In FDMEE, administrators can secure almost any user interface and report feature. FDMEE supports five levels of security:
Role level security—Controls access to components of the user interface that each user can access.
Report security—Controls the reports that can be executed based on the report groups assigned to a role.
Batch security—Controls the batches that can be executed based on the batch groups assigned to a role.
Custom scripts security—Controls the custom scripts that can be executed based on the custom script groups assigned to a role.
Location security—Controls access to locations.
Security levels apply to users. Role and Location security levels assigned to users are compared at runtime. If an user is assigned a level that is equal to the level assigned to the feature that the user is trying to access, the feature is available to the user.
FDMEE security enables you to customize user access to user interface functions using the concept of roles. Roles are permissions that grant user access to functions. In FDMEE, default roles are assigned to functions that aggregate and tailor specific requirements. After the functions are assigned to a role, the corresponding role is mapped to users when provisioning users in Shared Services. The process of granting roles to users is described in the Oracle® Enterprise Performance Management System User and Role Security Guide.
To add role level security:
On the Setup tab, under Configure, select Security Settings.
In Role, select the role to which to assign access.
A list of roles is described in Table 6, Role and Descriptions.
The role category determines the display of functions associated with the selected role.
Table 6. Role and Descriptions
| Role | Description |
|---|---|
| Administrator | Grants access to all FDMEE functions. |
| Create Integration | Creates FDMEE metadata and data load rules. |
| Run Integration | Runs FDMEE metadata and data rules and fills out runtime parameters. Can view transaction logs. |
| Drill Through | Controls whether you can drill to the FDMEE landing page, which controls drilling to the source system. |
| HR Integration | Runs Human Resource data rules and fills out runtime parameters. Can view transaction logs. |
| Intermediate 2-9 | Roles for intermediate levels are defined by the administrator. |
To add batch security:
On the Setup tab, under Configure, select Security Settings.
In the Role drop-down, select the role to which to assign batch security.
A list of roles is described in Table 6, Role and Descriptions.
From Function, select the user interface function to which to assign security.
To define report security, you assign reports of a selected type to a group (see Adding Report Groups). Next you assign the report group to a role. The role has access to all reports in the groups at execution time.
To add report level security:
On the Setup tab, under Configure, select Security Settings.
In the Role drop-down, select the role to which to assign the report security.
A list of roles is described in Table 6, Role and Descriptions.
From Report Group, select the report group to which to assign report security.
To define batch security, you assign batches of a selected type to a group (see Adding a Batch Group) Next you assign the batch group to a role. The role has access to all batches in the groups at execution time.
To add batch security:
In the Role drop-down, select the role to which to assign batch security.
A list of roles is described in Table 6, Role and Descriptions.
From Batch Group, select the batch group to assign batch security.
To define custom scrip security, you assign custom scripts of a selected type to a group (see Adding a Custom Script Group). Next you assign the custom scripts group to a role. The role has access to all custom scripts in the groups at execution time.
To add role level security:
On the Setup tab, under Configure, select Security Settings.
In the Role drop-down, select the role to which to assign custom script security.
A list of roles is described in Table 6, Role and Descriptions.
From Custom Script Group, select the custom script group to which to assign custom script security.
Location security (user access to locations) for FDMEE is configured and enforced by options on the Location Security Settings tab. You define the user groups to create for each location. When a Location is created or updated, then you can create as many groups as defined in the system settings for the Location. Additionally, a “Maintain User Groups” enables you to create user groups in mass for all the existing locations.
Several dependent processes must occur before Location Security is fully implemented:
When a Location is created, User Groups are created automatically in Oracle Hyperion Shared Services.
The user group contains the name of the Location and additional prefix and suffix information based on the user preference. In addition, roles are provisioned for User Groups.
The administrator provisions the users to the User Groups.
When the user logs in, FDMEE determines the groups assigned to the user.
Based on the name of the group, FDMEE determines the accessible locations.
The POV region filters the locations based on the user access.
Note: | If the web services and batch scripts are used, then location security is still maintained and enforced. |
To add a user group for location security:
On the Setup tab, under Configure, select Security Settings.
In the Location summary grid, click Add.
A LOCATION name row is added. When the group is saved, the Group name is in the form of Prefix_Location_Suffix, for example, FDMEE_LOCATION_DATA.
The prefix and suffix help identify groups in Common Shared Services (CSS).
In the Security Setting Details grid, enter a description of the user group in the Description field.
For example, enter: Group for Creating and Running Integration.
In the Prefix field, enter FDMEE.
When the group is saved, the prefix is prepended to the group name.
In the Suffix field, select the name of the function or rule that the user is provisioned to access.
For example, specify:
Data Rule Metadata Rule (Run Integration role)
HR Rule (HR Integration role)
Create Integration
Drill Through
When the group is saved, the suffix is appended to the group name.
Select the list of roles provisioned for the user group by selecting the appropriate roles:
Create Integration
Drill Through
Run Integration
HR Integration
Intermediate 2-9
The list of roles is described in Table 6, Role and Descriptions.
To create users groups in mass for the location, click Maintain User Groups.