Export 11g Users and Groups to Essbase 21c Configured in IDCS

If you're using native default Shared Services security, these steps are required. If Shared Services uses an external security provider, or you're using federated setup in Shared Services, the following steps are optional. You should configure Oracle Identity Cloud Service to use the same external security provider that Shared Services used.

Notes

If you want filters and calculation assignments of existing users to be migrated, ensure that Essbase has the same set of users and groups already available.

Assignment of user roles behavior differs from Essbase 11g On-Premise. Database Access is now the lowest role, and has, by default, read access to data values in all cells. To restrict access to data values in Essbase, you must now create a NONE filter and assign it to users and groups. This was not a requirement in Essbase 11g On-Premise, where Filter was the lowest role, and has, by default, no access to data values in all cells.

Required User Roles for Access

Note that the following Essbase security artifacts are migrated using the 11g Export Utility: Essbase server-level roles, application-level roles, filter associations, and calc associations. LCM handles provisioning users and groups with the corresponding new roles.

Table 4-2 Default role mapping

Source EPM System Security Mode Roles	Target WebLogic Security Roles	Level
Administrator	Service Administrator	Server
Application Manager	Application Manager	Application
Calc	Database Update	Application
Create/Delete application	Power User	Server
Database Manager	Database Manager	Application
Filter	Database Access	Application
Read	Database Access	Application
Server Access	User	Server
Start/Stop Application	Database Access	Application
Write	Database Update	Application

Note that Filter role in Essbase 11g On-Premise doesn't allow Read access, but allows access to members restricted by the filter. Now, there's no Filter role, and the lowest role access is Database Access, which allows Read access to all members. To restrict access to selective members, use a group filter that restricts global access.

The following access is required:

For exporting: A user with at least Application Manager role, for the application created, can export applications, folders, and artifacts.

In addition, the following roles can use the 11g Export Utility and their corresponding operations: Service Administrator for all applications; Power User for all applications created by the Power User.
For importing: A user with at least Power User role can create applications (during import) and manage applications.

Launch the Enterprise Performance Management (EPM) Shared Services user interface. Navigate to Application Groups, Foundation, and then Shared Services.
Select Groups and Users check boxes, and click Export.
On the Export to File System dialog box, enter a name for the target File Systems Folder and click Export.
After the export completes, the exported Shared Services-based security content appears under the target File System folder. Right-click on the exported Shared Services content, and click Download to download the files locally.
Expand the downloaded zip file. For each folder, you may see files like those shown below.

The format of the generated Users.csv and Groups.csv files are not compatible with Identity Cloud Service format. You must manually reorganize or map the files to Identity Cloud Service format, as shown below, using a CSV or text editor.

Exported users and groups	Shared Services format	Identity Cloud Service format
Users.csv	id,provider,login_name,first_name,last_name,description,email,internal_id,password,activ	User ID,Last Name,First Name,Middle Name,Honorific Prefix,Honorific Suffix,Display Name,Nick Name,Profile URL,Title,User Type,Locale,Preferred Language,TimeZone,Active,Password,Work Email,Home Email,Primary Email Type,Work Phone,Mobile No,Work Street Address,Work City,Work State,Work Postal Code,Work Country,Federated,Employee Number,Cost Center,Organization,Division,Department,Manager Name
Groups.csv	id,provider,name,description,internal_id (Following data for each group:) #group_children id,group_id,group_provider,user_id,user_provider	Display Name,Description,User Members

Exported users and groups

Shared Services format

Identity Cloud Service format

Users.csv

id,provider,login_name,first_name,last_name,description,email,internal_id,password,activ

User ID,Last Name,First Name,Middle Name,Honorific Prefix,Honorific Suffix,Display Name,Nick Name,Profile URL,Title,User Type,Locale,Preferred Language,TimeZone,Active,Password,Work Email,Home Email,Primary Email Type,Work Phone,Mobile No,Work Street Address,Work City,Work State,Work Postal Code,Work Country,Federated,Employee Number,Cost Center,Organization,Division,Department,Manager Name

Groups.csv

id,provider,name,description,internal_id

(Following data for each group:)

#group_children

id,group_id,group_provider,user_id,user_provider

Display Name,Description,User Members

For columns that are empty, enter dummy text.

Import the users and groups to Identity Cloud Service according to the instructions in Import a Batch of Users into a Cloud Account with Identity Cloud Service.