This chapter includes the following sections:
You can easily deploy Essbase and associated tools when installing Oracle Business Intelligence and benefit from using shared administration, user management, installation, and configuration support functionality that is also available to Oracle Business Intelligence users.
When you deploy Essbase with Oracle Business Intelligence, you can access Essbase multidimensional databases that provide multidimensional analysis, enabling rapid development of custom analytic applications. Essbase enables you to develop and manage analytic applications that model complex scenarios, forecast business trends, and perform "what-if" analyses. Essbase supports fast query response times using pre-aggregated dimensions, for large numbers of users, for large data sets, and for complex business models. Essbase can be configured to use with a range of data sources.
Essbase Studio and EAS can be deployed by the 11g EPM installer in a separate domain, and can be used with the 12c Essbase server installed through Oracle Business Intelligence.
This chapter includes information about installing, configuring, managing and securing Essbase installed through Oracle Business Intelligence as well as creating, securing, and accessing Essbase databases using Oracle Business Intelligence.
This chapter does not describe using Essbase when installed with the EPM System Installer. For information about using Essbase and associated tools when installed with the EPM System Installer, see the EPM System deployment documentation, located on the Deployment and Installation tab in the EPM System Documentation Library.
For information on which guide to refer to for information about Essbase and associated tools, when installed with Oracle Business Intelligence, see Performing Tasks When Essbase Is Installed with Oracle BI EE Compared to Performing the Same Tasks in EPM and Information on Which Guides to Consult.
Any other use of Essbase in the context of being used as a data source for Oracle Business Intelligence should leverage an EPM deployment of Essbase and related tools from 11g (see the EPM deployment guides). In future releases the role of Essbase deployed through Oracle Business Intelligence will expand. Therefore Oracle recommends installing the Essbase software to avoid future challenges with expanding the BI Domain. See Understanding Essbase Deployed in BI 12.2.1 in Oracle Essbase Database Administrator's Guide.
Read this section before you start working with Essbase when installed with Oracle Business Intelligence.
This high-level roadmap explains the tasks to perform and what choices are available. This section also indicates when to refer to the Oracle Business Intelligence documentation or the EPM System documentation.
When you install Essbase with Oracle Business Intelligence, you do not perform a full Enterprise Performance Management System installation. Instructions for completing certain tasks can vary form those documented in the EPM documentation.
Use the table below to help you decide what to use to perform certain tasks in Oracle Business Intelligence compared to EPM systems, and which guides to reference.
Essbase-Related Tasks Performed in Oracle BI and EPM Systems | How to Perform Essbase-Related Tasks in an Oracle BI System and Which Guides to Reference | How to Perform Essbase-Related Tasks in an 11g EPM System and Which Guides to Reference |
---|---|---|
Authentication |
Essbase should be setup as part of the installation process and all security in the 12.2.1 release should be handled automatically through the BI security. Refer to EPM 11g guides. |
When using an 11g EPM system, use HSS, MaxL. Refer to EPM guides. |
Authorization |
Essbase should be setup as part of the installation process and all security in the 12.2.1 release should be handled automatically through the BI security. Refer to EPM 11g guides. |
When using an 11g EPM system, use HSS, MaxL. Refer to EPM guides. |
Data Security (Provisioning) |
When using Essbase and associated tools installed with Oracle Business Intelligence, use Fusion Middleware Control and Security. Refer to EPM 11g guides. There is no need to define Essbase filters for row level security; it is handled by BI security privileges. Filters will need to be created for Essbase when there is a 12c cube that will be accessed directly by the user, non-acceleration cubes. |
When using an 11g EPM system, use HSS. Refer to EPM guides. |
Data Security (filter definitions) |
When using Essbase installed with Oracle Business Intelligence, use MaxL. Refer to EPM 11g guides. There is no need to define Essbase filters for row level security; it is handled by BI security privileges. Filters will need to be created for Essbase when there is a 12c cube that will be accessed directly by the user, non-acceleration cubes. |
When using an 11g EPM system, use EAS (GUI) or Maxl (Command Line). Refer to EPM guides. |
System Configuration |
When using Essbase and associated tools installed with Oracle Business Intelligence, use Fusion Middleware Control, and essbase.cfg. Refer to Oracle Business Intelligence guides. |
When using an 11g EPM system, use a text editor and MaxL, essbase.cfg. Refer to EPM guides for EAS and Studio. |
Backup and Recovery |
When using Essbase and associated tools installed with Oracle Business Intelligence use Fusion Middleware Control. Refer to Administering Oracle Fusion Middleware and Oracle Business Intelligence guides. |
Refer to EPM guides, see also for backing up Studio. |
Migration (Test to Production) |
Migration should use a file system copy for artifacts while partitions, CDF/M, security filters and data should be exported via Maxl for EPM column. |
Refer to Lifecycle Management guides. |
Essbase cubes |
When using Essbase you use the Acceleration Wizard. |
Build and manage cubes using EAS and Studio. Refer to EPM guides (references to EAS and Studio). Refer to Oracle Essbase Database Administrator's Guide. |
Capacity |
N/A, Uses Active/Passive model (one cluster only). Refer to Oracle Business Intelligence guides. |
Use N Clusters 1, 2, 3, 4 agents. Uses the Active/Active or Active/Passive model. Refer to EPM guides. |
Availability |
Use Fusion Middleware Control. Uses - Active/Passive model. Refer to Oracle Business Intelligence guides. |
Refer to EPM guides. Uses Active/Passive model. |
Financial Reporting |
Financial Reports, Calculation Manager and Workspace are not part of the 12c deployment. |
Refer to EPM guides. |
Calculation Manager |
Financial Reports, Calculation Manager and Workspace are not part of the 12c deployment. |
Refer to EPM guides. |
Workspace |
Financial Reports, Calculation Manager and Workspace are not part of the 12c deployment. |
Refer to EPM guides. |
APIs |
No need for custom API work in 12.2.1. |
NA |
You can install Essbase when you install Oracle Business Intelligence.
When you install Essbase with Oracle Business Intelligence, Essbase databases become available to Oracle Business Intelligence users, and you can manage Essbase components using a combination of Oracle Business Intelligence tools and Essbase EPM System tools. For information about which version of Essbase is installed, go to the Certifications page in Oracle Support and check the product details for appropriate releases of Oracle Business Intelligence Enterprise Edition with Oracle Essbase at:
Note:
You cannot add Essbase to an existing Oracle Business Intelligence installation although you can still use Essbase as a data source. The only way to install Essbase with Oracle Business Intelligence is to perform a new Oracle Business Intelligence installation and select the Essbase component.
You install EAS and Studio using the EPM installation. See the EPM guides for more details.
This topic contains the following sections:
You install Essbase Suite as part of an Oracle Business Intelligence Enterprise installation.
See Installing and Configuring Oracle Business Intelligence.
The Enterprise Install type creates and configures a single WebLogic Server Domain that contains a cluster with an Administration Server, and a Managed Server. If you select Essbase Suite during the install, then Essbase JEE components and Oracle Business Intelligence JEE components are installed on Managed Servers. See Selecting the Essbase Suite Option During Install.
You can install JEE applications and services during install.
Selecting the Essbase Suite option during the install does the following:
See Downloading BI Desktop Tools in User's Guide for Oracle Business Intelligence Enterprise Edition.
Note:
Client applications and API languages that are not included in this section are not supported with Essbase and related components installed with Oracle Business Intelligence.There are limitations for using the following Essbase tools when Essbase is installed with Oracle Business Intelligence.
MaxL command line interface
The MaxL command line supports most of the tasks for Oracle Business Intelligence Essbase that are also possible with Oracle EPM System Essbase.
Note:
You cannot use the MaxL command line to provision security.When Essbase is installed with Oracle Business Intelligence, you do not get a full Enterprise Performance Management installation.
The following Essbase features are not supported:
Permission grants are not supported at the database level. For example, if you have two multidimensional databases that are used by an application, then permission grants apply equally to the multidimensional databases in an application.
Multiple clusters are not supported.
The Active-Active failover process is not supported. You can have only one machine or cluster active at a time, and you cannot load balance across computers or clusters.
The audit report showing what users, groups and application roles can do in Essbase, when Essbase is installed as part of an Enterprise Performance Management System, is not available in this release. However, you can use Oracle Fusion Middleware to view the Essbase permissions assigned to application roles.
There might be other Enterprise Performance Management features that are not supported when Essbase is installed with Oracle Business Intelligence. To avoid misunderstandings, do not use EPM System or Essbase documentation (when Essbase is installed with Oracle Business Intelligence), unless directed to do so in this documentation.
This section explains typical Essbase-related security configuration when Essbase is installed with Oracle Business Intelligence. You might also refer to this section if you maintain Essbase security in an existing installation of Oracle Business Intelligence.
The Oracle Business Intelligence Installer configures Essbase to use Oracle Fusion Middleware security for authentication and authorization. You can secure an Essbase environment to provide equivalent functionality to Essbase secured through Hyperion Shared Services. Exceptions to this are documented in the Oracle Business Intelligence Certification Matrix.
Essbase installed using the Oracle Business Intelligence installer cannot use Native Essbase or Hyperion Shared Services (HSS) security. However, when you install Essbase with Oracle Business Intelligence, the Common Security Service (CSS) token-based identity assertion continues to be available and enables Oracle Business Intelligence to connect to Essbase data sources (both Essbase installed with Oracle Business Intelligence and Essbase installed with EPM) with the credentials of the end user. For this mechanism to work with an Essbase data source external to the Oracle Business Intelligence installation, you must follow the documentation. Also note that if multiple Essbase data sources are being used by Oracle Business Intelligence and there is a requirement to use this mechanism, all Essbase data sources must use the same shared secret for producing CSS tokens. See Section Configuring Oracle Business Intelligence to Use Hyperion SSO Tokens when Communicating with Essbase, Hyperion Financial Management, Hyperion Planning, and EPM Workspace.
The Oracle Business Intelligence installer pre-configures core users, groups, application roles, credentials, permissions, and privileges for Essbase. There is no automated migration of security artifacts from Essbase installed with the EPM System Installer to Essbase installed with Oracle Business Intelligence. You must configure the equivalent authentication and authorization mechanism for Essbase when it is installed with Oracle Business Intelligence.
You enable users to perform specific actions in Essbase and associated tools (for example, read and write, use calculations, use filters, use specific filters) by granting resource permission definitions to application roles.
Appropriate resource permissions must be defined first (see Configuring Data-Level Security Using Essbase Filters and Configuring Access to Essbase Calculations). Resource permissions contain definitions of Essbase actions that a user can perform in an Essbase application. Essbase actions are derived from Essbase resource types, which are linked to resource permissions.
Resources are hierarchical; therefore global, cluster, and application level resources are listed.
Note:
The Essbase actions described here are not the same as actions in Oracle Business Intelligence.
The installation process grants default Essbase resource permissions to existing application roles in Oracle Business Intelligence.
For more details about the default Essbase resource permissions configured by default when you install Essbase with Oracle Business Intelligence, see Resource Permissions Reference for Essbase and Associated Tools.
Note:
The BIConsumer application role is granted to all users, and has oracle.essbase.server /EssbaseCluster-1 access and oracle.essbase.application /EssbaseCluster-1 user_filter. This gives all users access to Essbase by default.
Note:
Resource permissions are stored by default in a file-based shared policy store, but you can reassociate them to an OID LDAP shared policy store. SeeUsing Alternative Authentication Providers in Security Guide for Oracle Business Intelligence Enterprise Edition.
Note:
Parent roles inherit permission grants through child group or role members. Permission grants are cumulative; for example, a user who has a grant of oracle.essbase (filter) through an application role but not granted through another role, is still considered to have the oracle.essbase (filter) role.
Use the following steps to grant resource permissions to users and application roles.
Essbase Studio is not provided with Essbase Release 12.2.1.x. To use Essbase Studio to deploy Essbase cubes and enable drill-through functionality with Essbase 12.2.1.x you must install EPM 11g on a separate host and complete some configuration steps.
Note:
You cannot deploy and access drill-through reports on multiple BI Essbase instances. Multiple Essbase instances are not supported.Data-level security enables you to restrict the dimensional data that users see in Essbase multidimensional databases. You secure data-level access for Oracle Business Intelligence users by configuring resource permission definitions on Essbase filters and granting them to application roles.
See Enabling Users to Perform Specific Actions in Essbase and Associated Tools.
An Essbase filter is an Essbase resource that provides an access control mechanism for dimensional data. For example, a filter might restrict a user to view or update data only for a specific geographical region or a specific product.
Essbase filters are stored in a relational database.
Permission | Description |
---|---|
No Access or None |
No inherent access to data values unless access is granted globally |
Read |
Ability to read data values |
Write |
Ability to read and update data values |
Meta Read |
Ability to read metadata (dimension and member names) |
You create Essbase filters using Essbase Administration Services (and the MaxL command line), which also enables you to:
View dimensions and their members.
List filter operations.
Validate filters at design time.
See Oracle Essbase Administration Services Online Help and Oracle Essbase Database Administrator's Guide:
You can ignore any references to Hyperion Shared Services (HSS) in Enterprise Performance Management documentation.
Resource permission definitions combine with Essbase filters in the policy store, and you grant them to an application role. This enables users associated with an application role to secure the data that is defined by one or more combinations of resource permission definitions for Essbase filters.
Before you can grant resource permission definitions for Essbase filters to an application role (see Enabling Users to Perform Specific Actions in Essbase and Associated Tools), the appropriate resource permission definitions must first exist in the policy store. Use the examples in this section to understand how to configure resource permission definitions so that users can use Essbase filters.
An application role requires at least two policy store permission grants to access to a specific filter. You must give an application role permission to use filters within a specific scope.
See Resource Permissions Reference for Essbase and Associated Tools.
Use the following examples to understand how to configure resource permission definitions for Essbase filters:
Example 1 - Configuring resource permissions to enable the use of filters within the Demo application:
This example configures resource permission definitions to enable the use of filters within the Demo application. In this example you must ensure that one of the following resource permission definitions exists in the policy store. For example:
oracle.essbase.application, /EssbaseCluster-1, use_filter
where:
In this example, the use_filter action permission configures the oracle.essbase.application resource type such that a user associated with this definition in the policy store can use filters in any application in EssbaseCluster-1 (including the Demo application).
OR
oracle.essbase.application, /EssbaseCluster-1/Demo, use_filter
In this example, the use_filter action permission configures the oracle.essbase.application resource type such that a user associated with this definition in the policy store can use filters in the Demo application in the EssbaseCluster-1.
Example 2 - Configuring resource permissions for specific filters:
This example configures resource permission definitions that enable the use of a specific filter. You must specify additional resource permission definitions that name the filter in scope of the first grant.
For example, to restrict a user's dimensional access in a database called Basic to members defined by the filter called read_filter, the following resource permission definitions are required:
oracle.essbase.application, /EssbaseCluster-1, use_filter
OR
oracle.essbase.application, ./EssbaseCluster-1/Demo, use_filter
AND
oracle.essbase.filter, /EssbaseCluster-1/Demo/Basic/read_filter, apply
In this example, the read_filter action permission configures the oracle.essbase.application resource type such that a user that is associated with this definition in the policy store is restricted to read filters in the Basic database in the Demo application in the EssbaseCluster-1.
Example 3 - Configuring resource permissions for multiple filters:
This example activates multiple filters with multiple resource permission definitions to restrict a user's dimensional access in database Basic to members that are defined either by filters "read_filter" or "readFeb_filter." The following resource permission definitions are required:
Note:
This differs from EPM installations where users and groups are limited to a single active filter.
oracle.essbase.application, /EssbaseCluster-1, use_filter
OR
oracle.essbase.application, ./EssbaseCluster-1/Demo, use_filter
AND
oracle.essbase.filter, /EssbaseCluster-1/Demo/Basic/read_filter, apply
AND
oracle.essbase.filter, /EssbaseCluster-1/Demo/Basic/readFeb_filter apply
Example 4 - Configuring resource permissions for filters to extend or restrict data access at database level:
This example uses an active filter to extend or restrict data access at the database level.
For example, a user that is associated with the following resource permission definitions cannot read from Demo where noAccess1 restricts access to all dimensions:
You secure data access by granting Essbase filters to an application role. An Essbase filter resource permission definition secures data access for the grantee at the database level.
The filter access permissions for a user are determined at login time and are consumed when the Essbase database is selected (SetActive).
Authorization changes are not noticed by existing sessions; a user must log in again to consume changes in authorization policy.
You grant filter resource permissions differently when Essbase is installed with Oracle Business Intelligence compared to when Essbase is installed as part of an EPM System.
Bear these guidelines while granting filter resource permissions:
When Essbase is installed with Oracle Business Intelligence.
You grant filter resource permission definitions to an application role, or assign the admin permission to the application role.
When Essbase is installed as part of an EPM System.
You grant filter resource permissions to a group, or assign the admin permission to the group.
Essbase installed with Oracle Business Intelligence grants a user the union of all permissions that are granted directly or through groups and application roles. Unlike an EPM system, with Oracle Business Intelligence there is no restriction that, for example, the oracle.essbase.application filter action must be granted using the same group as the filters. In Oracle Business Intelligence, you can have conflicting roles. See the following table to understand the consequences of these grants.
Application Role (Group) | Application Grant | Filter Grant |
---|---|---|
A | oracle.essbase.application, /EssbaseCluster-1/Demo, use_filter | oracle.essbase.filter, /EssbaseCluster-1/Demo/Basic/read_filter, apply |
B | oracle.essbase.application, /EssbaseCluster-1/Demo, use_filter | oracle.essbase.filter, /EssbaseCluster-1/Demo/Basic/readFeb_filter, apply |
In this table, user JDoe is a member of groups A and B, and so when querying Basic, JDoe has access to rows defined by read_filter and readFeb_filter. If group A has the application grant removed in an EPM System installation, then users of group A no longer have access to any filters. However, when Essbase is installed with Oracle Business Intelligence, user JDoe continues to have access to rows from both filters because JDoe also inherits the permissions from membership of group B.
