Security is based on user privileges and system roles and access permissions that you assign to users and to groups. Groups are sets of users who need similar access permissions. You assign task security by assigning roles to a user. Each role is associated with a set of tasks. See the Oracle Hyperion Enterprise Performance Management System User and Role Security Guide.
By default, users can open only those artifacts, such as data forms and task lists, to which they have access. Assign access using the following guidelines, following the procedure in “Setting Up Access Permissions” and “Assigning Access to Members” in the Oracle Hyperion Planning Administrator's Guide.
Dimensions and Members—Grant access so that planners can view and change information only for their own employees and positions. Do so by providing access to the Entity dimension and Element members. Do not restrict access to descendants of New Positions and New Employees. See Securing Dimensions and Members.
Data forms—Assign appropriate access to data forms based on their relevance to users. For example, assign planners access to all data forms in the Budget Preparation data form folder. If you grant access to the Human Capital Planning folder, planners can view all child folders and forms. See Securing Data Forms.
Task lists—Assign appropriate access to task lists based on their relevance to users. For example, allow planners access to the Budget Preparation task list, but not to the Budget Administration task list. Validation rules prevent users from entering invalid data. See Securing Task Lists.
Business rules—Selectively assign access permissions to business rules at the HR entity level to enable position mass updates. Use Calculation Manager to assign access permissions to business rules in Planning. See Securing Business Rules.
Note: | Public Sector Planning and Budgeting no longer supports Business Rules. Consequently, modify business rules using Calculation Manager. |
Planning unit hierarchies––Grant access only to cost center owners or reviewers.
Reporting applications––Assign access to reporting applications in Shared Services, and set up security filters for the reporting applications in Administration Services.
During the budget cycle, lock user sets to prevent users from modifying scenario-version data combinations.