Shared Services Roles

All Shared Services roles are power roles. Typically, these roles are granted to power users who are
involved in administering Shared Services and other Hyperion products.

1. Administrator Provides control over all products that integrate with Shared Services. It enables
more control over security than any other Hyperion product roles and should therefore be
assigned sparingly. Administrators can perform all administrative tasks in User Management
Console and can provision themselves. This role grants broad access to all applications registered
with Shared Services. The Administrator role is, by default, assigned to the admin Native
Directory user, which is the only user available after you deploy Shared Services.
2. Directory Manager Creates and manages users and groups within Native Directory.
Do not assign to Directory Managers the Provisioning Manager role because combining these
roles allows Directory Managers to provision themselves. The recommended practice is to grant
one user the Directory Manager role and another user the Provisioning Manager role.

3. LCM Manager Runs the Artifact Life-Cycle Management utility to promote artifacts or data
across product environments and operating systems.

4. Project Manager Creates and manages projects within Shared Services.

5. Create Integrations Creates Shared Services data integrations (the process of moving data
between applications) using a wizard. For Oracle's Enterprise Performance Management
Architect, creates and executes data synchronizations.

6. Run Integrations Views and runs Shared Services data integrations.

For Performance Management Architect, executes data synchronizations.

7. Dimension Editor Creates and manages import profiles for dimension creation. Also, creates and
manages dimensions manually within the Performance Management Architect user interface or
the Classic Application Administration option.
Required to access Classic Application Administration options for Financial Management and
Planning using Web navigation.

8. Application Creator Creates and deploys Performance Management Architect applications.

Users with this role can create applications, but can change only the dimensions to which they
have access permissions.
Required, in addition to the Dimension Editor role, for Financial Management and Planning users
to be able to Navigate to their product’s Classic Application Administration options. When a user
with Application Creator role deploys an application from Performance Management Architect,
that user automatically becomes the application administrator and provisioning manager for that
application.

The Application Creator can create all applications.

1. Analytic Services Application Creator: The Analytic Services Application Creator can create
Generic Performance Management Architect applications.
2. Financial Management Application Creator: The Financial Management Application Creator
can create Consolidation applications and Performance Management Architect Generic
applications. To create applications, the user must also be a member of the Application Creators
group specified in Financial Management Configuration Utility.
 3. Planning Application Creator: The Planning Application Creator can create Planning
applications and Performance Management Architect Generic applications.

Essbase Roles

Power Roles

1. Administrator Grants full access to administer the server, applications and databases
2. Application Manager Creates deletes and modifies databases, and application settings within the
assigned application. Includes Database Manager permissions for the databases within the assigned
application
3. Create/Delete Application Creates and deletes applications and databases within applications.
Includes Manager permissions for the applications and databases created by this user
4. Database Manager Manages the databases, database objects, locks and sessions within the assigned
application
5. Load/Unload Application Start and stops an application or databases.

Interactive Roles

1. Calc :- Calculates, updates and reads data values based on the assigned scope, using any assigned
calculations and filter

2. Write : -Updates and reads data values based on the assigned scope, using any assigned filter

3. Filter :- Accesses specific data and meta data according to the restrictions of a filter

View Roles

· Read :- Read data values

· Server Access :- Accesses any database that has a default access other than none

Planning Roles

Power Roles

1. Administrator Performs all application tasks except those reserved for the application owner and
Mass Allocate role. Creates and manages applications, manages access permissions, initiates the
budget process, designates the email server for notifications.
2. Application Owner Reassigns application ownership.
Mass Allocate Accesses the Mass Allocate feature to spread data multi-dimensionally down a
hierarchy, even to cells not visible in the data form and to which the user does not have access.
Any user type can be assigned this role, but it should be assigned sparingly.

3. Analytic Services Write Access for planners and interactive users: Grants users the same access
permissions they have in Planning to Planning data in Essbase. Enables users having write access,
to change Planning data directly in Essbase using another product such as Financial Reporting or
a third-party tool.
Interactive Roles

1. Interactive User Creates and maintains data forms, Smart View worksheets, business rules, task
lists, Financial Reporting reports, and Oracle's Hyperion® Application Link adapter processes
and flow diagrams. Manages the budget process. Can perform all Planner tasks. Interactive users
are typically department heads and business unit managers.

