User Security Considerations after EPM System Security Migration and Upgrade

The following security issues must be addressed after migrating users to Shared Services or upgrading Essbase:

The migration utility (which runs on 32-bit Windows only), identifies the users who are affected by both security issues. Additionally, if specified, the utility can correct the issue of Essbase Administrators having application roles.

  To run the migration.bat file:

  1. Navigate to the ESSBASEPATH/utilities directory.

  2. Unzip the migration.zip file, which creates a MigrationTools subdirectory.

  3. In the MigrationTools subdirectory, edit the migration.properities file with the following information:

    • AdminUserName—Name of the Essbase Administrator who runs the migration utility

    • AdminUserPassword—The Essbase Administrator’s password

    • HSSServer—Hostname of the Shared Services Server

    • HSSPort—Port number of the Shared Services Server

    • EssbaseProjectName—The project name for the Essbase Server on which you want to run the migration utility

    • SavedToFile—When set to TRUE, specifies that the results of the migration script should be written to the following text files, which are located in the MigrationTools subdirectory:

      • EntitiesWithCubeRolesOnly.txt—Lists the users and groups that have application roles but do not have a role on the global Essbase Server application

      • EssbaseAdminsWithCubeRoles.txt—Lists the Essbase Administrators who have application roles

        When set to FALSE (the default), the results are written to the screen.

        Sample versions of these files are located in the MigrationTools subdirectory.

    • FixAdminUser—When set to TRUE, removes application roles from Essbase Administrators. When set to FALSE (the default), writes the names of Essbase Administrators, and the application roles assigned to them, to the screen.

      For example:

      AdminUserName = admin
      AdminUserPassword = password
      HSSServer = pant5
      HSSPort = 58080
      EssbaseProjectName = Analytic Servers:ALNG3:1
      SavedToFile true
      FixAdminUser false
      

    Note:

    When running the utility for the first time against an Essbase Server, Oracle recommends setting SavedToFile to TRUE and FixAdminUser to FALSE so that you can view and verify the results. Then, you can set FixAdminUser to TRUE and run the utility again to remove application roles from Essbase Administrators.

  4. Run the migration.bat file.

  5. Make any necessary manual changes.