The document outlines the automation of security management in Oracle Planning and Budgeting Cloud Services (PBC), detailing aspects such as user roles, group management, and security best practices. It discusses how to manage users and groups, the concept of cell-level security, and various options available for bulk security updates using tools like EPM Automate and REST API. Additionally, it covers the process of applying security measures, including the management of predefined roles and access control reports.

1. Automating Security Management in
PBCS!
Dayalan Punniyamoorthy
Oracle ACE
Practice Manager, Inspirage.

2. © Copyright 2007-2020 Inspirage. All rights reserved.
2
EPM CLOUD SOLUTIONS
Financial Close and Consolidation
Budgeting and Forecasting
Reporting and Analytics
Profitability and Cost Management
Master Data Management
ERP CLOUD SOLUTIONS
ADVISORY
MANAGED SERVICES
DELIVERING ORACLE EPM & ERP
CLOUD SOLUTIONS GLOBALLY
NOW A PART OF
The Integrated Supply Chain Specialists

3. © Copyright 2007-2020 Inspirage. All rights reserved.
ORACLE EPM EXPERIENCE
• Oracle® Certified Platinum Partner
• One of the nation’s leading Oracle EPM strategy &
implementation firms
• Successfully implemented Oracle EPM solutions
for dozens of clients in the US, and abroad
• Oracle EPM professional average 15 years of
hands-on experience
• Focused on Fortune 500 companies & large scale,
enterprise-wide implementations
• Deep expertise from process design to technology
implementation
• Proven functional and industry templates to
leverage best practices
• Hyperion Essbase, Planning and HFM certified
professionals
3
Enterprise
Planning
Business
Intelligence
Reporting and
Analytics
Financial
Consolidation

4. © Copyright 2007-2020 Inspirage. All rights reserved.
4
The Session will address the following points:
• Introduction to Security in Oracle Planning and Budgeting
Cloud
• What are the artifacts/granular level that can have security
in PBC?
• What are the best practices for addressing security?
• How can you mass update security using EPM Automate,
REST API, Groovy, LCM, etc
• Demo
• Q&A
AGENDA

5. © Copyright 2007-2020 Inspirage. All rights reserved.
5
SECURITY IN PBC
Identity Domain Administrators create and manage Oracle
Enterprise Performance Management Cloud users. While users
are shared across test and production environments, they are
provisioned separately for each environments
Users
• Each user who needs to access an environment must have an
account in the identity domain associated with the environment.
Groups
• Comprising identity domain users or other groups. Assigning roles
to such groups enables Service Administrators to grant roles to
many users at once, thereby reducing administrative overheads.
You can no longer use
Access Control to
import group
information from a file
to create groups.
Similarly you cannot
export group
information using
Access Control. You
may use Migration or
EPM Automate
commands to export
and import groups.

6. © Copyright 2007-2020 Inspirage. All rights reserved.
6
Roles
Roles link users to the business activities that they are
permitted to perform within an environment and the data
that they can access.
Predefined Roles
• Service Administrator
• Power User
• User
• Viewer
SECURITY IN PBC

7. © Copyright 2007-2020 Inspirage. All rights reserved.
• Access Control enables you to complete these
activities in an environment:
• Managing Groups
• Assigning Roles to a Group or a User
• Generating a Role Assignment Report for a User or
Group
• Generating the Role Assignment Report For Your
Environment
• Viewing the User Login Report
• No utilities (e.g. importsecurity/exportsecurity)
we have in On-Premises version
ACCESS CONTROL
7

8. © Copyright 2007-2020 Inspirage. All rights reserved.
8
ACCESS CONTROL

9. © Copyright 2007-2020 Inspirage. All rights reserved.
 Dimensions, including user-defined dimensions
 Launch privileges to rules
 Rule folders
 Forms
 Dashboards
 Infolets
 Reports, Books, and Bursting Definitions
 Form folders
 Dashboard folders
 Infolet folders
 Reports and Documents folders
 Task lists
 Groovy templates
9
APPLICATION ARTIFACTS THAT CAN BE
ASSIGNED PERMISSIONS

10. © Copyright 2007-2020 Inspirage. All rights reserved.
Valid intersections are cell interactions which are filtered based on rules you define, called valid intersection rules,
which filter certain cell intersections to users when they enter data or select runtime prompts.
For example, you can specify that certain programs are valid only for some periods or departments.
After valid intersections are defined, cells containing invalid data are read-only. This restriction speeds the
planning process and optimizes the information available to users.
VALID INTERSECTIONS
10

