Tuesday, February 21, 2012

EPM/Hyperion Security Report on Files Roles Users and Groups



EPM/Hyperion Security Report on Files Roles Users and Groups [ID 973275.1]
 Modified 13-JUN-2011     Type HOWTO     Status PUBLISHED 

In this Document
  Goal
  Solution

Applies to:

Hyperion BI+ - Version: 11.1.1.3.00 and later   [Release: 11.1 and later ]
Information in this document applies to any platform.

Goal

Desire security reports to display:
1) List of all the groups (and their users) and their provisioning against any Hyperion application/report/role including Essbase, Planning, FR, IR, WebAnalysis, FDM, HFM, etc...
2) List of all the users (and their groups) and their provisioning against anyHyperion application/report/role including Essbase, Planning, FR, IR, WebAnalysis, FDM, HFM, etc...


Solution

Here is a list of some classes that can be invoked via the 9.3.1 JAVA SDK interface to achieve the needed requirement:

public interface Authorization

The Authorization interface provides methods used to obtain or modify information about entities stored in the Authorization System. Some of the information that can be obtained includes:
Creating, accessing and updating roles
Creating and accessing role accessors and instance permission

public interface Group
The Group interface provides methods used for obtaining information related to Groups defined to the Portal.

public interface InstancePermission
The InstancePermission interface provides methods used to manipulate permissions and system roles associated with an object Some of the operation that can be done are:
Check Permissions on system roles, methods of an object
Create and operate on an accessor object with System roles.

public class Permissions
extends com.sqribe.rm.RMBaseImpl
The Permissions class represents a set of flags that indicate the read, write and execute states assigned to owners, groups and everyone collections, similar to the Unix security scheme. Permission interfaces can be extracted for a number of elements found in the Portal.

For a full listing of classes: Hyperion_Home\BIPlus\SDK\javadoc\index.html

Also

The samples included under %HYPERION_HOME%\BIPlus\SDK\samples\java include java programs to retrieve users and groups (for example ListUsers.java & ListGroups.java).

There are other programs to Query a group and a user (QueryGroup.java, QueryUser.java). All in all, 58 java files are there.

You should aslo access the css API and retrieve the ACL for each user or group retrieved from one of the above scripts from OpenLDAP which holds the user/group provisioning data.

Run CSSExport to dump the contents of Hyperion Shared Services in a readable format.
Posted by at

2 comments:

  1. AnonymousAugust 5, 2013 at 1:45 PM

    Are you able to give more information on how to get the list of users and groups provisioned against all hyperion apps

    ReplyDelete
  2. rohitDecember 26, 2018 at 4:38 AM

    Great insights. I look forward to reading what you're planning on next, because your post is a nice read.

    KissAnime alternative

    ReplyDelete

Subscribe to: Post Comments (Atom)