Access Permissions in Hyperion Planning
Shared Services roles that set access permissions for managing projects, applications, dimensions, users, and groups.
Planning Elements That Can Be Assigned Access
You can assign access permissions to:
● Scenario members
● Version members
● Account members
● Entity members
● User-defined custom dimension members
● Data forms
● Task lists
● Business rules
For example, users must have these Shared Services roles to perform the specified tasks:
❍ Project Manager: Creates and manages projects in Shared Services.
❍ Provisioning Manager: Provisions users and groups to applications.
❍ Dimension Editor: Required for Performance Management Architect and Classic applications. For Performance Management Architect, allows access to application administration options for Planning. For Classic, allows access to the Classic Application Administration options for Planning (in combination with the Planning Application Creator role).
❍ Planning Application Creator: Required for Performance Management Architect and Classic applications. For Performance Management Architect, allows users to create Planning applications and Performance Management Architect Generic applications.For Classic, allows access to the Classic Application Administration options for Planning (in combination with the Dimension Editor role).
● User-defined dimensions. Assign access permissions to members by selecting the dimension property Apply Security. If you omit setting Apply Security, all users can access the dimension's members. By default, the Account, Entity, Scenario, and Version dimensions are enabled for access permissions.
● Users and groups, which can vary among applications. Assign access to Planning application elements by using Assign Access.
Note:-After updating access permissions, refresh the application to update Essbase security filters.
Types of Access PermissionsAccess permissions for the specified user or group to the dimension member, data form, or task list include:
● Read—Allows view access
● Write—Allows view and modify access
● None—Prohibits access; the default access is NoneYou can specify access permission for individual users and each group. When you assign a user to a group, that user acquires the group's access permissions. If an individual's access permissions conflict with those of a group the user belongs to, user access permissions take precedence.
➤ To enable access permissions for dimensions:1 Select Administration > Dimensions.
2 For Dimension, select the dimension to change.
3 Click Edit.
4 In Dimension Properties, select Apply Security to allow access permissions to be set on its members.If you do not select this option, there is no security on the dimension, and users can access its members without restriction.
5 Click Save.
Click Refresh to revert to the previous values.
➤ To assign access to members:
1 Select Administration > Dimensions.
2 For Dimension, select the dimension to assign access to its members.
3 Select the member for which to assign access.
4 Click Assign Access.
5 Add, change, or remove access.
➤ To assign access permissions to members:1 Select Administration > Dimensions.
2 For Dimension, select the dimension for whose member you want to add access.
3 Click Assign Access.
4 Click Add Access.
5 Optional: To migrate a user or group's changed identity or their position in the user directory from User Management Console to Planning, click Migrate Identities.
6 Optional: To remove deprovisioned or deleted users or groups from the Planning database to conserve space,
click Remove Non-provisioned Users/Groups.
7 For Users and Groups on Add Access, select the users and groups to access the selected member.
8 For the selected member, select the access type.
9 Optional: Select a relationship.
For example, select Children to assign access to the children of the selected member.
10 Click Add.
11 Click Close.
➤ To modify access permissions for members:1 Select Administration > Dimensions.
2 For Dimension, select the dimension for whose member you want to edit access.
3 Click Assign Access.
4 Optional: To migrate a user or group's changed identity or their position in the user directory from User Management Console to Planning, click Migrate Identities.
5 Optional: To remove deprovisioned or deleted users or groups from the Planning database to conserve space,
click Remove Non-provisioned Users/Groups.
6 Click Edit Access.
7 For the selected member on Edit Access, select the access type for the displayed users or groups.
8 Optional: Select a relationship.
For example, select Children to assign access to children of the selected member.
9 Click Set.
10 Click Close.
➤ To remove access permissions for members:1 Select Administration > Dimensions.
2 For Dimension, select the dimension for whose member you want to remove access.
3 Click Assign Access.
4 Select the users and groups for whom to remove access to the selected member.
5 Click Remove Access.
6 Click OK.
7 Click Close.
➤ To report on current access permissions for users and groups in Planning:1 In the User Management Console, select a Planning application under Projects. Select Administration >
Access Control Report.
2 On Select User or Group, select options:
● Available Users
● Available Groups
● Available Users and Groups
3 From the left Available panel, select and move users or groups to report on to the Selected panel:
● To move selections, click .
● To remove selections, click .
● To move all users or groups, click .
● To remove all users and groups, click .
If you enter a user or group name instead of browsing to it, you must enter the full name. For
names with commas, enclose the name in quotation marks (for example, “Hennings, Emily”).
4 Click Next.
Select Objects is displayed.
➤ To select reporting objects:1 Start the Access Control Report.
2 On Select Objects, select the Planning objects on which to report:
● To move selections to Selected Objects, click .
● To remove selections, click .
● To move all objects, click .
● To remove all objects, click .
3 Click Next.
Report Options is displayed.
➤ To specify options for access reports:1 Start the Access Control Report.
2 On Report Options, for Show Matching Access of Type, select the access to view: Read, Write, or None.
3 ForGroup the Results By, select how to view the report: Users or Objects.
4 From the Report Type sections, select Assigned Access or Effective Access:
5 Click Finish.
Adobe Acrobat launches, displaying the report online.
Setting Up Access Permissions in Financial Reporting
Financial Reporting supports these access permissions:
● User authentication
❍ Logon access permissions
❍ Access to Financial Reporting and data source
● Application permissions
❍ Access to tasks within Financial Reporting
❍ Permissions to design or view reports
● Data Rights
❍ Access to data source data such as members and values
❍ Access to Financial Reporting objects such as reports and folders Setting