Essbase calculations enable you to apply mathematical formula to data in Essbase multidimensional databases. You enable users to access Essbase calculations by configuring resource permission definitions for Essbase calculations and granting them to application roles.
See Enabling Users to Perform Specific Actions in Essbase and Associated Tools.
An Essbase calculation enables a user to define and apply complex formulas to dimensional members. You can name calculations and save them in files at the application or database level; these are called calculation scripts. Calculations can also be interactively created and run; these are called inline calculations. Finally, every database has a default calculation defined in the outline.
Calculation scripts are stored in the local file system, and their definitions can be complex and require tool support. For example, you can use Essbase Administration Services (EAS) and Calculation Manager, which provide the ability to:
View dimensions and their members.
MaxL can also be used for calculation definition.
MaxL can also be used for calculation definition.
Before you can grant an application role permission to use Essbase calculations appropriate resource permission definitions must exist in the policy store.
See Enabling Users to Perform Specific Actions in Essbase and Associated Tools.
Use the examples in this section to understand how to configure resource permission definitions so that users can use Essbase calculations.
See Resource Permissions Reference for Essbase and Associated Tools.Example 1 - To configure resource permission definitions to use default and inline calculations in /cluster/App1:
This example configures resource permission definitions to use default and inline calculations in /EssbaseCluster-1/App1. The following resource permission definition must exist in the policy store. For example:
oracle.essbase.application, /EssbaseCluster-1, use_calculation
In this example an application resource permission grants the use_calculation permission to all applications in the cluster.
OR
oracle.essbase.application, /EssbaseCluster-1/App1, use_calculation
In this example an application resource permission grants the use_calculation permission to applications in App1.
Example 2 - To configure resource permission definitions to use all calculations in /cluster/App1:
This example configures resource permission definitions to use all calculation scripts in /EssbaseCluster-1/App1, you must ensure that the following permissions exist in the policy store. For example:
oracle.essbase.application, /EssbaseCluster-1, use_calculation
OR
oracle.essbase.application, /EssbaseCluster-1/App1, use_calculation
AND
oracle.essbase.calculation, /EssbaseCluster-1/App1, all
This calculation permission grants access permissions to use to all calculation scripts in App1.
Example 3 - Configuring resource permission definitions to use all calculations in the cluster:
This example configures resource permission definitions to use all calculations in the cluster, you must ensure that both of the following permissions exist in the policy store. For example:
oracle.essbase.application, /EssbaseCluster-1, use_calculation
oracle.essbase.calculation, /EssbaseCluster-1, all
Example 4 - Configuring resource permission definitions to use calculation scripts forcastQ1 and forcastQ2:
This example configures resource permission definitions to use specific calculation scripts in the cluster (for example, forcastQ1 and forcastQ2), you must ensure that the following permissions exist in the policy store. For example:
oracle.essbase.application, /EssbaseCluster-1, use_calculation
OR
oracle.essbase.application, /EssbaseCluster-1/App1, use_calculation
oracle.essbase.calculation, /EssbaseCluster-1/App1/Db1/forcastQ1, execute
AND
oracle.essbase.calculation, /EssbaseCluster-1/App1/Db1/forcastQ2, execute
Note:
A grant to a specific calculation script revokes cluster or application level access to all calculations. Consider specific grants to calculations scripts as restrictions.
For example:
A user with the following grants has access only to the forcastQ1 calculation script:
oracle.essbase.application, /EssbaseCluster-1, use_calculation
oracle.essbase.calculation, /EssbaseCluster-1, all
oracle.essbase.calculation, /EssbaseCluster-1/App1/Db1/forcastQ1, execute
Note:
The presence of an oracle.essbase.calculation grant does not imply oracle.essbase.application calculate access. For example:
The user does not have access to any calculation, outline, inline, or script with any of following grants if there is no oracle.essbase.application calculate grant:
oracle.essbase.calculation, /EssbaseCluster-1/App1, all
oracle.essbase.calculation, /EssbaseCluster-1, all
oracle.essbase.calculation, /EssbaseCluster-1/App1/Db1/forcastQ1, execute
You enable a user to access Essbase calculations by granting one or more Essbase calculation access permissions to an application role that is associated with the user.
By default, users with the calculate permission can execute the default and inline calculations on all databases.
Essbase Agent runs on two types of ports. Since Agent runs on BI Managed WebLogic Server, it has an HTTP Port that it listens to.
Since this port is common to all the applications hosted on the BI Managed server, this section covers the changing of Essbase specific ports.
By default, Essbase Agent uses port 9799. To change this port, edit the AGENTPORT
parameter in essbase.cfg
.
The Essbase Server uses a port range and by default it uses the available ports. To explicitly specify a server port range, define SERVERPORTBEGIN
and SERVERPORTEND
settings in essbase.cfg
.
This section provides reference information about the resource permissions for Essbase that are configured by default when you install Essbase with Oracle Business Intelligence.
To access Essbase-related functionality, a user (or group, or application role that the user belongs to), needs to be granted one or more resource permissions. Essbase-related resource permissions are defined by resource type, name, and actions and are held in the Policy Store as part of the Oracle Fusion Middleware security model. See Managing the Policy Store in Securing Applications with Oracle Platform Security Services.
Resource Type
Includes a named group of permissions.
Resource Name
Specifies the scope for which a permission applies.
Action
Defines what operation the permission allows the grantee to perform.
You manage Essbase-related resource permissions using Oracle Fusion Middleware Control. However, you can also use APIs in Oracle Platform Security Services using JMX or Oracle WebLogic Scripting Tool.
Note:
When Essbase is installed with Oracle Business Intelligence, the functionality described in this chapter replaces that provided by Hyperion Shared Services for provisioning users.
This topic contains the following sections:
Resource types are named groups of permissions that can be associated with specific actions. There are several levels of authority in the Essbase server with a resource type for each. Resource types are used by Fusion Middleware Control to limit the list of applicable Essbase-related actions when selecting a new grant.
The following table lists the Essbase-related resource types that are supported in Oracle Business Intelligence.
Resource Type | Description |
---|---|
oracle.essbase.server |
Global, cluster, and server level permissions. |
oracle.essbase.application |
Application level permissions required to use filters and calculations. |
oracle.essbase.filter |
Filter access control. |
oracle.essbase.calculation |
Calculation script access control. |
Each resource type has a set of resources and actions that can be authorized. Essbase-related resource names are either specific objects or scopes in which objects are contained.
For oracle.essbase.server and oracle.essbase.application resource types, resource names are scopes. They are hierarchical and as such any scope in the following table includes the set of scopes contained within it.
The following table lists the supported Essbase scopes:
Name | Scope |
---|---|
/ |
Global, all clusters, all applications, all cubes. |
/cluster |
All applications within a logical cluster. |
/cluster/application |
Specific application and its cubes. |
The following table lists the supported oracle.essbase.filter scopes:
Name | Scope |
---|---|
/cluster/application/database/filtername |
Access to a specific, named filter. |
The following table lists the supported Essbase calculation scopes:
Name | Scope |
---|---|
/cluster/ |
All calculation scripts at cluster level: any applications, any cubes. |
/cluster/application |
All calculation scripts at application level: any cube within the named application. |
/cluster/application/database/scriptname |
Access to a specific named calculation script. |
Essbase-related actions (permissions) represent operations that a user can perform on Essbase.
Actions granted to oracle.essbase.server or oracle.essbase.application resource types are hierarchical, such that any action listed includes the set of permissions listed beneath it.
For example, granting oracle.essbase.application, /EssbaseCluster-1, read
enables the grantee to read multidimensional databases and to restart the applications in EssbaseCluster-1.
Actions on other Essbase-related resource types are not hierarchical and need to be individually granted.
The series of tables below give details on the actions available with each Essbase-related resource type.
The following table lists the supported oracle.essbase.server actions:
Action | Description |
---|---|
administer |
Full access to administer the server, applications, and databases. |
Create |
Ability to create and delete applications and databases within applications. Includes Application Manager and Database Manager permissions for the applications and databases created by this user. |
Access |
Ability to log in to Essbase. This is deprecated and the existence of any server or application permission now suffices. |
Note:
A user that creates an application has permission to manage that application within the same session. The same user requires an explicit grant to manage the application in subsequent sessions.
The following table lists supported oracle.essbase.application actions.
Action | Description |
---|---|
manage_application |
Ability to create, delete, and modify databases and application settings within the particular application. Includes Database Manager permissions for databases within the application. |
manage_database |
Ability to manage databases (for example, to change the database properties or cache settings), database artifacts, locks, and sessions within the assigned application. |
use_calculation |
Ability to execute calculations, update, and read data values based on the assigned scope, using any assigned calculations and filter. |
write |
Ability to update and read data values based on the assigned scope, using any assigned filter. |
read |
Ability to read data values. |
use_filter |
Ability to access specific data and metadata according to the restrictions of a filter. |
restart |
Ability to start and stop an application or database. |
The following table lists supported oracle.essbase.filter actions.
