Hyperion Shared Services provides a centralized system for managing user and group access to Hyperion products, and consists of corporate or native Shared Services user directories and a common UI, called Oracle’s Hyperion Shared Services User Management Console. Provisioning refers to the process of assigning roles and access permissions to users for Essbase applications. You can use Shared Services to provide security for Essbase applications, databases, and artifacts.
Roles determine the tasks that users can perform, and can be grouped in the following ways:
- Product-specific roles
Examples of Essbase roles are Administrator and Database Manager. All Essbase roles are specific to a Shared Services application (the permissions granted to the user by the role apply only to the specific application for which the role is assigned, and not to all applications).
- Shared Services roles
Examples of Shared Services roles are Project Manager or Provisioning Manager. Most Shared Services roles are global (the role applies to all Shared Services applications). An exception is the Provisioning Manager role, which is specific to an application.
The following Essbase roles provide different levels of authority to perform tasks in Essbase.
You can provision a user with the following roles for an Essbase Server:
- Create/ Delete Application
- Server Access
You can provision a user with the following roles for an application:
- Application Manager
- Database Manager
- Start/ Stop Application
Provisioning Manager is a Shared Services application specific role. Users who are assigned this role can provision users and groups with roles for applications. See the Hyperion Security Administration Guide.
Note: The Provisioning Manager role is automatically assigned when you migrate Essbase Administrators (previously known as Supervisors) and Application Managers. However, when you create an Essbase Administrator or Application Manager in User Management Console, you must manually assign the Provisioning.
Administrator (previously Supervisor) Full access to administer the server, applications and databases.
Create/ Delete Application
Ability to create and delete applications and databases within the applications. Includes Application Manager and Database Manager Permissions for the applications and databases created by this user.
Ability to access any application or database that has minimum access permission other than none. Note: When you assign security at the Essbase application level, you must also assign the user the Server Access role for the Essbase Server that contains the application (unless the user already has another Essbase Server level role, for example Create/ Delete Application).
Application Manager(previously Application Designer)
Ability to create, delete and modify databases and application settings within the particular application. Includes Database Manager Permissions for databases within the application. Note: The Provisioning Manager role is automatically assigned when you migrate Essbase Application Managers. However, when you create an Essbase Application Manager in User Management Console, you must manually assign the Provisioning Manager role. Read the blog Integrating ESSBASE to OBIEE
Database Manager (previously Database Designer)
Ability to manage the database(s) (for example, to change the database properties or cache settings), database artifacts, locks and sessions within the assigned application.
Ability to calculate, updates, and read data values based on the assigned scope, using any assigned calculations and filter.
Ability to update and read data values based on the assigned scope, using any assigned filter.
Ability to read data values.
Ability to access specific data and metadata according to the restrictions of a filter.
Start/ Stop Application
Ability to start and stop an application or database.