Importing Access Permissions
The ImportSecurity
utility loads access permissions for users or groups from a text file into Oracle Hyperion Planning. (To add users or groups, see the Oracle Enterprise Performance Management System User Security Administration Guide.) Importing access permissions overwrites existing access assignments only for imported members, forms, form folders, task lists, Oracle Hyperion Calculation Manager business rules, and Calculation Manager business rule folders. All other existing access permissions remain intact. The SL_CLEARALL
parameter clears all existing access permissions; you can use it with other parameters to replace existing access permissions. See also Exporting Access Permissions.
The ImportSecurity
utility requires users to be provisioned to the Planning application before it assigns access. For example:
-
If user mrauch is provisioned to the TotPlan application, this record will assign access permissions to mrauch successfully using the utility:
mrauch,member1,READWRITE,MEMBER
-
If user ehennings is not already provisioned to the application, this record will fail to load:
ehennings,member1,READWRITE,MEMBER
The ExportSecurity
utility automatically creates the SecFile.txt
file, from which you can import access permissions. If you prefer, you can also manually create the SecFile.txt
file using these guidelines:
-
You must name the text file
SecFile.txt
and save it in theplanning1
directory (for the full path, see About EPM Oracle Instance). -
All users, groups, and artifacts must be defined in the application.
-
Before importing access permissions on a user-defined custom dimension, you must allow access permissions to be set on it by selecting Apply Security (see Enabling Access Permissions for Dimensions).
-
Each line in the
SecFile.txt
file must specify access permissions information.
Each line must contain these items, separated by one of these delimiters: comma (,) Tab, semi-colon (;), pipe (|), colon (:), space ( ). Comma is the default.
Item | Description |
---|---|
username or group name |
The name of a user or group defined in Oracle Hyperion Shared Services Console. To import access permissions information into a group with the same name as a user, append this information to the line in the For example:
|
artifact name |
The named artifact for the imported access permissions (for example the member, form, task list, folder, or Calculation Manager business rule). Example: If an artifact name contains a character that you are using as the delimiter, enclose the name in double quotation marks. For example, if you are using a space as the delimiter, enclose the name South America in double quotation marks: |
access permissions |
READ, READWRITE, or NONE. If there are duplicate lines for a user/member combination, the line with READWRITE access takes precedence. For example, for these lines:
Access permissions for User1 to Member1 are applied as READWRITE. For Calculation Manager business rules and folders only: specify launch access permissions as either NONE or LAUNCH. |
Oracle Essbase access flags |
@CHILDREN, @ICHILDREN, @DESCENDANTS, @IDESCENDANTS and MEMBER. Security implementation for these functions is identical to Essbase. Note: For task lists, only MEMBER can be used. For folders, only @IDESCENDANTS can be used. |
artifact type |
For artifacts other than members, distinguish which artifact you are importing security for with artifact type identifier:
Note: The Note: The |
Sample lines from a file:
User1,Account1,READ,@CHILDREN
Group2,DataForm08,READWRITE,MEMBER,SL_FORM
User3,TaskList09,READWRITE,MEMBER,SL_TASKLIST
NorthAmericaGroup,Sales,READWRITE,@IDESCENDANTS,SL_FORMFOLDER
To import access permissions into Planning: