Scribd Logo
Upload

Welcome to Scribd!

  • 203 views

    Essbase Security Filters

    Uploaded by

    Vikrant Singh
    Security filters in Essbase provide cell-level security and control over access to data within a database. Filters restrict access to specific cells or combinations of cells and are stored in the security file on the Essbase server. Filters can be created then assigned to users or groups to control what data they can access. Overlapping filter definitions are resolved based on the most detailed member specification or the access level with the highest permission.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd

    Essbase Security Filters

    Uploaded by

    Vikrant Singh
    203 views4 pages
    Security filters in Essbase provide cell-level security and control over access to data within a database. Filters restrict access to specific cells or combinations of cells and are stored in the security file on the Essbase server. Filters can be created then assigned to users or groups to control what data they can access. Overlapping filter definitions are resolved based on the most detailed member specification or the access level with the highest permission.

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Security filters in Essbase provide cell-level security and control over access to data within a database. Filters restrict access to specific cells or combinations of cells and are stored in the security file on the Essbase server. Filters can be created then assigned to users or groups to control what data they can access. Overlapping filter definitions are resolved based on the most detailed member specification or the access level with the highest permission.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    203 views4 pages

    Essbase Security Filters

    Uploaded by

    Vikrant Singh
    Security filters in Essbase provide cell-level security and control over access to data within a database. Filters restrict access to specific cells or combinations of cells and are stored in the security file on the Essbase server. Filters can be created then assigned to users or groups to control what data they can access. Overlapping filter definitions are resolved based on the most detailed member specification or the access level with the highest permission.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 4

    ESSBASE SECURITY FILTERS

    Security filters refers to cell level security, providing control access to individual data within a database. When we create filters we are restricting access to either a particular cell or combination of cells upon a database. Once created, filters are stored on the server in Essbase.sec, the security file. Once stored they can be assigned to multiple users or group of users. However, only one filter per database can be assigned to a user or group. We can also create filters for specific condition.The task flow will be first, create filters then assign access rights to the user then login with the user and check whether filter is working. For example, you want to show only the sales numbers to a particular user, than you give access to sales member of your outline to that particular user. This makes him access only the sales member. The following Essbase roles provide different levels of authority to perform tasks in Essbase. You can provision a user with the following roles for an Essbase Server: ->Administrator ->Create/Delete Application ->Server Access

    You can provision a user with the following roles for an application: ->Application Manager ->Write ->Read ->Database Manager ->Filter ->Calc ->Start/Stop Application

    Following access levels can be applied to data ranging from a list of members to one cell. Access Level None Read Write Metaread Description No data can be retrieved or updated for the specified member list. Data can be retrieved but not updated for the specified member list. Data can be retrieved and updated for the specified member list. Metadata (dimension and member names) can be retrieved and updated for the corresponding member specification.

    The metaread access level has higher precedence than other three access levels i.e. it overrides all other access levels. Any cells that are not specified in the filter definition inherit the database access level. Filters can, however, add or remove access assigned at the database level, because the filter definition, being more data-specific, indicates a greater level of detail than the more general database access level.

    Once created, we can perform the following actions on filters: We can view a list of filters, we can edit an existing filter, we can copy filters to applications and databases on any Essbase Server, according to our permissions. Also we can copy filters across servers as part of application migration, we can also rename & delete an existing filters. When we are done done with creating filters, we have to assign them to users or groups. Filters do not affect users who have the Administrator role. Only one filter per database can be assigned to a user or group.

    Overlapping filter definition Issues


    If a filter contains rows that have overlapping member specifications, the inherited access is set by following rules: 1. A filter that defines a more detailed dimension combination list takes precedence over a filter with less detail. 2. If the preceding rule does not resolve the overlap conflict, the highest access level among overlapping filter rows is applied. For example, this filter contains overlap conflicts: Access Member Specification Write None Read Actual Actual Actual, @IDESCENDANTS( New York )

    The third specification defines security at a greater level of detail than the other two. Therefore read access is granted to all Actual data for members in the New York branch. Because write access is a higher access level than none & read, therefore data values in Actual are granted write access.

    Overlapping access definition Issues


    When the access rights of user and group definitions overlap, the following rules, listed in order of precedence, apply: 1. An access level that defines a more detailed dimension combination list takes precedence over a level with less detail. 2. If the preceding rule does not resolve the overlap conflict, the highest access level is applied.

    Example: User Fred is defined with the following database access: FINPLAN CAPPLAN PRODPLAN R W N

    He is assigned to Group Marketing which has the following database access: FINPLAN CAPPLAN PRODPLAN His effective rights are set as: FINPLAN CAPPLAN PRODPLAN Example: User Mary is defined with the following database access: FINPLAN PRODPLAN R N R W W N N W

    She is assigned to Group Marketing which has the following database access: FINPLAN PRODPLAN Her effective rights are set as: FINPLAN PRODPLAN R W N W

    (Order of precedence:

    Metaread

    >

    Write

    >

    Read

    >

    None)

    You might also like