Security of hyperion planning
Download as DOCX, PDF2 likes7,067 views
This document summarizes how to manage access permissions in Hyperion Planning. It describes the different types of planning elements that can be assigned permissions, including scenarios, versions, accounts, entities, and custom dimensions. It also outlines the different access permission levels of Read, Write, and None. Administrators can enable security on dimensions and then assign access permissions to individual members for users and groups.
Security of hyperion planning
- 1. Security of Hyperion Planning Access Permissions in Hyperion Planning Shared Services roles that set access permissions for managing projects, applications, dimensions, users, and groups Planning Elements That Can Be Assigned Access We can assign access permissions to: Scenario members Version members Account members Entity members User-defined custom dimension members Data forms Task lists Business rules For example, users must have these Shared Services roles to perform the specified tasks: Project Manager: Creates and manages projects in Shared Services. Provisioning Manager: Provisions users and groups to applications. Dimension Editor: Required for Performance Management Architect and Classic applications. For Performance Management Architect, allows access to application administration options for Planning. For Classic, allows access to the Classic Application Administration options for Planning (in combination with the Planning Application Creator role). Planning Application Creator: Required for Performance Management Architect and Classic applications. For Performance Management Architect, allows users to create Planning applications and Performance Management Architect Generic applications. For Classic, allows access to the Classic Application Administration options for Planning (in combination with the Dimension Editor role). User-defined dimensions: Assign access permissions to members by selecting the dimension property Apply Security. If you omit setting Apply Security, all users can access the dimension's members. By default, the Account, Entity, Scenario, and Version dimensions are enabled for access permissions. Users and groups, which can vary among applications. Assign access to Planning application elements by using Assign Access. Note: After updating access permissions, refresh the application to update Essbase security filters.
- 2. Types of Access Permissions: Access permissions for the specified user or group to the dimension member, data form, or task list include: Read—Allows view access Write—Allows view and modify access None—Prohibits access; the default access is None We can specify access permission for individual users and each group. When you assign a user to a group, that user acquires the group's access permissions. If an individual's access permissions conflict with those of a group the user belongs to, user access permissions take precedence. To enable access permissions for dimensions: Select Administration > Dimensions. For Dimension, select the dimension to change. Click Edit. In Dimension Properties, select Apply Security to allow access permissions to be set on its members. If you do not select this option, there is no security on the dimension, and users can access its members without restriction. Click Save. Click Refresh to revert to the previous values. To assign access to members: Select Administration > Dimensions. For Dimension, select the dimension to assign access to its members. Select the member for which to assign access. Click Assign Access. Add, change, or remove access. To assign access permissions to members: Select Administration > Dimensions. For Dimension, select the dimension for whose member you want to add access. Click Assign Access. Click Add Access Optional: To migrate a user or group's changed identity or their position in the user directory from User Management Console to Planning, click Migrate Identities Optional: To remove deprovisioned or deleted users or groups from the Planning database to conserve space, click Remove Non-provisioned Users/Groups For Users and Groups on Add Access, select the users and groups to access the selected member. For the selected member, select the access type. Optional: Select a relationship.
- 3. For example, select Children to assign access to the children of the selected member. Click Add. Click Close. To modify access permissions for members: Select Administration > Dimensions. For Dimension, select the dimension for whose member you want to edit access. Click Assign Access. Optional: To migrate a user or group's changed identity or their position in the user directory from User Management Console to Planning, click Migrate Identities. Optional: To remove deprovisioned or deleted users or groups from the Planning database to conserve space, click Remove Non-provisioned Users/Groups. Click Edit Access. For the selected member on Edit Access, select the access type for the displayed users or groups. Optional: Select a relationship. For example, select Children to assign access to children of the selected member. Click Set. Click Close. To remove access permissions for members: Select Administration > Dimensions. For Dimension, select the dimension for whose member you want to remove access. Click Assign Access. Select the users and groups for whom to remove access to the selected member. Click Remove Access. Click OK. Click Close. Regards:- AAjjaayy ssiinngghh cchhoouuhhaann