Using EBS to Manage EPM System Functional Security for

advertisement
Using Oracle E-Business Suite
(EBS) to Manage EPM
Functional Security
For EPM Releases 11.1.1.3 and 11.1.2
Use Case
• The customer manages the privileges and
responsibilities in EBS
• The customer would like to manage EPM’s
functional security (roles) in EBS as part of a
custom application with its privileges
Assumptions
• EBS users belong to a corporate directory
such as OID or MSAD
• If EBS is configured to use native users and
not OID, then the email address in EBS
should match the email address of the
corporate directory
Integration Approach
• The integration is done via two capabilities in
EPM:
• Hyperion Shared Service’s ability to assign roles to
native groups
• LCM’s ability to load native groups into the system
Configuration Steps for the
Integration
Task Overview
• In EPM:
• Configure EPM’s security to use the corporate
directory where the EBS users reside
• Use SQLPlus or other means to export
responsibilities and users assigned to these
responsibilities
• Use LCM to import the above data into Shared
Services. This will create native EPM groups for
each EBS responsibility
• Schedule these two tasks to run them periodically,
as needed
Configuring EPM Security
• EPM security is administered and managed in
Shared Services. You need to launch Shared
Services Console and configure the corporate
directory where the EBS users reside as a
provider in Shared Services. The following
slides detail these steps using OID as an
example.
Configure EBS User Directory
Configure EBS User Directory
Configure EBS User Directory
Configure EBS User Directory
Configure EBS User Directory
Configure EBS User Directory
Again
• Configure the EBS user directory once to be able to
authenticate users based on their login attribute
• Configure the EBS user directory again with the email
address as the login attribute, because users are
extracted and imported from EBS based on the email
attribute
• After configuring the EBS user directory with the email
address as the login attribute, put that directory lower
in the search order and disable group cache
Configure EBS User Directory
Again – using email address
Configure EBS User Directory
Again – using email address
Provide a
valid email
address here
and click
autoconfigure
Configure EBS User Directory
Again – using email address
Uncheck
This to
disable group
cache
Configure EBS User Directory
Again – using email address
Lower Search Order for New
Directory Configured
Use LCM to Create Migration
Definition File
• Use the LCM UI in Shared Services Console
to build a migration definition file that will be
used to import the responsibilities data
• Once LCM data has been extracted as
shown, add the EBS extracted data in the
format specified to the groups.csv file that
is found under the folder you will specify in the
LCM UI at:
$MIDDLEWARE_HOME\user_projects\epm
system1\import_export\admin@Native
Directory
Create Migration Definition File
for LCM
Create Migration Definition File
for LCM
Create Migration Definition File
for LCM
Create Migration Definition File
for LCM
Create Migration Definition File
for LCM
Save Migration Definition File
Execute Migration
The Exported Shows up
on the Filesystem
Extract EBS Security
• The following three slides show the sample SQL that can
be used to extract the security from EBS. You will need to
format the output as shown in the “Sample Format for
Groups.csv” slide.
• Merge the results of the two queries into a single CSV file.
• Insert the headers and static text as shown in red in the
.csv file prior to importing into Shared Services.
• Note that in the slide that shows the sample format for
goups.csv, the text shown in red is mandatory and static.
• The sample query has a condition in the “where” clause to
filter based on a given application name. Use the
application name in EBS that will be used for managing
user security for EPM.
Extract Responsibilities in .csv Format
Extract the responsibilities so that these will be the native groups. You may use the
following sample but customize to your specific implementation.
select distinct'"'||R.RESPONSIBILITY_NAME||'"',',Native Directory'
from
APPS.FND_USER_RESP_GROUPS G
, APPS.FND_USER U
, APPS.FND_RESPONSIBILITY_VL R
, APPS.FND_APPLICATION_VL A
where (1=1)
/* joins */
and R.APPLICATION_ID = A.APPLICATION_ID
and G.RESPONSIBILITY_ID = R.RESPONSIBILITY_ID
and G.RESPONSIBILITY_APPLICATION_ID = R.APPLICATION_ID
and G.USER_ID = U.USER_ID
/* filters */
and R.START_DATE < SYSDATE and nvl(R.END_DATE, SYSDATE) >= SYSDATE
and U.START_DATE < SYSDATE and nvl(U.END_DATE, SYSDATE) >= SYSDATE
and G.START_DATE < SYSDATE and nvl(G.END_DATE, SYSDATE) >= SYSDATE
/*and A.APPLICATION_SHORT_NAME = 'EPM'*/
and U.USER_ID is not null
Extract Responsibilities and
Assignments in .csv Format
Use this query if using OID with EBS to extract the responsibilities and the users
assigned to these responsibilities for the custom application created. You may use
the following sample but customize to your specific implementation.
