Sunday, April 19, 2015

Planning Security with Hyperion Financial Reports


              Audience:  Hyperion Solution Architects and Hyperion Database Administrator

Hyperon Financial Reporting Studio (HFR) is used to create fully formatted reports. The HFR is really user friendly and can be learned by business users. HFR leverages planning security if a report is designed using a planning connection. For example, if a Planning user is assigned access to Version- Baseline, Entity = IT department and Account = 12360. The same security should be applicable when user runs a report. 

GOAL
HFR does not follow planning security. I notice this issue with planning 11.1.2.1 and logged a bug. Oracle was not able to provide a solution in two years for this bug. Finally 11.1.2.3.501 has come up with a solution of this bug. Bug “18083693 A Planner user that has been granted limited meta-data access is able to see all members in User POV and prompts, but will get an error when selecting a member that they have not been granted permission to”. You would need to apply Patch 18183723: Patch Set Update: 11.1.2.3.501 for Oracle Hyperion Reporting and Analysis Financial Reporting Release 11.1.2.3.500 apply the patch

how To
Afer applyig the patch “com.hyperion.reporting.HRprefs.filter_by_security” set a true.
The properies can be found at
Oracle/Middleware/EPMSystem11R1/products/financialreporting/bin/FRConfig.sh/cmd
HFR should restrict reports member as per planning security



Oracle Doc
http://docs.oracle.com/cd/E40248_01/epm.1112/fr_webadmin/frameset.htm?ch03.html

Planning Attached ASO Cube Security with HFR and SmartView

                                
Audience:  Hyperion Solution Architects and Hyperion Database Administrator

Planning 11.1.2.3 provides an option to create ASO cube as part of planning application. I should be using word plan type rather than cube because it’s part of planning application. Creating ASO as plan type creates new ASO application on Essbase server. Planning reads ASO a plan type but Essbase does not. 


I have created a Planning application with five plan types including “Report-ASO” and BRTP is a separate application. Planning security filters are pushed to Essbase (BSO) application but Planning is not capable push security filters to ASO application. I tried to create security filters manually to Report-ASO cube but whenever I refresh the planning application; manually created security filters are wiped out from ASO application. I was really surprised to see planning refresh process was pushing metadata changes but not security filters. User can run reports regardless of security setup and creates ad-hoc grids in smartview. This is a major security risk. Users can see each other data.
  
Objective
The purpose of this article is to demonstrate the following:-
·         How to use Planning security with ASO cube when running report using HFR
·         How to hide Essbase (ASO) application from Smart-View to use Planning security

how To
How to use Planning security with ASO cube when running report using HFR:- I really don’t consider this as solution but can be used as a workaround.  We would creat a new HFR “Database connection as Planning” to leverage planning secutity. Planing is able to recognize ASO as part of plan type and will allow you to cteate a connection. By using Planing connection ASO can leverage the same security.
  
·         How to hide Essbase (ASO) application from Smart-View: - User can see available options such as Essbase, Planning and Reports. Planning security will not be applicable if a user select Essbase connection and access Report-ASO cube. User can create ad-hoc and run the report without any security restriction.  
The only workaround is to use planning connection and hide Essbase option from Smart-View


and disable provider services for and use planning connection.




Helpful KM 
Essbase Server is Not Listed in the Drop-Down List of the Shared Connections in SmartView 11.1.2.2 (Doc ID 1568573.1)

Security Filters For ASO Planning Application (Doc ID 1625712.1