The ImportSecurity utility loads access permissions for users or groups from a text file into Planning. (To add users or groups, see the Oracle Hyperion Enterprise Performance Management System User and Role Security Guide.) Importing access permissions overwrites existing access assignments only for imported members, data forms, data form folders, task lists, Calculation Manager business rules, and Calculation Manager business rule folders. All other existing access permissions remain intact. The SL_CLEARALL parameter clears all existing access permissions; you can use it with other parameters to replace existing access permissions. See also Exporting Access Permissions.
The ImportSecurity utility requires users to be provisioned to the Planning application before it assigns access. For example:
If user mrauch is provisioned to the TotPlan application, this record will assign access permissions to mrauch successfully using the utility:
mrauch,member1,READWRITE,MEMBER
If user ehennings is not already provisioned to the application, this record will fail to load:
ehennings,member1,READWRITE,MEMBER
The ExportSecurity utility automatically creates the SecFile.txt file, from which you can import access permissions. If you prefer, you can also manually create the SecFile.txt file using these guidelines:
You must name the text file SecFile.txt and save it in the planning1 directory (for the full path, see About EPM Oracle Instance).
All users, groups, and artifacts must be defined in the application.
Before importing access permissions on a user-defined custom dimension, you must allow access permissions to be set on it by selecting Apply Security (see Enabling Access Permissions for Dimensions).
Each line in the SecFile.txt file must specify access permissions information.
Each line must contain these items, separated by one of these delimiters: comma (,) Tab, semi-colon (;), pipe (|), colon (:), space ( ). Comma is the default.
Item | Description |
|---|---|
username or group name | The name of a user or group defined in Shared Services Console. To import access permissions information into a group with the same name as a user, append this information to the line in the SecFile.txt file that pertains to the group: sl_group For example: admin,member1,READ,MEMBER admin,member1,READ,MEMBER,SL_GROUP |
artifact name | The named artifact for the imported access permissions (for example the member, data form, task list, folder, or Calculation Manager business rule). Example: Account1. If an artifact name contains a character that you are using as the delimiter, enclose the name in double quotes. For example, if you are using a space as the delimiter, enclose the name South America in double quotes: “South America”. |
access permissions | READ, READWRITE, or NONE. If there are duplicate lines for a user/member combination, the line with READWRITE access takes precedence. For example, for these lines: User1,Member1,READ,@ICHILDREN User1,Member1,READWRITE,@ICHILDREN Access permissions for User1 to Member1 are applied as READWRITE. For Calculation Manager business rules and folders only: specify launch access permissions as either NONE or LAUNCH. |
Essbase access flags | @CHILDREN, @ICHILDREN, @DESCENDANTS, @IDESCENDANTS and MEMBER. Security implementation for these functions is identical to Essbase. Note: For task lists, only MEMBER can be used. For folders, only @IDESCENDANTS can be used. |
artifact type | For artifacts other than members, distinguish which artifact you are importing security for with artifact type identifier:
Note: The ExportSecurity utility automatically adds the required artifact type identifiers in the SecFile.txt file. If you manually create the SecFile.txt file, you must add the artifact type identifiers. Note: The ExportSecurity utility does not support exporting access permissions to task lists for administrators, so you must manually add such records to the SecFile.txt file before you can import them. |
Sample lines from a file:
User1,Account1,READ,@CHILDREN
Group2,DataForm08,READWRITE,MEMBER,SL_FORM
User3,TaskList09,READWRITE,MEMBER,SL_TASKLIST
NorthAmericaGroup,Sales,READWRITE,@IDESCENDANTS,SL_FORMFOLDER
To import access permissions into Planning:
Locate the ImportSecurity utility by navigating to the planning1 directory (for the full path, see About EPM Oracle Instance).
From the Command Prompt, enter this case-sensitive command, one space, and the parameters, separating each with a comma. Enclose the parameters with double quotation marks:
ImportSecurity [-f:passwordFile] “appname,username,[delimiter],[RUN_SILENT],[SL_CLEARALL]”
where:
Parameter
Description
[-f:passwordFile]
Optional: If an encrypted password file is set up, use as the first parameter in the command line to read the password from the full file path and name specified in passwordFile. See Suppressing Password Prompts in Planning Utilities.
appname
Name of the Planning application to which you are importing access permissions.
username
Planning administrator user name. delimiter
Optional: SL_TAB, SL_COMMA, SL_PIPE, SL_SPACE, SL_COLON, SL_SEMI-COLON. If no delimiter is specified, comma is the default.
RUN_SILENT
Optional: Execute the utility silently (the default) or with progress messages. Specify 0 for messages, or 1 for no messages.
[SL_CLEARALL]
Optional: Clear existing access permissions when importing new access permissions. Must be in uppercase.
For example:
ImportSecurity “app1,admin,SL_TAB,1”
To clear all access permissions, enter:
ImportSecurity “app1,admin,,,,SL_CLEARALL”
After you execute the utility, check the log file importsecurity.log in the EPM_ORACLE_INSTANCE/diagnostics/logs/planning directory to verify the results. For the full path, see About EPM Oracle Instance.