11. © Copyright 2007-2020 Inspirage. All rights reserved.
Service Administrators applying cell-level security can deny access to cells that a user would normally have access to
due to their regular security. Cell-level security is therefore defined as an exception to the existing member security
Cell-level security uses rules, similar to valid intersection rules, to deny read or write access to users viewing certain
cell intersections anywhere a cell is shown (for example, forms, runtime prompts, Smart View, reports, dashboards,
infolets, and so on).
When cell-level security rules are applied, users with read access can see the data value in a cell but the cell is
not editable. If users are denied read access to a cell, the value displayed in the cell is #noaccess.
Service Administrator, an define and assign cell-level security rules to any user or group. It doesn't affect Service
Administrator.
CELL-LEVEL SECURITY
11

12. © Copyright 2007-2020 Inspirage. All rights reserved.
12
ACCESS PRECEDENCE
NONE Access
WRITTE Access
READ Access
GROUP Access
Highest
PREDENCE
Lowest
USER Access

13. © Copyright 2007-2020 Inspirage. All rights reserved.
13
ACCESS
CONTROL
REPORTS
Report that shows
which Groups have
access to which
Dimensions and the
specific values within
those Dimensions.

14. © Copyright 2007-2020 Inspirage. All rights reserved.
14
OPTIONS TO ADDRESS SECURITY IN BULK?
LCM (Migration)
Users
Groups
Roles
Users.xml contains all entries for user specific access
Under Groups folder, each <groupname>.xml is specific to that group

15. © Copyright 2007-2020 Inspirage. All rights reserved.
15
OPTIONS TO
ADDRESS SECURITY
IN BULK?
LCM

16. © Copyright 2007-2020 Inspirage. All rights reserved.
16
EPM Automate
OPTIONS TO ADDRESS SECURITY IN BULK?

17. © Copyright 2007-2020 Inspirage. All rights reserved.
17
EPM Automate
OPTIONS TO ADDRESS SECURITY IN BULK?
 addUsers
epmautomate addUsers FILE_NAME
userPassword=PASSWORD
resetPassword=true|false
 addUsersToGroup
epmautomate addUsersToGroup user_file.CSV
example_group
 assignRole
epmautomate assignRole FILE_NAME
 importAppSecurity
epmautomate importAppSecurity Acl_file.CSV
Acl_import_error.CSV clearall=true
 removeUsers
epmautomate removeUsers Remove_Users.CSV
 removeUsersFromGroup
epmautomate removeUsersFromTeam
example_users.csv example_team

18. © Copyright 2007-2020 Inspirage. All rights reserved.
18
REST API Resource view
OPTIONS TO ADDRESS
SECURITY IN BULK?

19. © Copyright 2007-2020 Inspirage. All rights reserved.
19
REST API Resource view
OPTIONS TO ADDRESS
SECURITY IN BULK?

20. © Copyright 2007-2020 Inspirage. All rights reserved.
BRINGING THE MAGIC
20 © Copyright 2007-2020 Inspirage. All rights reserved.

21. © Copyright 2007-2020 Inspirage. All rights reserved.
21
OPTIONS TO ADDRESS
SECURITY IN BULK?
//1.
//addUsersToGroup("addUsersToGrpCapEx.csv", "Accounts_CapEx"); //PUT
//2.
//removeUsersFromGroup("addUsersToGrpCapEx.csv", "Accounts_CapEx"); //PUT
//3.
//assignUsersRoles("assignUsersRoles.csv", "Mass Allocation"); //PUT
//4.
//assignUsersRoles("assignUsersRoles.csv", "Drill Through"); //PUT
//5.
//unassignUsersRoles("assignUsersRoles.csv", "Mass Allocation"); //PUT
//6.
//generateUserGroupReport("UserGroupReport6.csv")
//7.
//generateRoleAssignmentReport("RoleAssignmentReport6.csv");

22. © Copyright 2007-2020 Inspirage. All rights reserved.
© Copyright 2007-2020 Inspirage. All rights reserved.
Q&A
22
DEMOEMO

23. © Copyright 2007-2020 Inspirage. All rights reserved.
© Copyright 2007-2020 Inspirage. All rights reserved.
Q&A
23
CONCLUSION
Massupdateoptions
Massupdateoptions
Massupdateoptions
Massupdateoptions
 LCM
LCM
LCM
LCM
 EPM
EPM
EPM
EPMAutomate
Automate
Automate
Automate
 RESTAPI
RESTAPI
RESTAPI
RESTAPI
 Groovy(RESTAPI)
Groovy(RESTAPI)
Groovy(RESTAPI)
Groovy(RESTAPI)

24. © Copyright 2007-2020 Inspirage. All rights reserved.
www.inspirage.com
Dayalan Punniyamoorthy
@pdayalan www.linkedin.com/in/dayalanpunniyamoorthy/
Personal Blog: https://onlyhyperion.blogspot.com/