There are different security models for Essbase:
Essbase native security mode: Essbase controls all security aspects, including users, groups, roles, applications, and more. All security information is stored in the Essbase security file (essbase.sec), which is located under ARBORPATH.
EPM System security mode: Most of the security responsibilities are moved from Essbase to Shared Services. Security information stored in the Shared Services native directory include: users and groups information, roles assignment for users and groups, application information, and more. User authentication for users in external providers (such as LDAP, MSAD, and OID) is done through the providers. Security information in the essbase.sec file is kept to a minimum.
Fusion security mode: Fusion JPS security is responsible for user and group management, as well as role management for users and groups. User authentication for users in external providers (such as LDAP, MSAD, and OID) is done through the providers. There is no security information stored in essbase.sec. Application and database information is still stored in essbase.sec.
Table 257 explains the how security-related operations are handled in each security mode.
Table 257. Differences in Security-Related Operations in Different Security Models
| Request | Essbase Native Security | Oracle Enterprise Performance Management System Security | Fusion Security |
|---|---|---|---|
| Create user | Create user in the essbase.sec file | Create Shared Services native user in the Shared Services native directory | Disabled (an error message is returned) |
| Create group | Create group in the essbase.sec file | Create Shared Services native group in the Shared Services native directory | Disabled (an error message is returned) |
| Delete user | Delete user in the essbase.sec file | Delete Shared Services native user in the Shared Services native directory | Disabled (an error message is returned) |
| Delete group | Delete group in the essbase.sec file | Delete Shared Services native group in the Shared Services native directory | Disabled (an error message is returned) |
| Rename user | Rename user in the essbase.sec file | Rename Shared Services native user in the Shared Services native directory | Disabled (an error message is returned) |
| Rename group | Rename group in the essbase.sec file | Rename Shared Services native group in the Shared Services native directory | Disabled (an error message is returned) |
| Add user to group | Add user to group in the essbase.sec file | Add user to group in the Shared Services native directory | Disabled (an error message is returned) |
| Add group to group | A group within a group is not supported | Add group to group in the Shared Services native directory | Disabled (an error message is returned) |
| Set password | Set user password | Set the Shared Services native user password | Disabled (an error message is returned) |
| Migrate to Shared Services mode | Migrate Essbase to Shared Services mode | Disabled (Essbase is already migrated) | Disabled (an error message is returned) |
| Migrate user to Shared Services mode | Disabled (applies to Shared Services mode only) | Migrate failed user to Shared Services mode | Disabled (an error message is returned) |
| Migrate group to Shared Services mode | Disabled (applies to Shared Services mode only) | Migrate failed group to Shared Services mode | Disabled (an error message is returned) |
| List users that failed to migrate | Disabled (applies to Shared Services mode only) | List users that failed to migrate | Disabled (an error message is returned) |
| List groups that failed to migrate | Disabled (applies to Shared Services mode only) | List groups that failed to migrate | Disabled (an error message is returned) |
| Create application | Create application in the essbase.sec file | Create application in the essbase.sec file and register the application in the Shared Services native directory | Create application in the essbase.sec file |
| Create database | Create database in the essbase.sec file | Create database in the essbase.sec file (Essbase databases are not registered in the Shared Services native directory) | Create database the essbase.sec file |
| Reregister application | Disabled (applies to Shared Services mode only) | Reregister application in the Shared Services native directory | Disabled (applies to Shared Services mode only) |
| Delete application | Delete application in the essbase.sec file | Delete application in the essbase.sec file and deregister the application in the Shared Services native directory | Delete application in the essbase.sec file |
| Delete database | Delete database in the essbase.sec file | Delete database in the essbase.sec file (Essbase databases are not registered in the Shared Services native directory) | Delete database in the essbase.sec file |
| Set user | Set security information for the user | Set security information for the user | Disabled (an error message is returned) |
| Set external user | Set security information for the external provider user | Set security information for the external provider user | Disabled (an error message is returned) |
| Grant access to user | Grant access to system/application/database to user (stored in the essbase.sec file) | Grant access to system/application/database to user (stored in the Shared Services native directory) | Disabled (an error message is returned from Shared Services CSS API) |
| Grant access to group | Grant access to system/application/database to group (stored in the essbase.sec file) | Grant access to system/application/database to group (stored in the Shared Services native directory) | Disabled (an error message is returned from Shared Services CSS API) |
| Display user/group | Display users/groups that are stored in the essbase.sec file | Display users/groups that are provisioned to Essbase from Oracle Hyperion Shared Services | Display users/groups that are stored in the essbase.sec file (filter assigned) |
| Grant filter to user | Grant filter to user (stored in the essbase.sec file) | Grant filter to user (stored in the essbase.sec file) | Grant filter to user (stored in the essbase.sec file) |
| Grant filter to group | Grant filter to group (stored in the essbase.sec file) | Grant filter to group (stored in the essbase.sec file) | Grant filter to group (stored in the essbase.sec file) |
| Display filter | Display filters that are stored in the essbase.sec file | Display filters that are stored in the essbase.sec file | Display filters that are stored in the essbase.sec file |