Planner Roles

1. Planner Enters and submits plans for approval, runs business rules and Oracle's Hyperion®
Application Link flow diagrams. Uses reports that others have created views and uses task lists,
enables e-mail notification for themselves, creates data using Smart View.

View Roles

1. View User Views and analyzes data through Planning data forms and any data access tools for
which they are licensed (for example, Financial Reporting, Web Analysis, Smart View). Typical
View users are executives who want to see business plans during and at the end of the budget
process.

Planning Securtiy Access Levels

Access Permissions in Hyperion Planning

Shared Services roles that set access permissions for managing projects, applications, dimensions, users,
and groups.

Planning Elements That Can Be Assigned Access

You can assign access permissions to:

● Scenario members
● Version members
● Account members
● Entity members
● User-defined custom dimension members
● Data forms
● Task lists
● Business rules

For example, users must have these Shared Services roles to perform the specified tasks:

❍ Project Manager: Creates and manages projects in Shared Services.

❍ Provisioning Manager: Provisions users and groups to applications.
❍ Dimension Editor: Required for Performance Management Architect and Classic applications. For
Performance Management Architect, allows access to application administration options for Planning. For
Classic, allows access to the Classic Application Administration options for Planning (in combination
with the Planning Application Creator role).
❍ Planning Application Creator: Required for Performance Management Architect and Classic
applications. For Performance Management Architect, allows users to create Planning applications and
Performance Management Architect Generic applications.For Classic, allows access to the Classic
Application Administration options for Planning (in combination with the Dimension Editor role).
● User-defined dimensions. Assign access permissions to members by selecting the dimension property
Apply Security. If you omit setting Apply Security, all users can access the dimension's members. By
default, the Account, Entity, Scenario, and Version dimensions are enabled for access permissions.
● Users and groups, which can vary among applications. Assign access to Planning application elements
by using Assign Access.

Note:-After updating access permissions, refresh the application to update Essbase security filters.

Types of Access Permissions

Access permissions for the specified user or group to the dimension member, data form, or task list
include:
● Read—Allows view access
● Write—Allows view and modify access
● None—Prohibits access; the default access is None
You can specify access permission for individual users and each group. When you assign a user to a
group, that user acquires the group's access permissions. If an individual's access permissions conflict
with those of a group the user belongs to, user access permissions take precedence.

➤ To enable access permissions for dimensions:

1 Select Administration > Dimensions.
2 For Dimension, select the dimension to change.
3 Click Edit.
4 In Dimension Properties, select Apply Security to allow access permissions to be set on its members.If
you do not select this option, there is no security on the dimension, and users can access its members
without restriction.
5 Click Save.
Click Refresh to revert to the previous values.

➤ To assign access to members:

1 Select Administration > Dimensions.
2 For Dimension, select the dimension to assign access to its members.
3 Select the member for which to assign access.
4 Click Assign Access.
5 Add, change, or remove access.

➤ To assign access permissions to members:

1 Select Administration > Dimensions.
2 For Dimension, select the dimension for whose member you want to add access.
3 Click Assign Access.
4 Click Add Access.
5 Optional: To migrate a user or group's changed identity or their position in the user directory from User
Management Console to Planning, click Migrate Identities.
6 Optional: To remove deprovisioned or deleted users or groups from the Planning database to conserve
space,
click Remove Non-provisioned Users/Groups.
7 For Users and Groups on Add Access, select the users and groups to access the selected member.
8 For the selected member, select the access type.
9 Optional: Select a relationship.
For example, select Children to assign access to the children of the selected member.
10 Click Add.
11 Click Close.

➤ To modify access permissions for members:

1 Select Administration > Dimensions.
2 For Dimension, select the dimension for whose member you want to edit access.
3 Click Assign Access.
4 Optional: To migrate a user or group's changed identity or their position in the user directory from User
Management Console to Planning, click Migrate Identities.
5 Optional: To remove deprovisioned or deleted users or groups from the Planning database to conserve
space,
click Remove Non-provisioned Users/Groups.
6 Click Edit Access.
7 For the selected member on Edit Access, select the access type for the displayed users or groups.
8 Optional: Select a relationship.
For example, select Children to assign access to children of the selected member.
9 Click Set.
10 Click Close.

➤ To remove access permissions for members:

1 Select Administration > Dimensions.
2 For Dimension, select the dimension for whose member you want to remove access.
3 Click Assign Access.
4 Select the users and groups for whom to remove access to the selected member.
5 Click Remove Access.
6 Click OK.
7 Click Close.

➤ To report on current access permissions for users and groups in Planning:

1 In the User Management Console, select a Planning application under Projects. Select Administration >
Access Control Report.
2 On Select User or Group, select options:
● Available Users
● Available Groups
● Available Users and Groups
3 From the left Available panel, select and move users or groups to report on to the Selected panel:
● To move selections, click .
● To remove selections, click .
● To move all users or groups, click .
● To remove all users and groups, click .
If you enter a user or group name instead of browsing to it, you must enter the full name. For
names with commas, enclose the name in quotation marks (for example, “Hennings, Emily”).
4 Click Next.
Select Objects is displayed.

➤ To select reporting objects:

1 Start the Access Control Report.
2 On Select Objects, select the Planning objects on which to report:
● To move selections to Selected Objects, click .
● To remove selections, click .
● To move all objects, click .
● To remove all objects, click .
3 Click Next.
Report Options is displayed.

➤ To specify options for access reports:

1 Start the Access Control Report.
2 On Report Options, for Show Matching Access of Type, select the access to view: Read, Write, or None.
3 ForGroup the Results By, select how to view the report: Users or Objects.
4 From the Report Type sections, select Assigned Access or Effective Access:
5 Click Finish.
Adobe Acrobat launches, displaying the report online.

Setting Up Access Permissions in Financial Reporting

Financial Reporting supports these access permissions:
● User authentication
❍ Logon access permissions
❍ Access to Financial Reporting and data source
● Application permissions
❍ Access to tasks within Financial Reporting
❍ Permissions to design or view reports
● Data Rights
❍ Access to data source data such as members and values
❍ Access to Financial Reporting objects such as reports and folders Setting

Hyperion LOGS

Shared Services Log Files

1. SharedServices_Security.log Security-related error messages concerning users, groups, roles,

and provisioning operations
2. SharedServices_Admin.log Messages-related to the User Management Console and any
messages reported during Shared Services runtime.

3. SharedServices_Metadata.log Metadata management and registration-related errors and

messages.
 4. SharedServices_Taskflow.log Taskflow-related errors and messages from Common Event
Services

5. SharedServices_Taskflow_CMDExecute.log Taskflow scheduling errors and messages from

Common Event Services

6. SharedServices_Taskflow_Optimize.log Taskflow optimization errors and messages from

Common Event Services

7. SharedServices_SyncOpenLDAP.log Messages from the synchronization of Native Directory

with Shared Services database

8. SharedServices_Memory_Profiler.log Messages-related to the memory usage by the Common

Administrative Service

9. SharedServices_Security_Client.log Product-specific messages and errors generated by

Hyperion products

SharedServices_Security_Client.log is located in the Temp directory of the product using the external
authentication client. The location of the Temp directory varies, based on the application server and
platform.
All Shared Services log files are located in \logs\SharedServices9.

Essbase Logs

This topic describes the logs that Essbase Server creates to record information about server,
Application, and database activities.

Essbase Server writes activities that occur in Essbase Server and application logs. The Essbase Server log
is a text file in the ARBORPATH directory named essbase.log. In a standard installation, for example, the
Essbase Server log is:

hyperion\AnalyticServices\essbase.log.

Each application on Essbase Server has its own application log. An application log is a text file in the

ARBORPATH\app\application_name directory named application_name.log.

For the Sample Basic database, for example, the application log is:

hyperion\AnalyticServices\app\sample\sample.log

By default, application_name.log and Essbase.log record this information:

 1. Information messages
2. Warning messages

3. Error messages

Use essbase.cfg settings to specify the messages types written to application_name.log

and Essbase.log.

See Detailed Information about Essbase/Planning/BR Logs in the below attached file.

What is Essbase?

What is Multi-Dimensional?