Action | Description |
---|---|
Apply |
Apply the filter identified by the resource name. |
The following table lists supported oracle.essbase.calculation actions.
Action | Description |
---|---|
all |
Enables the user to execute any calculation that is contained in the scope referenced by the resource name. |
execute |
Enables the user to execute the calculation script that is identified by the resource name. |
The following table lists permissions granted to Oracle Business Intelligence application roles.
Role Name | Resource Permission | Role Members |
---|---|---|
BIAdministrator |
oracle.essbase.server, /, administrator |
BIAdministrators group |
BIAuthor |
not applicable |
BIAuthors group BIAdministrator application role |
BIConsumer |
oracle.essbase.server,/,access,use_filter |
BIConsumers group BIAuthor application role |
AuthenticatedUser |
not applicable |
BIConsumer |
This application role hierarchy and permission grants are defaults only and the administrator user can change them in Fusion Middleware Control.
AuthenticatedUser is a member of BIConsumer by default. This means that any successfully authenticated user has BIConsumer role permissions.
You manage Essbase system administration in Oracle Business Intelligence by starting and stopping Essbase Agents, enabling and viewing log files, setting logging levels, migrating Essbase configuration between domains, monitoring Essbase metrics, and backing up and recovering Essbase data.
This topic contains the following sections:
You can monitor status, and start and stop Essbase components using BI process control commands (uses JAgent).
High availability for Essbase in Oracle Business Intelligence is automatically maintained using an active-passive fault tolerance model.
Scaling Out Essbase to Support High Availability
You scale out Essbase onto additional computers to support high availability between computers. Scale-out is achieved in a similar way to existing Oracle BI EE components (see Managing Availability in Oracle Business Intelligence (Horizontally Scaling).
About the Essbase Active-Passive Topology
The two-node active-passive topology applies to the Essbase Server and Agent plus the mid-tier Essbase Administration Services, Analytic Provider Services, and Essbase Studio Server components.
See Oracle Essbase High Availability Concepts, Configuring Oracle Essbase Clustering, and Oracle Hyperion Provider Services Component Architecture in High Availability Guide.
Managing Essbase Capacity
You manage Essbase capacity within Oracle Business Intelligence by monitoring Essbase components and service levels using Fusion Middleware Control to answer the following questions:
How do I know that Essbase components are running?
See Displaying Oracle Business Intelligence Pages in Fusion Middleware Control.
How do I know if my system is overloaded?
You configure logging for all Essbase components in the BI Domain logging.xml file.
The file is located in:
DOMAIN_HOME/config/fmwconfig/servers/<BI_MANAGED_SERVER_NAME>
Log configuration details for each Essbase subcomponent, along with the location of the corresponding Oracle Diagnostic Log (ODL) files are provided below:
Note:
To capture every possible level of logging information for a particular component, set the logger level field value to 'TRACE:32'.
Essbase Java-Agent specific Logging Configuration
<log_handler name='jagent-handler-text' class='oracle.core.ojdl.logging.ODLHandlerFactory'> <property name='path' value='${domain.home}/servers/${weblogic.Name}/logs/essbase/jagent.log'/> <property name='maxFileSize' value='10485760'/> <property name='maxLogSize' value='104857600'/> <property name='useSourceClassAndMethod' value='true'/> </log_handler> <logger name='oracle.JAGENT' level='NOTIFICATION:1' useParentHandlers='false'> <handler name='jagent-handler-text'/> </logger>
Essbase Applications specific Logging Configuration
<log_handler name='serverhandler' class='oracle.core.ojdl.logging.ODLHandlerFactory'> <property name='path' value='${domain.home}/servers/${weblogic.Name}/logs/essbase/essbase'/> <property name='maxFileSize' value='10485760'/> <property name='maxLogSize' value='524288000'/> </log_handler> <logger name='DefSvrLogger' level='TRACE:1' useParentHandlers='false'> <handler name='serverhandler'/> </logger>
Provider Services (APS) specific Logging Configuration
<log_handler name='provider-services-handler' class='oracle.core.ojdl.logging.ODLHandlerFactory'> <property name='path' value='${domain.home}/servers/${weblogic.Name}/logs/aps/apsserver.log'/> <property name='maxFileSize' value='10485760'/> <property name='maxLogSize' value='104857600'/> </log_handler> <logger name='oracle.EPMOHPS' level='WARNING' useParentHandlers='false'> <handler name='provider-services-handler'/> </logger>
Essbase WebServices specific Logging Configuration
<log_handler name='essbase-ws-handler' class='oracle.core.ojdl.logging.ODLHandlerFactory'> <property name='path' value='${domain.home}/servers/${weblogic.Name}/logs/essbasews.log'/> <property name='maxFileSize' value='10485760'/> <property name='maxLogSize' value='104857600'/> </log_handler> <logger name='oracle.EPMOHEWS' level='WARNING:1' useParentHandlers='false'> <handler name='essbase-ws-handler'/> </logger>
Essbase Cube Deployment Service specific Logging Configuration
<log_handler name='cds-handler' class='oracle.core.ojdl.logging.ODLHandlerFactory'> <property name='path' value='${domain.home}/servers/${weblogic.Name}/logs/cds/cds.log'/> <property name='maxFileSize' value='10485760'/> <property name='maxLogSize' value='104857600'/> </log_handler> <logger name='oracle.essbase.cds' level='NOTIFICATION:1' useParentHandlers='false'> <handler name='cds-handler'/> </logger>
You can migrate an Essbase configuration between domains for an Oracle Enterprise Performance Management System installation.
