Exporting Access Permissions

The ExportSecurity utility exports Oracle Hyperion Planning access permissions to the SecFile.txt file, enabling you to export and import access permissions across applications (see Importing Access Permissions). For the specified user or group (or for all users and groups if you use only the mandatory parameters), the ExportSecurity utility exports access permissions to these artifacts: members, forms, form folders, task lists, business rules, and business rule folders. ExportSecurity appends an artifact type flag that specifies whether the exported artifact security is for a form, composite form, form folder, task list, business rule, or business rule folder.

Notes:

• If you specify only mandatory (not optional) parameters, all access permissions to all artifacts for all users and groups are exported. You can limit the export by specifying a member parameter (but only one member-based parameter).

• You can specify the optional parameters in any order.

• You can use only /S_USER or /S_GROUP, not both.

• Use the /S=searchCriteria parameter to specify users and groups with the same name.

• Running the utility creates a file named SecFile.txt, which contains the exported access permissions.

To export access permissions from Planning to a text file:

1. Navigate to the planning1 directory (for the full path, see About EPM Oracle Instance).
2. From the Command Prompt, enter this case-sensitive command, one space, and the parameters. Separate each parameter with a comma:

   ExportSecurity [-f:passwordFile] /A=appname,/U=username, [/S=searchCriteria|/S_USER=user|/S_GROUP=group], [/S_MEMBER=memberName|/S_MEMBER_ID=memberName |/S_MEMBER_D=memberName|/S_MEMBER_IC=memberName|/S_MEMBER_C=memberName],[/DELIM=delim] , [/DEBUG=true|false],[/TO_FILE=fileName],[/HELP=Y]

   where:

   Parameter	Description	Mandatory?
   [-f:passwordFile]	Optional: If an encrypted password file is set up, use as the first parameter in the command line to read the password from the full file path and name specified in passwordFile. See Suppressing Password Prompts in Planning Utilities.	No
   /A=appname	The name of the Planning application from which you are exporting access permissions.	Yes
   /U=username	The administrator's ID for logging into the application.	Yes
   /S=searchCriteria	The user or group name. You cannot use this option with /S_USER or /S_GROUP.	No
   /S_USER=user	A specified user name. You cannot specify multiple users or use this option with /S_GROUP or /S=searchCriteria.	No
   /S_GROUP=group	A specified group. Only matching groups, not matching user names, are exported. You cannot specify multiple groups or use this option with /S_USER or /S= search criteria.	No
   /S_MEMBER=MemberName	A specified member. You can specify only one member-based parameter.	No
   /S_MEMBER_ID=MemberName	A specified member and its descendants.	No
   /S_MEMBER_D=MemberName	A specified member's descendants.	No
   /S_MEMBER_IC=MemberName	A specified member and its children.	No
   /S_MEMBER_C=MemberName	A specified member's children.	No
   /DELIM=delim	SL_TAB, SL_COMMA, SL_PIPE, SL_SPACE, SL_COLON, SL_SEMI-COLON. If no delimiter is specified, comma is the default.	No
   /DEBUG=	Specify true to display the utility's performed steps. false is the default.	No
   /TO_FILE=	Specify the path to the SecFile.txt file. By default, the file is in the planning1 directory (for the full path, see About EPM Oracle Instance). If you specify another path, use double backslashes, for example: C:\\Oracle\\SecFile.txt.	No
   /HELP=Y	Specify as the only parameter to display the syntax and options for ExportSecurity.	No

   For example, to export access permissions for a user and group named Sales, enter:

   ExportSecurity /A=app1,/U=admin,/S=Sales

   To export for a member named Account100 and its descendants, with the colon delimiter to a file named Account100.txt in a specific path (in this example, to Planning\planning1):

   ExportSecurity /A=planapp1,/U=admin,/TO_FILE=D:\\EPM_ORACLE_INSTANCE\\Planning\\planning1\\Account100,/S_MEMBER_ID=Account100,/DELIM=SL_COLON

3. If prompted, enter your password.

Also note:

• If a member, user, or group name contains a character used as the delimiter, the name is enclosed in double quotation marks. For example, if a space is the delimiter, the name South America is enclosed in double quotation marks: "South America".

• Because commas are used to separate parameters, if a parameter contains commas (for example, Kravets, Diana), precede it with a backslash. Also use backslash to escape the backslash from the command prompt. In this example, use two backslashes: /A=Kravets\\,Diana

• The ExportSecurity utility does not support exporting access permissions to task lists for administrators, so you must manually add such records to the SecFile.txt file before you can import them.

Understanding the export file:

Item	Description
user or group	The name of a user or group defined in Oracle Hyperion Shared Services Console.
memName	A member in the application.
access permissions	READ, READWRITE, or NONE. If there are duplicate lines for a user name/member name combination, the line with READWRITE access takes precedence. For Oracle Hyperion Calculation Manager business rules and folders only: Access permissions are specified as either NONE or LAUNCH.
Oracle Essbase access flags	@CHILDREN, @ICHILDREN, @DESCENDANTS, @IDESCENDANTS, and MEMBER. Security implementation for these functions is identical to Essbase.
artifact type	After each line, the utility appends the artifact type: SL_FORM—for forms SL_COMPOSITE—for composite forms SL_TASKLIST—for task lists SL_CALCRULE—for business rules SL_FORMFOLDER—for form folders SL_CALCFOLDER—for folders containing business rules Note: If you manually create the SecFile.txt file, you must add the artifact type identifiers.

For example, an exported file might contain these lines:

User1,DataForm2,READ,MEMBER,SL_COMPOSITE

User2,Folder3,READWRITE,MEMBER,SL_FORMFOLDER

User3,DataForm4,READWRITE,MEMBER,SL_FORM

"North America",Account101,READWRITE,MEMBER,SL_CALCFOLDER