Hyperion Planning overlapping securitiesAugust 30 2012 at 12:31 PM
No score for this post
from IP address 220.127.116.11
Did anybody have a document or forum post explaining the Hyperion Planning security evaluation in the case of overlapping securities.
The example that I have now is when I assign security as follows :
- Whrite access for IDescendants(Account)
- Read access for Acc1
Did Acc1 has read or write access ?
seems to be read only ?
Shouldn't Acc1 have write access?No score for this post
|August 30 2012, 12:46 PM |
Per the Planning admin guide:
>>Planning checks access permissions at each level, first by user, then by group, based on the members access permissions inheritance relationship. If multiple access permissions exist, the least restrictive access permission is applied (for example, Write access takes precedence over Read access).
Of course the above is assuming that there isn't a conflict between group-assigned and individual planner-assigned security. See: http://docs.oracle.com/cd/E17236_01/epm.1112/hp_admin_11122/ch03s03.html
Per that section of the Planning admin guide:
>>You can specify access permission for individual users and each group. When you assign a user to a group, that user acquires the group's access permissions. If an individual's access permissions conflict with those of a group the user belongs to, user access permissions take precedence.
If you are doing this for a specific user, give him (temporarily) Essbase Write Access to the application and then refresh his filters. You should see exactly how the security is being resolved.
Alternatively, you could query the security directly from Planning:
Re: Shouldn't Acc1 have write access?No score for this post
|August 30 2012, 1:19 PM |
Thank you very much for the quick reply.
I've got another quick question: Is it possible in one Planning application to assign different security access to one member (shared by two plan types) depending on the plan type .
read access for group1 in PlanType1 and write access for group1 in capex plan type ?
|John A. Booth|
NoNo score for this post
|August 30 2012, 1:36 PM |
No, you would require a separate application to accomplish this goal. They get the same member security in all plan types which share that member.
John A. Booth
Re: NoNo score for this post
|August 30 2012, 1:46 PM |
I appreciate your quick reply