• Uses a cube metaphor to describe data storage.

• An Essbase database is considered a “cube”, with each cube axis representing a different dimension, or
slice of the data (accounts, time, products, etc.)
• All possible data intersections are available to the user at a click of the mouse.
Multi-Dimensional vs. Relational
• Multi-dimensional database are usually queried top-down – the user starts at the top and drills into
dimensions of interest.
– Can perform poorly for transactional queries
• Relational databases are usually queried bottom-up – the user selects the desired low level data and
aggregates.
– Harder to visualize data; can perform poorly for high-level queries.

What is Essbase?

Essbase is a multidimensional database management system. The name Essbase stands for Extended
Spread Sheet dataBASE. Using the custom add-in provides the end-user with near seamless
compatibility in the Microsoft Excel spreadsheet program.

1. The leading enterprise multi-dimensional database engine

2. Provides real-time analytic infrastructure for business intelligence and enterprise performance
management (EPM) applications.
3. Engineered for scalability, security, and rapid-response.
4. Through an intuitive interface, business users can manipulate large data sets to model complex
scenarios, forecast outcomes, and perform “what-if” analyses to identify trends and optimize business
results.

Why Use Essbase?

1. Rich User Experience – users “converse” with the data

2. Business and Finance can manage their own metadata and reports
3. Highly advanced calculation engine
4. Easy integration of data sources, including manual input
5. Large scalability
6. Robust, cell-level security
7. Many sophisticated reporting tools

8. Powerful Calculation Engine.

• Over 350 built-in functions, including:

– Financial functions, such as net present value, rate of return, and compound growth
– Custom multi-dimensional functions such as @ALLOCATE to drive data to multiple business
intersections
– Complete time-series support
– Support for summary-level input
• Both run-time and batch calculations
• MDX support

9. Integration of Data Sources

• Unique multi-user read/write technology

• Information from many data sources can be easily integrated into one database, and thus one set of user
queries
• In particular, allows budgets and forecasts to be fully integrated with actual
Hyperion Planning 9 Tutorial

Creating Sample Application in Hyperion Planning 9 version

Oracle's Hyperion® Planning – System 9 is a Web-based budgeting and planning solution that drives
collaborative, event-based operational planning processes throughout the organization for a wide range of
financial and operational needs. It enables a complete and closed-loop planning process that drives
continuous business improvement. Decision makers and front-line Managers can communicate the course
of action and collaborate with budget holders to optimize the planning process. Planners have the
flexibility to adapt rapidly, ensuring plans are relevant And useful. Planning:

1. Facilitates collaboration, communication, and control across multi-divisional global Enterprises

2. Provides a framework for perpetual planning, with attention to managing volatility and Frequent
planning cycles

3. Provides ease of use and deployment through the Web or Oracle's Hyperion® Smart View for Office

4. Lowers the total cost of ownership through a shorter roll out and implementation phase, and easier
maintenance for applications

5. Enhances decision-making with reporting, analysis, and planning

6. Promotes modeling with complex business rules and allocations

7. Integrates with other systems to load data

Some of the features of Hyperion Planning are

1. It uses multidimensional data structure which is powered by Essbase calculation Engine for data
collection and Analysis.

2. Web based user data entry forms which users themselves can create.

3. Users can set their targets online and can do bottom-up planning.

4. Ability to create complex models using business rules.

5. Currency conversion feature for multi currency applications.

6. Ability to create complex models.

7. Users can create task lists which enables them to understand the status of their tasks.
Before Starting Creating Planning Application you should have

1. Hyperion Essbase
2. Hyperion Shared Services

3. HAL-Hyperion Application Link/DIM-Data Integration Management

4. HBR-Hyperion Business Rules

5. Smart View for Office and Excel Add-in

6. EAS/AAS

7. We also require one Relational Database to Store Planning Frame Work/Components (Meta data is
Stored in both RDBMS and ESSBASE)

Planning Application Creation Process

Pre-Requisites are RDBMS database and ESSBASE server +Data Source(UDL/DSN)

Steps for Creating Planning Application in System 9

1. Application Name and Description

2. Defining Calendar

3. Defining Currencies

4. Defining Plan Types

5. Finish