See Moving Oracle Hyperion Enterprise Performance Management System to a Target Environment in Administering Oracle Fusion Middleware.
This section describes backing up and recovering Essbase data when Essbase is installed with Oracle Business Intelligence.
For information about backing up and recovering Essbase data, see:
Oracle Business Intelligence and Essbase - When installed using the Oracle Business Intelligence installer, see Backup and Recovery Recommendations for Oracle Essbase in Administering Oracle Fusion Middleware.
EPM System products - When installed using the EPM System Installer, see Oracle Enterprise Performance Management System Backup and Recovery Guide at:
http://www.oracle.com/technetwork/middleware/performance-management/documentation/index.html
These topics provide orientation for using Essbase in Oracle Business Intelligence.
This section introduces working with Essbase cubes in Oracle Business Intelligence:
To enable SSO for Essbase data sources installed using the Oracle Business Intelligence installer, you select SSO in the General tab of the connection pool object that corresponds to the Essbase data source in the Oracle BI repository.
Also select the Virtual Private Database option in the corresponding database object to protect cache entries.
See Multidimensional Connection Pool Properties in the General Tab in Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition.
Also see note 1993210.1 at:
A user with the BI Author application role can create, schedule, and run analyses and reports where Essbase is the data source, where filters are applied using the identity of the end user, and where SSO is configured.
For more information about:
Creating, scheduling, and running Oracle Business Intelligence analyses, see:
User's Guide for Oracle Business Intelligence Enterprise Edition
Creating and running BI Publisher reports, see:
Administrator's Guide for Oracle Business Intelligence Publisher
This section addresses how Oracle BI Server handles Essbase connectivity when both the Oracle BI Server and Essbase are installed and configured as part of the Oracle Business Intelligence.
If Essbase is configured for SSL, the BI Server (which uses the Essbase RTC client), must perform all the client side SSL configuration as an Essbase client.
If the BI Server and Essbase run on the same machine, and the Essbase server is configured for SSL, then the BI Server can simply point to the Essbase configuration file (essbase.cfg). To do this you add the ESSBASE_CONFIG_PATH property to obis.properties to specify the location of essbase.cfg.
If you need the Oracle BI Server to have a custom client side essbase.cfg (for example, to control specific Essbase client settings), but you do not want to use the Essbase server configuration file, then refer to the sections "Setting up an Essbase Client Wallet" and "Copying and Configuring the Wallet Path" in the 12c version of Essbase Database Administrator Guide. In this case, the obis.properties file must point to the directory location which contains essbase.cfg defined for the Oracle BI Server.
To make the BI Server to point to the essbase.cfg location:
Note:
End-to-End SSL configuration in 12.2.1.0.0 release is not supported. That is, if the Oracle BI Server is also configured for SSL, then connectivity between Oracle BI Server and the Essbase server will not work. However, this will be supported in a future release of 12c.
There are several places where you can learn more about Essbase.
Use the following links to learn more about Essbase in Oracle Enterprise Performance Management System.
For all Essbase and EPM documentation, use the Performance Management Documentation page:
http://www.oracle.com/technetwork/middleware/performance-management/documentation/index.html
This page also contains links to EPM System Supported Platform Matrices, My Oracle Support, and other information resources.
Drill down to view specific documents for a release.
For information about meeting system requirements and understanding release compatibility, use Oracle Enterprise Performance Management System Certification Matrix:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
When Essbase is installed as part of Oracle BI Enterprise Edition, refer to System Requirements and Supported Platforms for Oracle Business Intelligence Suite Enterprise Edition for information about system requirements and release compatibility.