will work always...
          • 2. Re: Security - Planning switching to Essbase
            715835
            Essbase security and Planning security are two entirely different animals. It's all in the provisioning.

            Planning creates its own filters by user (not by group) when you deploy "Create Security Filters". You add Planning users to groups in Shared Services, and provision them as Planners, then go into Planning and assign access to the groups at the entity and/or account level. Then deploy. All the filters are created with the user name with an "f" prefix.

            Essbase security is set by creating Filters in EAS & Groups in Shared services. In Shared Services, add users to groups, provision the groups to the databases, then in the Applications Group section, right click on the db and select Assign Access Control. Add the filters to the groups. Best practice would be to give the Groups and Filters the same descriptive name to make it easier to report to the auditors.

            If groups are only provisioned for Essbase, they will only see Essbase. If they are only provisioned for Planning, they will only see Planning. I don't provision any group for both.

            If you are using 11.1.1, you have to refresh security before and after you assign access.

            Hope this helps,

            Tim Young