Controlling Access

Essbase
Essbasesecurity
securityfilters
filtersgive
giveyou
youcontrol
controlover
oversecurity
securityatatthe
themost
mostdetailed
detailedlevel.
level.Filters
Filters
let you control access to individual data within a database, by defining what kind
let you control access to individual data within a database, by defining what kind of accessof access
isisallowed
allowedtotowhich
whichparts
partsofofthe
thedatabase,
database,and
andtotowhom
whomthese
thesesettings
settingsapply.
apply.Any
Anycells
cellsthat
that
are
arenot
notspecified
specifiedininthe
thefilter
filterdefinition
definitioninherit
inheritthe
thedatabase
databaseaccess
accesslevel.
level.
 Filtering
FilteringExamples
Examples

Simple
SimpleExample:
Example:create
createfilter
filter'Sample'.'Basic'.'
'Sample'.'Basic'.'filter1'
filter1' read
readon
on'"New
'"NewYork"';
York"';
Member
MemberSelection:
Selection: create
createfilter
filter'Sample'.'Basic'.'Filter2'
'Sample'.'Basic'.'Filter2'read
readon
on
'@ICHILDREN ("100")'
'@ICHILDREN ("100")' ; ;
Multiple
MultipleSelection
Selection:create
:createfilter
filtersample.basic.filt1
sample.basic.filt1read
readon
on'Jan,
'Jan,sales',
sales',
no_access
no_accesson
on'@CHILDREN(Qtr2)';
'@CHILDREN(Qtr2)';
Attribute
AttributeMembers
Members: :create
createororreplace
replacefilter
filtersample.basic.filt1
sample.basic.filt1read
readon
on
'Sales, @ATTRIBUTE(Bottle)';
'Sales, @ATTRIBUTE(Bottle)';
Compound
CompoundFilter
Filter: :create
createororreplace
replacefilter
filter'Sample'.'Basic'.'Filter4'
'Sample'.'Basic'.'Filter4'
read on '@IDESCENDANTS ("East"),"100-20“’,
read on '@IDESCENDANTS ("East"),"100-20“’,
write
writeon
on'@IDESCENDANTS
'@IDESCENDANTS("West")'; ("West")';
Definition
DefinitionSpecific
Specific: :create
createororreplace
replacefilter
filtersample.basic.filter6
sample.basic.filter6read
readon
on
'Jan,Feb sales', no_access on '@CHILDREN(Qtr2)' definition_only;
'Jan,Feb sales', no_access on '@CHILDREN(Qtr2)' definition_only;
Shared
SharedService
ServiceIntroduction
Introduction
Shared
SharedServices
Servicesintegrates
integratesthe
theproducts
productstotoprovide
providethese
thesefunctionalities:
functionalities:
User provisioning
User provisioning
External authentication definition
External authentication definition
Task flow management
Task flow management
Shared
SharedServices
ServicesServer
Server
The
TheShared
SharedServices
Servicesserver
servercomponents:
components:
Databases (relational and OpenLDAP)
Databases (relational and OpenLDAP)
Web application server
Web application server
User Management Console
User Management Console
Global
GlobalRoles
Roles
Administrator The Administrator role provides control over all products that integrate with
Administrator The Administrator role provides control over all products that integrate with
Shared Services.
Shared Services.

Directory
DirectoryManager
Manager Users who are assigned the Directory Manager role can create
Users who are assigned the Directory Manager role can create
and
andmanage
manageusers
usersand
andgroups
groupswithin
withinNative
NativeDirectory.
Directory.

Project
ProjectManager
Manager
Users
Users whoare
who areassigned
assignedthe
theProject
ProjectManager
Managerrole
rolecan
cancreate
createand
andmanage
manageprojects
projects
within Shared Services.
within Shared Services.
 Shared Services Backup
• To create a hot backup of OpenLDAP:

• 1 Ensure that the Shared Services database is in online backup mode

• 2 Run these commands:
• Windows: <HSS_HOME>\server\scripts\backup.bat backup_folder_name
• UNIX: <HSS_HOME>/server/scripts/backup.sh backup_folder_name
• where <HSS_HOME> is the Shared Services installation location and
• backup_folder_name is the path to the backup folder.
• Windows example:
• c:\hyperion\SharedServices\9.3\server\scripts\backup.bat c:\HSS_backup
• UNIX example:
• /home/username/Hyperion/SharedServices/9.3/server/scripts/backup.sh/
• home/username/HSS_backup
• 3 Optional: Copy the backup folder to a backup device, such as a CD-ROM, alternate disk, or
tape.
 Shared Services Recovery
• For a catastrophic recovery, run these commands:
• Windows: <HSS_HOME>\server\scripts\recover.bat backup_folder_name
• catRecovery
• UNIX: <HSS_HOME>/server/scripts/recover.sh backup_folder_name
• catRecovery
• where <HSS_HOME> is the Shared Services installation location and
• backup_folder_name is the path to the backup folder.

• Windows example:
• c:\hyperion\SharedServices\9.3\server\scripts\recover.bat c:
• \HSS_backup catRecovery

• UNIX example:
• /home/username/Hyperion/SharedServices/9.3/server/
• scripts/recover.sh/home/username/HSS_backup catRecovery
• To ensure that the Shared Services relational and OpenLDAP databases are synchronized, run the
Sync Native Directory (OpenLDAP) utility.
Trouble
TroubleShooting
ShootingLDAP
LDAPDatabase
DatabaseRecovery
Recovery
C:\Hyperion\products\Foundation\openLDAP\bdb\bin\db_recover
C:\Hyperion\products\Foundation\openLDAP\bdb\bin\db_recover-v-v-h-h
C:\Hyperion\products\Foundation\openLDAP\var\openldap-data
C:\Hyperion\products\Foundation\openLDAP\var\openldap-data-t-t04101200
04101200
Questions???????