Assigning Security Roles

In Profitability and Cost Management, each user ID is assigned a security role:

Administrator (admin is the default security role when you log on to Shared Services)
Power User
Interactive User
View User

The assigned security role determines the level of access or privileges available for that user. A user can be granted multiple roles, and at the time an action is initiated, the permission is checked for that specific action.

Note:

At least one user must be manually assigned the Provisioning Manager role in the Shared Services Console. This Provisioning Manager role enables that user to assign security roles to other users for the application. See the Oracle Hyperion Enterprise Performance Management System User and Role Security Guide

The security roles in Table 3 are specific to Profitability and Cost Management. For a complete description of all security roles, see the Oracle Hyperion Enterprise Performance Management System User and Role Security Guide.

A user must exist and have an assigned security role before you can assign the user to a group. When an access level is assigned to a group of users, similar security access is granted to all members of that group. Depending on the access requirements for a particular user, the assigned security may be modified to attach a wider or narrower access. For example, a View User assigned to a group that has Power User security authorization assumes that higher level of security.

If a user must initiate and monitor taskflows, additional Shared Services roles are required, as shown on Table 3, Profitability and Cost Management Security Roles.

Caution!

If the user requires access to other products, such as an Application Creator in EPM Workspace or Dimension Editor in Performance Management Architect, those additional security roles must be assigned separately. See the Oracle Hyperion Enterprise Performance Management System User and Role Security Guide.

See the Oracle Hyperion Enterprise Performance Management System User and Role Security Guide for detailed instructions.

Table 3. Profitability and Cost Management Security Roles

Security Role	Type of Role	Description
Administrator (admin)	Power	Create and maintain user accounts and security roles, and provision users, using Shared Services Generate Essbase databases Set up and maintain application preferences Build the model database using Performance Management Architect to select the common dimensions and members Create and maintain elements within the model, such as stages, drivers, POVs, driver selections, assignments, and application preferences Perform POV Copy, calculation, validation, data entry, and trace allocations Deploy to Essbase and generate calculation scripts Import and export data Use the Lifecycle Management Utility to promote data from one environment, such as development or testing, to another environment, such as production. Back up and restore Profitability and Cost Management model components. Monitor changes made to business objects. Note: The Power User does not necessarily require specific security roles to perform tasks. For example, if a Power User runs a calculation from the Calculate screen, this action creates and executes a taskflow behind the scenes. The Power User does not require the Manage Taskflow role to perform this task, unless the Power User wants to access this task directly from the Manage Taskflows task.
Power User	Power	Create and maintain elements within the model, such as stages, drivers, POVs, driver selections, assignments, and application preferences. Perform POV Copy, calculation, validation, data entry and trace allocations. Deploy to Essbase and generate calculation scripts. Import and export data
Interactive User	Interactive	View all modelling screens View and modify data in the Data Entry screen View Trace Allocations
View User	Interactive	View only access for these functions: Trace Allocations Application Preferences Model Stages, Drivers and POVs
Manage Taskflows	Shared Services Role	Required to create and edit taskflows. For more information, see the Oracle Hyperion Enterprise Performance Management System User and Role Security Guide.
Run Taskflows	Shared Services Role	Required to enable users to only run and view taskflows. Users with this role cannot create or edit taskflows. For more information, see the Oracle Hyperion Enterprise Performance Management System User and Role Security Guide.