Essbase Users and Groups in Shared Services

When you migrate to Shared Services, all native Essbase users and groups that do not already exist in an external authentication directory are converted to native Shared Services users and groups in the native Shared Services user directory and are given equivalent roles. Externally authenticated users are registered with Shared Services but are still stored in their original authentication directory. See User and Group Migration.

After you have migrated to Shared Services, you must create and manage users and groups in Shared Services Console, or through the external user directory. See the Oracle Hyperion Enterprise Performance Management System User and Role Security Guide.

When users and groups are stored in an external authentication directory from any supported authentication provider, a user and group can have the same name on the same provider; however, two users or two groups can not have the same name on the same provider.

Shared Services supports aggregated groups, in which a parent group contains one or more subgroups. The subgroups inherit the roles of their parent group. For example, if a parent group is provisioned with the Essbase Administrator role, any subgroups (and users in the groups) inherit the Essbase Administrator role.

Note:

In Essbase, when you copy an application or database and the target Essbase Server is in EPM System security mode, user and group security is not copied with the application. Use the copy provisioning functionality in Shared Services Console to copy security for an application.