Security Examples in Native Security Mode

In This Section:

Example 1: Users Require the Same Access to Databases

Example 2: Users Require Differing Access to Databases

Example 3: Users Require Differing Access to Databases; Users Will Be Added

Example 4: Users Require Differing Access to Application and Databases

Example 5: Administrator Must Perform Maintenance

The sample security problems and solutions described in this chapter are based on the Sample application and use security procedures described in User Management and Security in EPM System Security Mode.

Example 1: Users Require the Same Access to Databases

Three employees need to use Essbase—Sue Smith, Bill Brown, and Jane Jones. Each requires update access to all databases in the Sample application.

Solution When Using Essbase in Native Security Mode:

Because the users need update access to only one application, they do not need Administrator permission. Because the users do not need to create or delete applications, users, or groups, they need not be defined as special types of users with Create/Delete permission. These users need only Application Manager permission for the Sample application.

The Administrator should perform the following tasks:

  1. Set up the users with Administration Services.

    See the Oracle Essbase Administration Services Online Help.

  2. Create Sue, Bill, and Jane as ordinary users with Application Manager permission.

    If Sue, Bill, and Jane are created without Application Manager permission, assign Application Manager permission to the three users.

    See Creating Users in Essbase Native Security Mode or Granting Designer Permissions to Users and Groups in Essbase Native Security Mode.

Example 2: Users Require Differing Access to Databases

Three employees need to use Essbase—Sue Smith, Bill Brown, and Jane Jones. Sue and Bill require full access to all databases in the Sample application. Jane requires full calculate access to all databases in the Sample application, but she does not need to define or maintain database definitions.

Solution When Using Essbase in Native Security Mode:

The Administrator should perform the following tasks:

  1. Set up the users with Administration Services.

    See the Oracle Essbase Administration Services Online Help.

  2. Create Sue and Bill as ordinary users with Application Manager permission.

    If Sue and Bill are created without Application Manager permission, assign them Application Manager permission.

    See Creating Users in Essbase Native Security Mode or Granting Designer Permissions to Users and Groups in Essbase Native Security Mode.

  3. Define global Calculate access for the Sample application as the Minimum Database Access setting to give all additional users Calculate access to all databases for the application.

    See “Setting Minimum Permissions for Applications” in the Oracle Essbase Administration Services Online Help.

  4. Create Jane as an ordinary user with no additional permissions. She inherits Calculate access from the application global setting.

    See Creating Users in Essbase Native Security Mode.

Example 3: Users Require Differing Access to Databases; Users Will Be Added

Three employees need to use Essbase—Sue Smith, Bill Brown, and Jane Jones. Sue and Bill require full access to all databases in the Sample application. Jane requires full update and calculate access to all databases within the Sample application, but she will not define or maintain database definitions. Users will be added; all will require read access to all databases.

Solution When Using Essbase in Native Security Mode:

Because the current users have differing needs for application and database access, define their permissions individually. Then, to save time assigning individual read permissions for future users, make read the global setting for the application. (It does not matter in what order you assign the user permissions and the global access.)

The Administrator should perform the following tasks:

  1. Set up the users with Administration Services.

    See the Oracle Essbase Administration Services Online Help.

  2. Create or edit Sue and Bill as ordinary users with Application Manager permissions.

    See Creating Users in Essbase Native Security Mode and Granting Designer Permissions to Users and Groups in Essbase Native Security Mode.

  3. Create Jane as an ordinary user, and give her Calculate permission for the Sample application.

    See Creating Users in Essbase Native Security Mode and Granting Application and Database Access to Users and Groups in Essbase Native Security Mode.

  4. Define global read access for the Sample application as the minimum database access setting to give all additional users read access to all databases in the Sample application.

    See “Setting Minimum Permissions for Databases” in the Oracle Essbase Administration Services Online Help.

Example 4: Users Require Differing Access to Application and Databases

Three employees need to use Essbase—Sue Smith, Bill Brown, and Jane Jones. Sue requires full access only to the Sample application; Jane requires calculate access to all members of the Basic database; Bill requires read access to all members. No other users should have access to the databases.

Furthermore, Jane and Bill need to run report scripts that are defined by Sue.

Solution When Using Essbase in Native Security Mode:

Because the different users have different needs for application and database access, define the global access setting as None, and assign the user permissions individually.

The Administrator should perform the following tasks:

  1. Set up the users with Administration Services. (Because Jane and Bill need to run the report scripts, they must use Administration Services.)

    See the Oracle Essbase Administration Services Online Help.

  2. Create Sue as an ordinary user, and grant her Application Manager permission for the Sample application.

    See Creating Users in Essbase Native Security Mode and Granting Designer Permissions to Users and Groups in Essbase Native Security Mode.

  3. Create Jane as an ordinary user, and give her Calculate permission for the Sample application.

    See Creating Users in Essbase Native Security Mode and Granting Application and Database Access to Users and Groups in Essbase Native Security Mode.

  4. Create Bill as an ordinary user and give him read permission on the Sample application.

    See Creating Users in Essbase Native Security Mode and Granting Application and Database Access to Users and Groups in Essbase Native Security Mode.

Example 5: Administrator Must Perform Maintenance

The Administrator, Sue Smith, needs to perform maintenance on the Sample application. She must make changes to the database outline and reload data. While she changes the application, Sue must prevent other users from connecting to the application.

Solution When Using Essbase in Native Security Mode:

Sue should perform the following tasks:

  1. Disable the Allow Commands setting to prevent other users from connecting to the application and to prevent connected users from performing further operations.

    See “Clearing Applications of User Activity” in the Oracle Essbase Administration Services Online Help.

  2. Check to see if any users have active locks.

    If any users have active locks, Sue’s calculation or data load command might halt, waiting for access to the locked records. Sue can allow the users to complete their updates or clear their locks.

    See “Viewing Data Locks” in the Oracle Essbase Administration Services Online Help.

  3. After confirming that no users have active locks, proceed to perform maintenance on the application.