Assigning Security Roles

Access to your application depends on user security roles and the privileges given to the role:

Security Role

Description

TSS Administrator

Controls system administrative tasks, except provisioning. The Administrator can perform these tasks:

  • Perform all tasks that a Power User has rights to

  • Perform onetime system setups; for example, defines system currency, available currencies, periods, and frequency

  • Define and perform Financial Management integration Imports Dimension table definition and members from Financial Management

  • Define data sets

  • Define forms and assign workflow for the forms

  • Deploy data sets to data collection periods

  • Manage data collection periods:

    • Define the dates for the period

    • Open, close, and lock periods

Has full access to the following objects:

  • All system settings information

  • All dimension definitions and members

  • All data set definitions

  • All form definitions

  • All workflow status for any forms

  • Modifies or views data

TSS Power User

The same user is often the administrator and power user.

  • Performs the tasks that an analyst can do if the power user is also assigned as the preparer or the approver or the integrator for the form data

  • Defines dimension tables and creates dimensions members for the system

  • Defines data sets

  • Defines forms and assigns workflow for the forms.

  • Deploys data sets to data collection periods

Has full access to the following objects in the application:

  • All dimension definitions and members

  • All data set definitions

  • All form definitions

  • All workflow status for any forms

  • Modifies data or views data only if also assigned in the workflow as preparer, approver, integrator, or viewer for specific form instances.

TSS Dimension Editor

The Dimension Editor assumes the “local” power user role for the maintenance of dimension members. This role is important because dimension members can be different for a different entity and it would not be possible for a global power user to create all valid members for all entities.

  • Can add or remove members from the dimension.

  • Cannot create dimensions or change dimension definitions.

  • This security role allows a user who needs to create additional members for dimension while entering data.

  • Users cannot view data or workflow status for any form instance unless assigned as preparer/approver/integrator/viewer.

    Note:

    The viewer option is for both data and status. However, for each entity assigned in the workflow of the form, viewers can view data:

    • Always

    • After submission

    • After approval

TSS User

Access data for a form instance. Whether it is view or modify, access depends on the workflow assignment. Users can't access system settings or metadata information.

  • User assigned as preparer of a specific form instance can perform data entry and modify the data for that form.

  • User assigned as approver of a specific form instance can only view data for the form.

  • User assigned as integrator of a specific form instance can only view data for the form.

  • User assigned as Integrator of specific form instance to post data to Financial Management must be a valid user in the Financial Management application to which data is posted and this user must have “modify” access to the data cell in Financial Management to which the amount is written.

  • User assigned as Viewer of specific form instance can view data only for the form.

  • A user can view workflow status for any form instances for which user is assigned as preparer, approver, integrator. viewer.

    Note:

    The viewer option is for both data and status of the form. However, for each entity assigned in the workflow of the form, the viewer has the option to view data:

    • Always

    • After submission

    • After approval

TSS Drill Through

The Drill Through role allows user to access drill through on a landing page containing the form instance supporting the data posted to Financial Management. The user can view the information only in this form instance. The user can perform actions, such as print preview or export to a spreadsheet, only on this drill-through landing page. This user can't access the application system.

TSS Report Designer

  • Access to manage reports

  • Access to generate reports

You assign security roles in Oracle Hyperion Shared Services Console, which displays a list of users, groups, or teams from your external authentication provider. You can assign security roles to groups or individuals.

  To assign security roles:

  1. From EPM Workspace, select Navigate, then Administer, and then Shared Services Console to access Oracle Hyperion Shared Services.

  2. Expand the User Directories folder, and then expand the directory where the users reside.

  3. Perform an action:

    • To assign security roles to a user, select Users.

    • To assign security roles to a group, select Group.

  4. Select a user or group.

  5. Provision the user using one of these methods:

    • Right-click and select Provision.

    • Select Administration, and then Provision.

    • Click Provision.

  6. From Available Roles, expand and select your application, then expand to a role, then click the arrow button to add the role to the user, and then click Save.

  7. Review the summary report, and then click OK.