Cell-Level Security Definitions & Testing

While recently testing out some security changes, I discovered the new cell-level security feature and found it really useful so thought I’d share šŸ˜Š  

Creating Cell-Level Security Definitions 

The cell-level security feature was introduced as part of the March 2021 EPM patch, so deployed to Test environments on 5th March and to Production on 19th March. The new feature allows us to setup additional security down to a single cell for a selected user or group. This will be applied on top of existing dimension security and valid intersections. 

 For each new rule, we must select the following:

  • Users, Groups – Specify the users and/or groups to apply the rule to
  • Restrictions – Set to either Deny Read or Deny Write to override the current dimensional security
  • Anchor dimension – Similarly to valid intersections, when creating a new rule we must select the anchor dimension and any additional dimensions required for the combination. Then select members from each dimension to form the cells that this rule applies to.

For example, below we have setup a rule to Deny Write access to level 0 descendants of “EndDated_CC” in the Cost Centre dimension, for all users in the System-Users group.

 

As well as specifying member combinations using member functions, we can also use substitution variables and attribute dimensions if required (again, similar to valid intersections).

 

Some things to consider when deciding between cell-level security or valid intersections:

  • Specifying by user group – Valid intersections apply to all users (including admins), whereas cell-level rules can be set for individual users and/or groups
  • Security suppression – Forms can be set to suppress invalid intersections and dropdowns automatically show valid combinations only in Smart View. Cell-Level security will deny write access without following these suppression settings.

Testing Security Definitions 

As well as creating cell-level security rules, the new feature allows you to test run the security access for any user, on any form, without having to login as them.                                     

 For example below, I’m testing the access that our Test_EPM user has on the opex input form, without having to login as them! This shows whether the user can Read or Write to each cell and applies security to the dropdowns as it would if you were logged in as the selected user.

 

This is useful for development that requires security changes, but also will be great for support when users claim they can’t write to a certain cell.

In conclusion, another great new feature from Oracle šŸ˜Š

Note: this feature currently applies to Planning, Planning Modules and Tax Reporting only, but hopefully will be added to the other EPM processes soon!

Comments

  1. Bryant22 April 2021 at 22:06

    Excellent read, Positive site, I have read a few of the articles on your website now, and I really like your style. I really appreciate your work.If you require aboutopc company registration fees in bangalore | one person company compliance in bangalore please click on it.

    ReplyDelete

Post a Comment

Popular posts from this blog

Executing Smart View Retrievals using VBA

Image
When working with Hyperion systems, Smart View is a key tool used for reporting, as well as inputting data. It provides a valuable link between Hyperion and Excel, which allows users to retrieve data from the database straight into Excel with ease. Smart View functions are available through the Smart View toolbar and can be used with Essbase, HFM, Planning or Cloud connections. Occasionally, it is necessary to perform Smart View functions behind the scenes using VBA code, rather than manually using the Smart View toolbar. For example, a spreadsheet which will refresh all the Essbase retrieval sheets on opening, so that users can view the most up to date data, without having to remember to refresh each of the retrieval sheets themselves. This blog will be cover how to retrieve data using a Smart View refresh function in VBA. For more information about Smart View Excel VBA functions, go to the Oracle Hyperion Smart View Developers Guide .  System Requirements T
Read more

Loading Actuals from Fusion ERP Cloud to PBCS

Image
If you’re looking to set up a data load of Actuals from ERP to PBCS and have heard this is an “Out of the box” integration, then good news! Not only is the OOTB connector included within PBCS Data Management but the integration is simple to setup and to schedule using EPM Automate. This blog will detail how to setup the ERP to PBCS connector in Data Management and some of the common errors found when running the data load. The first thing to know about this integration is that the data source is actually the ASO Essbase cube which sits underneath the Fusion ERP tables, holding the period Actuals values. This ERP Essbase cube is created using job ‘Create General Ledger Balances Cube’ when configuring the ERP system. This cube must be created before the integration can be set up correctly and can be accessed directly via Smart View for reconciliations. Set up the Source System As this is an Oracle built connector, it’s as simple as providing a name for the source system
Read more

Loading multi-period row data files using Data Management

Image
The ability to load multi-period data with the Period and/or Year in the rows is not particularly new (since release 16.10), however it is something that most people seem to forget is possible in Data Management. This really is something worth remembering as it eliminates the need to either split the data files into one file per month or try to pivot the month into the columns. In order to set this up, let’s firstly look at how to add the Period and Year columns to the import format. Add the Period and Year columns using the Add -> Source Period Row dropdown, and input: The Source Column name – e.g. PERIOD The Field Number (file column) – e.g. 3 Any required expressions for that field  As these are Period/Year dimensions, the mappings are not held in the usual Data Load Mappings area. Instead they are configured in the Period Mappings , under the Source Mapping tab. Select the Source System as File to add a new mapping calendar for loading the data file
Read more