Skip to main content

Oracle

Cell Level security for Workforce Planning in PBCS/EPBCS

Istock 695810036

It is a common practice in most of the organizations that a departmental manager should have access to all accounts under his/her own department but only certain accounts in other departments. With the regular metadata security this manager will have access to all accounts under all departments. Oracle recently introduced cell-level security in PBCS & EPBCS. This feature enables the administrators to deny access to groups or users to specific cells that a group or user would normally have access through their regular security. In this blog I will explain how cell level security can be used to fulfill this functionality.

The user in the subject has access to both the finance and workforce cubes for all the entities under US i.e. Sales US, Marketing US, Financials US, Operations US, Manufacturing US & IT US. We will discuss how this user can be restricted access to Manufacturing US in Workforce cube below.

Smart View retrieval from the Finance Cube before applying the cell-level security

Cell Level Security 1

Smart View retrieval from the Workforce Cube before applying the cell-level security

Cell Level Security 2

Below are the steps to apply the cell level security.

Navigate to Cell Level Security by following the navigation as an administrator

Navigator -> Application->Cell-Level Security

Cell Level Security 3

Click the Create button as shown in the below screenshot

Cell Level Security 4

Click Cubes

Cell Level Security 5

Choose the OEP_WFP cube as shown in the below screen shots

Cell Level Security 6

Cell Level Security 7

Then choose the Anchor dimension by clicking the drop down and choosing the Entity.(Here Entity is the dimension where the Sales US, Marketing US, Financials US, Operations US, Manufacturing US & IT US members exist). Anchor dimensions are the required dimensions in the cube that is used in the cell-level security definition.

Cell Level Security 8

Click “Add Rule

Cell Level Security 9

Enter the Rule Name. In this case “Manufacturing US – Cell Level Security

Cell Level Security 10

Click the search button next to Users, Groups and select the user or group to be included in the Rule as shown below. Here I selected the user to be included in the rule.

Cell Level Security 11

Choose Restriction “Deny Read”.

Choose “Manufacturing US” entity to be denied the access for the user we have selected.

Cell Level Security 12

Cell Level Security 13

Cell Level Security 14

Once the rule is completed it will be displayed as below. Click Save.

Cell Level Security 15

Now log in as the user who is assigned the cell-level security rule “Manufacturing US – Cell Level Security” into smart view and query the data using the same queries used before.

Smart View retrieval from the Finance Cube after applying the cell-level securityCell Level Security 16

Smart View retrieval from the Workforce after applying the cell-level securityCell Level Security 17

Please observe the “Manufacturing US” entity is denied access for Workforce Cube whereas the Finance cube still has the access.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Ashok Raya

Ashok Raya is a Lead Technical Consultant in Perficient’s Corporate Performance Management Practice. As an accomplished Hyperion Applications Consultant, he is experienced in analyzing, designing, developing, implementing, and supporting Hyperion Suite of tools including Hyperion Essbase, Hyperion Financial Reporting, Hyperion Planning, Planning in the Oracle EPM Cloud, Business Intelligence, and Oracle ERP (EBS).

More from this Author

Categories
Follow Us