Securing Data Access with Essbase Filters

You secure data access by granting Essbase filters to an application role. An Essbase filter resource permission definition secures data access for the grantee at the database level.

To secure data access for a user with Essbase filters:

1. If a specific filter does not exist, then create it using Essbase Administration Services Console or the MaxL command line.

   For more information, see Oracle Essbase Administration Services Online Help and Oracle Essbase Database Administrator's Guide:

   http://www.oracle.com/technetwork/middleware/performance-management/documentation/index.html

2. Grant filter resource permission definitions to an application role using Oracle Fusion Middleware Control.

   For more information, see Enabling Users to Perform Specific Actions in Essbase and Associated Tools.

   You can also do this programmatically using Oracle WebLogic Scripting Tool. For more information, see Managing Application Policies with OPSS Scripts in Securing Applications with Oracle Platform Security Services.

   Note:

   The following Enterprise Performance Management restriction does not apply when Essbase is installed with Oracle Business Intelligence:

   For EPM-installed systems, there can be only one filter per multidimensional database per user or application role. If a user or application role is directly provisioned with a second filter, then the first is revoked. Multiple filters can be provisioned indirectly when a user is a member of multiple application roles that each have a provisioned filter.

   Filter resource permission definitions are determined when you connect to a specific Essbase multidimensional database. Filter resource permission definitions pass to the Essbase Agent during authentication. If the user is authenticated successfully, then the list of filters for that user is updated in a locally stored .SEC file.