Loading...

Runtime Prompt Security Oracle Hyperion Planning

Situation
As many of you know, one of the benefits of using a business rule over a calculation script is their ability to utilize run time prompts.  Run time prompts allow the business rule to be dynamically customized to the point of view (POV) the user is currently working with.  This allows for more focused calculations and aggregations to a specific portion of the cube.
Hyperion Planning - Runtime Prompt Security
Once the run time prompts have been populated with their respective member(s) the business rule is then passed to Essbase for execution.  The executed code is run with administrative privileges and is not dependent upon the specific user’s read/write access to the members select.  Typically, this is not a problem because the rules are set to run with the POV the user is currently working with, which is usually only an intersection they have access to.

A security issue can arise when the user is allowed to select members for the run time prompts.  When the user launches a business rule they might select a member which they do not have write access to but because the rule will execute with administrative privileges the data will still be updated.

Solution
To resolve this security gap, Oracle has recently incorporated a security setting for each run time prompt specific to each business rule.

From the Variable tab you will see each run time prompt variable and its respective Security.

The Security Options are:
  • Use Default - provides users the ability to see and either enter or select any of the dimension members
  • Read - provides users the ability to see and either enter or select only those members the user has Read access to.
  • Write - provides users the ability to see and either enter or select only those members the user has Write access to.
VirtualNuggets 7442189703506209354

Post a Comment

emo-but-icon

Home item

Popular Posts

Random Posts

Flickr Photo