Alter User

Add or remove a user to or from a group. Rename a user. Change the comment that describes a user. Enable or disable a user account. Change a user's password, or specify whether it should expire. Control user application access to application domains.

Permission required: create_user.

When Essbase runs in EPM System security mode, the Essbase create_user permission becomes obsolete. You must be an Essbase administrator to manage users, and you must additionally be a Shared Services administrator to manage users from Shared Services.

Syntax

Syntax diagram for alter user.USER-NAMEGROUP-NAMEACCESS-TYPEACCESS-TYPEPASSWORDCOMMENT-STRINGFILTER-NAME

Use alter user to change user information in the following ways:

KeywordDescription

add [to group]

Add the user to a group.

InEPM System security mode, this action automatically causes a user/group synchronization between Essbase and Shared Services. It is advisable to use Shared Services to manage users and groups instead.

add application_access_type

Add an application access type. An application access type controls which domains a user can access based on the named user license. To view a list of the user's allowed application access types, use display user. MaxL can be used only to add or remove Essbase access.

remove [from group]

Remove the user from a group.

In EPM System security mode, this action automatically causes a user/group synchronization between Essbase and Shared Services. It is advisable to use Shared Services to manage users and groups instead.

Note:

If you deprovision a group in Shared Services that was provisioned to Essbase, users in the group remain in the Essbase security file after performing a single group synchronization. To deprovision a group and its users, perform a full system refresh.

remove application_access_type

Remove an application access type. MaxL can be used only to add or remove Essbase access.

rename to

Rename the user.

enable

Reactivate the user if the user's permission to log in has been terminated.

disable

Disable the user's permission to log in to Essbase.

set password

Change the user's password.

set password_reset_days INTEGER days

Specify the number of days before a password expires. This setting has meaning only if the system-level password_reset_days value (shown in the password_reset_days field of display system) is not zero or "none". The value of this setting must be between 1 and 65535. The latest effective date for user-level password expiration is Jan 19, 2038.

set password_reset_days none

Remove any user-level password expiration setting created by alter user set password_reset_days INTEGER, and revert the password reset days value back to the system-level value (shown in the password_reset_days field of display system).

set password_reset_days immediate

Force the user to change password at the next login.

set password_reset_days exact

Undo the 'immediate' setting above. If the administrator chooses 'immediate' and then attempts to revert to allowing a set number of days, the setting will not work, because 'immediate' takes precedence. Using 'exact' is the only way to reverse 'immediate.'

set type external

Specify that this user must log in to Essbase using Shared Services. For the user to log in successfully, the AUTHENTICATIONMODULE parameter must be set to CSS in the essbase.cfg file, and the user name must match a valid user name in the external authentication repository.

set sss_mode

Migrate the user to EPM System security mode. This action might be useful if the user migration failed using alter system. Minimum permission required: Administrator.

Password Enforcement Grammar:

  • enforce username_as_password—Create passwords that are the same as user names for users being migrated to Shared Services.

    Note:

    The passwords are created as lowercase, even if the user name contains uppercase letters. For example, if a user name KSmith is migrated with this option, the password will be ksmith.

  • enforce auto_password—Automatically generate passwords for the users being migrated to Shared Services. To see the generated passwords, use display user all in shared_services_native with auto_password;

    Optionally save the generated passwords to a nondefault file location. If specifying a file name that exists, use the force keyword to overwrite the file.

    If file name and location are not specified, passwords are saved by default to $ARBORPATH\bin\MigratedUsersPassword.txt.

  • enforce password <PASSWORD>—Generate the specified password for users being migrated to Shared Services.

For more information, see the Oracle Essbase Database Administrator's Guide chapter titled "User Management and Security."

comment

Create a description of the user.

reset

Remove obstructions to logging in for the specified user account.

  • The user account is re-enabled if it was disabled.

  • Any requirement to change password immediately is removed.

  • If the password has expired, the expiration is cleared.

  • The count of unsuccessful user logins is reset to 0.

revoke filter

Remove a filter assignment to this user. Privilege required: Application manger.

Note:

This statement does not remove filter assignments gained by membership to groups. To remove filter assignments to groups, use Alter Group.

all set sss_mode

Same as set sss_mode, but for all users.

Notes

PASSWORD ENFORCEMENT SPECIFICATION

Syntax diagram for alter user ENFORCE-PWD-SPEC.FILE-NAME

Example

alter user Fiona add to group Newhires;

Assigns Fiona to a group called Newhires.

alter user Fiona enable;

Enables user Fiona to log in again.

alter user Fiona set password_reset_days immediate;

Requires Fiona to change password at the next login.

alter user 'Autumn Smith' set type external;

Specifies that Autumn Smith is externally authenticated in a supported authentication repository (LDAP, Microsoft Active Directory, or Windows NT LAN Manager).

alter user ASmith rename to 'Autumn Smith';
alter user 'Autumn Smith' set type external;

Renames native Essbase user Asmith to Autumn Smith, because that is the name stored in the authentication repository. Specifies that Autumn Smith is externally authenticated in a supported authentication repository.

alter user Fiona remove application_access_type Essbase;

Removes Essbase application access from user Fiona. If user Fiona has permission to access Oracle Hyperion Planning, Fusion Edition, that permission remains intact.