Security for Users and Groups in EPM System Security

When running Essbase in EPM System security mode, Essbase obtains user and group details (including user and group information and provisioning to Essbase applications) from Shared Services. Essbase no longer stores all users and groups in the Essbase security file (essbase.sec); therefore, an Essbase Administrator does not need to explicitly synchronize security between Essbase and Shared Services.

When a user logs on to Essbase, Essbase queries Shared Services for that user’s information. The privileges with which a user starts a session are preserved throughout the session, regardless of whether the user’s privileges are changed in Shared Services during the session.

A user or group is stored in the Essbase security file only under the following circumstances:

To remove users or groups from the Essbase security file without de-provisioning them from Shared Services, use the drop user or drop group MaxL statements with the from security_file grammar. Calculation and filter associations also are removed.

For display operations, Essbase queries Shared Services. See: