Provisioning (Role-based Authorization)

Oracle Enterprise Performance Management System security determines user access to applications using the concept of roles. Roles are permissions that determine user access to functions within EPM System components. Some EPM System components enforce object-level ACLs to further refine user access to their artifacts such as reports and members.

Each EPM System component provides several default roles tailored to various business needs. Applications belonging to an EPM System component inherits these roles. Predefined roles from the applications registered with Oracle Hyperion Shared Services are displayed in the Oracle Hyperion Shared Services Console.

To facilitate provisioning, you may create custom Native Directory roles that aggregate the default roles to suit specific requirements. The process of granting roles and object ACLs belonging to EPM System applications to users and groups is called provisioning.

Native Directory and configured user directories are sources for user and group information for provisioning.

After a user is authenticated, the EPM System component that the user attempted to access determines the user's groups. It then retrieves the user's provisioning data to determine the EPM System application roles that are applicable to the user. Additional data or object access security may be handled through finer permissions defined within the application.

Role-based provisioning of EPM System products uses these concepts.