Exporting Access Permissions

The ExportSecurity utility exports Planning access permissions to the SecFile.txt file, enabling you to export and import access permissions across applications (see Importing Access Permissions). For the specified user or group (or for all users and groups if you use only the mandatory parameters), the ExportSecurity utility exports access permissions to these artifacts: members, forms, form folders, task lists, business rules, and business rule folders. ExportSecurity appends an artifact type flag that specifies whether the exported artifact security is for a form, composite form, form folder, task list, business rule, or business rule folder.

Notes:

  To export access permissions from Planning to a text file:

  1. Navigate to the planning1 directory (for the full path, see About EPM Oracle Instance).

  2. From the Command Prompt, enter this case-sensitive command, one space, and the parameters. Separate each parameter with a comma:

    ExportSecurity [-f:passwordFile] /A=appname,/U=username, [/S=searchCriteria|/S_USER=user|/S_GROUP=group], [/S_MEMBER=memberName|/S_MEMBER_ID=memberName |/S_MEMBER_D=memberName|/S_MEMBER_IC=memberName|/S_MEMBER_C=memberName],[/DELIM=delim] , [/DEBUG=true|false],[/TO_FILE=fileName],[/HELP=Y]

    where:

    Parameter

    Description

    Mandatory?

    [-f:passwordFile]

    Optional: If an encrypted password file is set up, use as the first parameter in the command line to read the password from the full file path and name specified in passwordFile. See Suppressing Password Prompts in Planning Utilities.

    No

    /A=appname

    The name of the Planning application from which you are exporting access permissions.

    Yes

    /U=username

    The administrator's ID for logging into the application.

    Yes

    /S=searchCriteria

    The user or group name.

    You cannot use this option with /S_USER or /S_GROUP.

    No

    /S_USER=user

    A specified user name.

    You cannot specify multiple users or use this option with /S_GROUP or /S=searchCriteria.

    No

    /S_GROUP=group

    A specified group. Only matching groups, not matching user names, are exported.

    You cannot specify multiple groups or use this option with /S_USER or /S= search criteria.

    No

    /S_MEMBER=MemberName

    A specified member.

    You can specify only one member-based parameter.

    No

    /S_MEMBER_ID=MemberName

    A specified member and its descendants.

    No

    /S_MEMBER_D=MemberName

    A specified member's descendants.

    No

    /S_MEMBER_IC=MemberName

    A specified member and its children.

    No

    /S_MEMBER_C=MemberName

    A specified member's children.

    No

    /DELIM=delim

    SL_TAB, SL_COMMA, SL_PIPE, SL_SPACE, SL_COLON, SL_SEMI-COLON. If no delimiter is specified, comma is the default.

    No

    /DEBUG=

    Specify true to display the utility's performed steps. false is the default.

    No

    /TO_FILE=

    Specify the path to the SecFile.txt file. By default, the file is in the planning1 directory (for the full path, see About EPM Oracle Instance).

    If you specify another path, use double backslashes, for example: C:\\Oracle\\SecFile.txt.

    No

    /HELP=Y

    Specify as the only parameter to display the syntax and options for ExportSecurity.

    No

    For example, to export access permissions for a user and group named Sales, enter:

    ExportSecurity /A=app1,/U=admin,/S=Sales

    To export for a member named Account100 and its descendants, with the colon delimiter to a file named Account100.txt in a specific path (in this example, to Planning\planning1):

    ExportSecurity /A=planapp1,/U=admin,/TO_FILE=D:\\EPM_ORACLE_INSTANCE\\Planning\\planning1\\Account100,/S_MEMBER_ID=Account100,/DELIM=SL_COLON

  3. If prompted, enter your password.

Also note:

Understanding the export file:

Item

Description

user or group

The name of a user or group defined in Shared Services Console.

memName

A member in the application.

access permissions

READ, READWRITE, or NONE. If there are duplicate lines for a user name/member name combination, the line with READWRITE access takes precedence.

For Calculation Manager business rules and folders only: Access permissions are specified as either NONE or LAUNCH.

Essbase access flags

@CHILDREN, @ICHILDREN, @DESCENDANTS, @IDESCENDANTS, and MEMBER.

Security implementation for these functions is identical to Essbase.

artifact type

After each line, the utility appends the artifact type:

  • SL_FORM—for forms

  • SL_COMPOSITE—for composite forms

  • SL_TASKLIST—for task lists

  • SL_CALCRULE—for business rules

  • SL_FORMFOLDER—for form folders

  • SL_CALCFOLDER—for folders containing business rules

Note:

If you manually create the SecFile.txt file, you must add the artifact type identifiers.

For example, an exported file might contain these lines:

User1,DataForm2,READ,MEMBER,SL_COMPOSITE

User2,Folder3,READWRITE,MEMBER,SL_FORMFOLDER

User3,DataForm4,READWRITE,MEMBER,SL_FORM

”North America”,Account101,READWRITE,MEMBER,SL_CALCFOLDER