When you migrate to Shared Services, all native Essbase users and groups that do not already exist in an external authentication directory are converted to native Shared Services users and groups in the native Shared Services user directory and are given equivalent roles. Externally authenticated users are registered with Shared Services but are still stored in their original authentication directory. See User and Group Migration.
After you have migrated to Shared Services, you must create and manage users and groups in Shared Services Console, or through the external user directory. See the Oracle Hyperion Enterprise Performance Management System User and Role Security Guide.
When users and groups are stored in an external authentication directory from any supported authentication provider, a user and group can have the same name on the same provider; however, two users or two groups can not have the same name on the same provider.
Shared Services supports aggregated groups, in which a parent group contains one or more subgroups. The subgroups inherit the roles of their parent group. For example, if a parent group is provisioned with the Essbase Administrator role, any subgroups (and users in the groups) inherit the Essbase Administrator role.