The Shared Services Console is the administrative interface for Shared Services. All users defined in the user directories configured in Shared Services can log in to Shared Services Console. End users need not be provisioned with Shared Services roles.
You must provision users with application roles to allow them to access EPM System applications. Shared Services Administrators and Provisioning Managers perform the following steps to provision users and groups:
From Shared Services Console, identify and select the users (or the groups to which they belong) who need access to the EPM System product. See Searching for Users, Groups, Roles, and Delegated Lists.
Assign product roles that allow users to access EPM System product. For example, all Essbase users should have the Server Access role. See Provisioning Users and Groups. Not all EPM System products enforce product-level roles.
EPM System product roles are described in EPM System Roles.
Assign application-specific roles that grant access to the functions of EPM System applications. For instance, Essbase application Esb_App1 provides the Calc role, which can be assigned to users who must work with Calc scripts of Esb_App1.
These roles are assigned on a per-application basis. For example, roles from Essbase application Esb_App1 allows users to access functionalities in Esb_App1 only.
Using a product administration screen, assign access to the artifacts managed by the EPM System application. You can launch the product administration screen from Shared Services Console using these steps:
Artifact-level access control allows administrators to fine-tune access to application objects. Because these access privileges are by design more granular than application roles, you can use them to restrict the access rights that were granted using roles.
In the View pane of Shared Services Console, expand Application Groups.
Expand the application group node that contains the application.
Right-click the application to provision.
Select Assign Access Control. A product administration screen, which is not a part of Shared Services Console, opens.
Provision users.
Artifact-level access control is explained in the Administration Guide of the EPM System product.