Advanced HFM Security

In HFM the security is managed from Hyperion Shared services.Shared service is a component of Hyperion Foundation Services.
There are two main aspects of Shared services

•           Security
•           LCM
•    Task Flow Management

Security:

Users are entangled to shared services using an active directory or a LADP server(OID).

Hyperion 11.1.2 supports OSSO(Oracle Single Sign On).The Oracle Internet Directory is used to provide SSO access to web applications. Oracle Internet Directory is an LDAP directory that uses an Oracle Database for storage.

Active Directory

It’s a repository containing a group of users categorized within a domain having access to windows based computers and servers.

Native Directory

It given authentication to Hyperion products and creates a repository in database where it stores the directory information.

We can configure more than one active directory to a shared service.

How to configure active directory:

STEP 1: Administration à Configure Users directories

   Select the directory type you need to configure LADP or MSAD à Next

In connection pooling allows you to customize the Max number of connections in the connection pool --- default value being set to 100, the Timeout time i.e time to fetch a connection from the connection poll --- default being set to 5 mins.

Then we need to configure MSAD Users and MSAD Groups using auto configure mode or configuring manually. Please note the user filters for OID needs to be manually configured.

User Directory Search order :

Shared services facilitate the Admin to define User Directory Search order to customize the search sequence for Users and Groups. Admin can’t define any provisioning or assign security to User directories which don’t have a defined search order.

To let the active directory users use the Hyperion System we need to restart Shared Services and all EPM System products.

Let’s have a discussion on the security basics security in Shared services:

Users: Users are granted access to the application registered with the shared services. Users inherit the permission of Groups and can have some other permission as well. Users can be provisioned individually or can be placed inside a group.

We can grant filters or Permissions (roles) using Maxl to users.

Example:

grant manager on application Sample to User1;

Groups: New groups are created in shared service and assigned filters and provisioning.

Roles: Available Roles in HFM

Security Classes:

Security classes are the sub groupings of application artifacts like webgrids and webforms .It also categorizes the metadata elements. The shared services admins and provisioning managers can define security class for applications.

Steps to create a new security class in HFM:

STEP 1:

STEP 2:  Search the user name

STEP 3:   Define a security class

STEP 4: Assign access to the user assigned to the newly created security class

Below are the types of access Right choices:

•   None –No access
•   Metadata –User can see the dimension member exist but can’t view / edit data.
•   Promote- User can view data for the dimension member and promote/reject the process control.
•   Read- User can view data for the dimension member but can’t promote/reject the process control.
•   All –User can modify the item and promote/reject the process control

I will be discussing LCM and HFM Task Flow Management in my new posts soon.