Oracle Hyperion Security

Avatar

By
November 9th, 2015


Accounting means to assign the correct numbers to the correct accounts in the correct time period. Consolidation means to combine the accounts of several entities according to accounting rules.

Hyperion security takes place in the Oracle Shared Services Console. Oracle HFM, Essbase, Planning, and FDMEE all use the Shared Services module to manage security.

Background

Application security is the security within an application. Security prevents two types of errors: intentional and accidental. Intentional errors are rare, the majority of errors are unintentional or accidental. A large public corporation normally consists of several small entities. The accounting numbers will more likely be correct if accountants are prevented from making unintentional errors by only having the minimum access needed to do their job.

As with most of mathematics, Shared Services security is built on set theory. There are two applicable sets: users and metadata. The goal is to associate the users to the metadata and to the application through a role. There are two type of roles: application roles and metadata roles. Application roles provide access to the application through application defined roles. HFM, Essbase, Planning, and FDMEE applications have different sets of application defined roles. Metadata roles are based on the dimensions, these roles provide access to the data. Examples are read-only, and write access.

Each metadata dimension member has an attribute called SecurityClass. This attribute is used to group dimension members for access to data. Although each metadata dimension member has the SecurityClass attribute, security is often only on the Entity dimension. Remember, security is a double edged sword: fine grained security will require more security administrator effort.

Windows active directory (“AD”) groups are often used to group users. The advantage to group users is that more than one user will have access in the case of vacations or other absence

Work Instructions

This is a description of the mechanics of Shared Services security:

To provision a user to an application:

Navigate->Administer->Shared Service Console

Click on a folder

Search for a user by name

Right click – choose provision

To assign a user to a group:

Navigate->Administer->Shared Service Console

Click on a folder

Search for a user by name

Right click – choose assign

To create a security class:

Navigate->Administer->Shared Service Console

Expand Application Groups

Select Classes

Enter name for security class

To link a user group to a security class:

Navigate->Administer->Shared Service Console

Expand Application Groups

Select Assign Access Control

Select Users and Groups

As long as there are people in corporations, there will be personnel movement in corporations. Therefore EPM administrators will be kept busy with security changes. Oracle Hyperion Shared Services work well – provided one has a good understanding of how shared service security works.

 

 

 

 

 


Avatar

About TopDown Team

The TopDown Team includes members of TopDown Consulting who want to let the community know about webcasts, conferences, and other events. The team also conducts interviews on various EPM industry topics.

Leave a Reply

Your email address will not be published. Required fields are marked *