Runtime Prompt Security Oracle Hyperion Planning
https://oraclehyperionplanningonlinetrainings.blogspot.com/2015/11/runtime-prompt-security.html
Situation
As many of you know,
one of the benefits of using a business rule over a calculation script is their
ability to utilize run time prompts. Run
time prompts allow the business rule to be dynamically customized to the point
of view (POV) the user is currently working with. This allows for more focused calculations and
aggregations to a specific portion of the cube.
Once the run time
prompts have been populated with their respective member(s) the business rule
is then passed to Essbase for execution.
The executed code is run with administrative privileges and is not
dependent upon the specific user’s read/write access to the members
select. Typically, this is not a problem
because the rules are set to run with the POV the user is currently working
with, which is usually only an intersection they have access to.
A security issue can
arise when the user is allowed to select members for the run time prompts. When the user launches a business rule they
might select a member which they do not have write access to but because the
rule will execute with administrative privileges the data will still be
updated.
Solution
To resolve this
security gap, Oracle has recently incorporated a security setting for each run
time prompt specific to each business rule.
From the Variable
tab you will see each run time prompt variable and its respective Security.
The Security Options
are:
- Use Default - provides users the ability to see and either enter or select any of the dimension members
- Read - provides users the ability to see and either enter or select only those members the user has Read access to.
- Write - provides users the ability to see and either enter or select only those members the user has Write access to.
