Exporting Access Permissions

The ExportSecurity utility exports Planning access permissions to the SecFile.txt file, enabling you to export and import access permissions across applications (see Importing Access Permissions). For the specified user or group (or for all users and groups if you use only the mandatory parameters), the ExportSecurity utility exports access permissions to these artifacts: members, forms, form folders, task lists, business rules, and business rule folders. ExportSecurity appends an artifact type flag that specifies whether the exported artifact security is for a form, composite form, form folder, task list, business rule, or business rule folder.


  • If you specify only mandatory (not optional) parameters, all access permissions to all artifacts for all users and groups are exported. You can limit the export by specifying a member parameter (but only one member-based parameter).

  • You can specify the optional parameters in any order.

  • You can use only /S_USER or /S_GROUP, not both.

  • Use the /S=searchCriteria parameter to specify users and groups with the same name.

  • Running the utility creates a file named SecFile.txt, which contains the exported access permissions.

  To export access permissions from Planning to a text file:

  1. Navigate to the planning1 directory (for the full path, see About EPM Oracle Instance).

  2. From the Command Prompt, enter this case-sensitive command, one space, and the parameters. Separate each parameter with a comma:

    ExportSecurity [-f:passwordFile] /A=appname,/U=username, [/S=searchCriteria|/S_USER=user|/S_GROUP=group], [/S_MEMBER=memberName|/S_MEMBER_ID=memberName |/S_MEMBER_D=memberName|/S_MEMBER_IC=memberName|/S_MEMBER_C=memberName],[/DELIM=delim] , [/DEBUG=true|false],[/TO_FILE=fileName],[/HELP=Y]






    Optional: If an encrypted password file is set up, use as the first parameter in the command line to read the password from the full file path and name specified in passwordFile. See Suppressing Password Prompts in Planning Utilities.



    The name of the Planning application from which you are exporting access permissions.



    The administrator's ID for logging into the application.



    The user or group name.

    You cannot use this option with /S_USER or /S_GROUP.



    A specified user name.

    You cannot specify multiple users or use this option with /S_GROUP or /S=searchCriteria.



    A specified group. Only matching groups, not matching user names, are exported.

    You cannot specify multiple groups or use this option with /S_USER or /S= search criteria.



    A specified member.

    You can specify only one member-based parameter.



    A specified member and its descendants.



    A specified member's descendants.



    A specified member and its children.



    A specified member's children.



    SL_TAB, SL_COMMA, SL_PIPE, SL_SPACE, SL_COLON, SL_SEMI-COLON. If no delimiter is specified, comma is the default.



    Specify true to display the utility's performed steps. false is the default.



    Specify the path to the SecFile.txt file. By default, the file is in the planning1 directory (for the full path, see About EPM Oracle Instance).

    If you specify another path, use double backslashes, for example: C:\\Oracle\\SecFile.txt.



    Specify as the only parameter to display the syntax and options for ExportSecurity.


    For example, to export access permissions for a user and group named Sales, enter:

    ExportSecurity /A=app1,/U=admin,/S=Sales

    To export for a member named Account100 and its descendants, with the colon delimiter to a file named Account100.txt in a specific path (in this example, to Planning\planning1):

    ExportSecurity /A=planapp1,/U=admin,/TO_FILE=D:\\EPM_ORACLE_INSTANCE\\Planning\\planning1\\Account100,/S_MEMBER_ID=Account100,/DELIM=SL_COLON

  3. If prompted, enter your password.

Also note:

  • If a member, user, or group name contains a character used as the delimiter, the name is enclosed in double quotation marks. For example, if a space is the delimiter, the name South America is enclosed in double quotation marks: “South America”.

  • Because commas are used to separate parameters, if a parameter contains commas (for example, Kravets, Diana), precede it with a backslash. Also use backslash to escape the backslash from the command prompt. In this example, use two backslashes: /A=Kravets\\,Diana

  • The ExportSecurity utility does not support exporting access permissions to task lists for administrators, so you must manually add such records to the SecFile.txt file before you can import them.

Understanding the export file:



user or group

The name of a user or group defined in Shared Services Console.


A member in the application.

access permissions

READ, READWRITE, or NONE. If there are duplicate lines for a user name/member name combination, the line with READWRITE access takes precedence.

For Calculation Manager business rules and folders only: Access permissions are specified as either NONE or LAUNCH.

Essbase access flags


Security implementation for these functions is identical to Essbase.

artifact type

After each line, the utility appends the artifact type:

  • SL_FORM—for forms

  • SL_COMPOSITE—for composite forms

  • SL_TASKLIST—for task lists

  • SL_CALCRULE—for business rules

  • SL_FORMFOLDER—for form folders

  • SL_CALCFOLDER—for folders containing business rules


If you manually create the SecFile.txt file, you must add the artifact type identifiers.

For example, an exported file might contain these lines: