The ExportSecurity utility exports Planning access permissions to the SecFile.txt file, enabling you to export and import access permissions across applications (see Importing Access Permissions). For the specified user or group (or for all users and groups if you use only the mandatory parameters), the ExportSecurity utility exports access permissions to these artifacts: members, data forms, data form folders, task lists, Calculation Manager business rules, and Calculation Manager business rule folders. ExportSecurity appends an artifact type flag that specifies whether the exported artifact security is for a data form, composite data form, data form folder, task list, Calculation Manager business rule, or Calculation Manager folder.
Notes:
If you specify only mandatory (not optional) parameters, all access permissions to all artifacts for all users and groups are exported. You can limit the export by specifying a member parameter (but only one member-based parameter).
You can specify the optional parameters in any order.
You can use only /S_USER or /S_GROUP, not both.
Use the /S=searchCriteria parameter to specify users and groups with the same name.
Running the utility creates a file named SecFile.txt, which contains the exported access permissions.
To export access permissions from Planning to a text file:
Navigate to the planning1 directory (for the full path, see About EPM Oracle Instance).
From the Command Prompt, enter this case-sensitive command, one space, and the parameters. Separate each parameter with a comma:
ExportSecurity [-f:passwordFile] /A=appname,/U=username, [/S=searchCriteria|/S_USER=user|/S_GROUP=group], [/S_MEMBER=memberName|/S_MEMBER_ID=memberName |/S_MEMBER_D=memberName|/S_MEMBER_IC=memberName|/S_MEMBER_C=memberName],[/DELIM=delim] , [/DEBUG=true|false],[/TO_FILE=fileName],[/HELP=Y]
where:
Parameter
Description
Mandatory?
[-f:passwordFile]
Optional: If an encrypted password file is set up, use as the first parameter in the command line to read the password from the full file path and name specified in passwordFile. See Suppressing Password Prompts in Planning Utilities.
No /A=appname
The name of the Planning application from which you are exporting access permissions.
Yes
/U=username
The administrator's ID for logging into the application. Yes
/S=searchCriteria
The user or group name.
You cannot use this option with /S_USER or /S_GROUP.
No
/S_USER=user
A specified user name.
You cannot specify multiple users or use this option with /S_GROUP or /S=searchCriteria.
No
/S_GROUP=group
A specified group. Only matching groups, not matching user names, are exported.
You cannot specify multiple groups or use this option with /S_USER or /S= search criteria.
No
/S_MEMBER=MemberName
A specified member.
You can specify only one member-based parameter.
No
/S_MEMBER_ID=MemberName
A specified member and its descendants.
No
/S_MEMBER_D=MemberName
A specified member's descendants.
No
/S_MEMBER_IC=MemberName
A specified member and its children.
No
/S_MEMBER_C=MemberName
A specified member's children.
No
/DELIM=delim
SL_TAB, SL_COMMA, SL_PIPE, SL_SPACE, SL_COLON, SL_SEMI-COLON. If no delimiter is specified, comma is the default.
No
/DEBUG=
Specify true to display the utility's performed steps. false is the default.
No
/TO_FILE=
Specify the path to the SecFile.txt file. By default, the file is in the planning1 directory (for the full path, see About EPM Oracle Instance).
If you specify another path, use double backslashes, for example: C:\\Oracle\\SecFile.txt.
No
/HELP=Y
Specify as the only parameter to display the syntax and options for ExportSecurity.
No
For example, to export access permissions for a user and group named Sales, enter:
ExportSecurity /A=app1,/U=admin,/S=Sales
To export for a member named Account100 and its descendants, with the colon delimiter to a file named Account100.txt in a specific path (in this example, to Planning\planning1):
ExportSecurity /A=planapp1,/U=admin,/TO_FILE=D:\\EPM_ORACLE_INSTANCE\\Planning\\planning1\\Account100,/S_MEMBER_ID=Account100,/DELIM=SL_COLON
Also note:
If a member, user, or group name contains a character used as the delimiter, the name is enclosed in double quotes. For example, if a space is the delimiter, the name South America is enclosed in double quotes: “South America”.
Because commas are used to separate parameters, if a parameter contains commas (for example, Kravets, Diana), precede it with a backslash. Also use backslash to escape the backslash from the command prompt. In this example, use two backslashes: /A=Kravets\\,Diana
The ExportSecurity utility does not support exporting access permissions to task lists for administrators, so you must manually add such records to the SecFile.txt file before you can import them.
Understanding the export file:
Item | Description |
|---|---|
user or group | The name of a user or group defined in Shared Services Console. |
memName | A member in the application. |
access permissions | READ, READWRITE, or NONE. If there are duplicate lines for a user name/member name combination, the line with READWRITE access takes precedence. For Calculation Manager business rules and folders only: Access permissions are specified as either NONE or LAUNCH. |
Essbase access flags | @CHILDREN, @ICHILDREN, @DESCENDANTS, @IDESCENDANTS, and MEMBER. Security implementation for these functions is identical to Essbase. |
artifact type | After each line, the utility appends the artifact type:
Note: If you manually create the SecFile.txt file, you must add the artifact type identifiers. |
For example, an exported file might contain these lines:
User1,DataForm2,READ,MEMBER,SL_COMPOSITE
User2,Folder3,READWRITE,MEMBER,SL_FORMFOLDER
User3,DataForm4,READWRITE,MEMBER,SL_FORM
”North America”,Account101,READWRITE,MEMBER,SL_CALCFOLDER