8 Replies Latest reply: Jul 11, 2012 7:16 PM by hyperion start RSS

    Security access confusion

    hyperion start
      Gurus,
      I have a planning application and I created a user called SAM in shared services and I wanted to give read-only access to SAM in the planning application. So this is what I did.
      First thing is that SAM does not belong to any group in shared services.
      I provisioned SAM in shared services by choosing the application under "application group" and gave SAM VIEW access.
      Now when I log into planning workspace by using the username and password for SAM, I can log into the application but I cannot see any data forms, folders, nothing. What am I doing wrong?
      One question I have is that, after giving the VIEW access to SAM in shared services, do I need to go to planning application and give READ access to each data form, dimensions, etc ? OR will SAM have access simply by having been assigned the VIEW access to planning applicaiton in shared services?
      Please advise. OR is there any other suggestion.
        • 1. Re: Security access confusion
          Mehmet Sevinc
          You kinda answered the question yourself...
          One question I have is that, after giving the VIEW access to SAM in shared services, do I need to go to planning application and give READ access to each data form, dimensions, etc ?
          Yes. Form and dimension security are separate then the application security.

          Also, don't forget to do a security filter refresh at the end, so that the user could also connect to SmartView and do ad-hoc analysis on the planning database.

          Cheers,
          Mehmet
          • 2. Re: Security access confusion
            hyperion start
            Hi Mehmet,
            So you mean to say that after I provision the user in Shared Services, I need to go to planning application and then do these steps right?
            a. Give read access to each data form
            b. Give access to each dimension (well the dimension access would be only in case the dimensions have security added to them right?)
            And well, I gave the user read access to data forms and when I tried to view the dataform by logging to the username, this is the message it showed:
            "you are trying to open the dataform but cannot because all of the required dimensions are not present, possible causes may be that you may not have access to at least one member of the required dimension or the member selected resulted in no members present"
            please help
            • 3. Re: Security access confusion
              Mehmet Sevinc
              So you mean to say that after I provision the user in Shared Services, I need to go to planning application and then do these steps right?
              a. Give read access to each data form
              b. Give access to each dimension (well the dimension access would be only in case the dimensions have security added to them right?)
              Yes. You need to follow these steps.
              And well, I gave the user read access to data forms and when I tried to view the dataform by logging to the username, this is the message it showed:
              "you are trying to open the dataform but cannot because all of the required dimensions are not present, possible causes may be that you may not have access to at least one member of the required dimension or the member selected resulted in no members present"
              That means there is still one or more dimension(s) that you have yet to assign security to this user. Have you checked all your dimensions and made sure this user is assigned security to them?
              • 4. Re: Security access confusion
                hyperion start
                Thanks
                I will give access to the dimensions one by one. and well, how about financial reports, what would be the way so that the user can view reports in planning?
                • 5. Re: Security access confusion
                  Mehmet Sevinc
                  That would require separate provisioning. Here are the reporting and analysis roles: http://docs.oracle.com/cd/E17236_01/epm.1112/hss_admin/apas04.html

                  Once you provision the user with appropriate roles, then you also need to login to Workspace and give them access to the report folder and reports.

                  Hope this helps.

                  Cheers,
                  Mehmet
                  • 6. Re: Security access confusion
                    hyperion start
                    Thanks Mehmet,
                    I am trying to do it but I am not being able to. Do you have any step-by step guide to do that, or can you please be me a little more specifics, I mean do I need to go to the root and then folder and then go to Administer or something like that.
                    Thanks
                    • 7. Re: Security access confusion
                      Mehmet Sevinc
                      Sorry about that... Once you login to Workspace, click on Explore. find the report folder under Root, right click Edit Permissions, select the user and give him View Access. This will give the user access to the folder, but not to the reports. Now you have two options:

                      1. Right click on the report folder and click on Apply Permissions to Children. This will give user access to all reports under this report folder.
                      2. If you'd like to restrict the user from certain reports, then option 1 will not work. Instead you need to go inside the report folder, right click on individual reports, Edit Permissions and give appropriate (usually view) access to the user.

                      Let me know if you still have issues. Also, Financial Reporting Workspace Administrator's Guide is a good reference: http://docs.oracle.com/cd/E17236_01/epm.1112/fr_webadmin/launch.html

                      Cheers,
                      Mehmet
                      • 8. Re: Security access confusion
                        hyperion start
                        Thanks Mehmet.
                        What I did was assigned the user to the groups that had access and then it worked.
                        Thanks again.