select
'"'||R.RESPONSIBILITY_NAME||'"',',',',',','
, '"'||U.USER_NAME||'"', ',Native Directory'
from
APPS.FND_USER_RESP_GROUPS G
, APPS.FND_USER U
, APPS.FND_RESPONSIBILITY_VL R
, APPS.FND_APPLICATION_VL A
where (1=1)
/* joins */
and R.APPLICATION_ID = A.APPLICATION_ID
and G.RESPONSIBILITY_ID = R.RESPONSIBILITY_ID
and G.RESPONSIBILITY_APPLICATION_ID = R.APPLICATION_ID
and G.USER_ID = U.USER_ID
/* filters */
and R.START_DATE < SYSDATE and nvl(R.END_DATE, SYSDATE) >= SYSDATE
and U.START_DATE < SYSDATE and nvl(U.END_DATE, SYSDATE) >= SYSDATE
and G.START_DATE < SYSDATE and nvl(G.END_DATE, SYSDATE) >= SYSDATE
/*and A.APPLICATION_SHORT_NAME = 'EPM'*/
and U.USER_NAME is not null
Extract Responsibilities and
Assignments in .csv Format
Use this query if using EBS with native users to extract the responsibilities and the users
assigned to these responsibilities for the custom application created. The email address in EBS
should match the external directory as well. You may use the following sample but customize to
your specific implementation.
select
'"'||R.RESPONSIBILITY_NAME||'"',',',',',','
, '"'||U.EMAIL_ADDRESS||'"', ',Native Directory'
from
APPS.FND_USER_RESP_GROUPS G
, APPS.FND_USER U
, APPS.FND_RESPONSIBILITY_VL R
, APPS.FND_APPLICATION_VL A
where (1=1)
/* joins */
and R.APPLICATION_ID = A.APPLICATION_ID
and G.RESPONSIBILITY_ID = R.RESPONSIBILITY_ID
and G.RESPONSIBILITY_APPLICATION_ID = R.APPLICATION_ID
and G.USER_ID = U.USER_ID
/* filters */
and R.START_DATE < SYSDATE and nvl(R.END_DATE, SYSDATE) >= SYSDATE
and U.START_DATE < SYSDATE and nvl(U.END_DATE, SYSDATE) >= SYSDATE
and G.START_DATE < SYSDATE and nvl(G.END_DATE, SYSDATE) >= SYSDATE
/*and A.APPLICATION_SHORT_NAME = 'EPM'*/
and U.EMAIL_ADDRESS is not null
Sample Format for Groups.csv
– using email_address
#group
id,provider,name,description,internal_id
Sourcing Supplier Resp02 , Native Directory
Cash Management , Native Directory
General Ledger Super User , Native Directory
#group_children
id,group_id,group_provider,user_id,user_provider
Sourcing Supplier Resp02 , , , procqa-seller1_us@oracle.com ,
Native Directory
Cash Management , , , ARFinQA_in@oracle.com , Native Directory
General Ledger Super User , , ,
Native Directory
ebusiness_vision@oracle.com ,
Sample Format for Groups.csv
– using user_id
#group
id,provider,name,description,internal_id
Sourcing Supplier Resp02 , Native Directory
Cash Management , Native Directory
General Ledger Super User , Native Directory
#group_children
id,group_id,group_provider,user_id,user_provider
Sourcing Supplier Resp02 , , , 555SECUSER14 , Native Directory
Cash Management , , , ARFINQA_02 , Native Directory
General Ledger Super User , , , EBUSINESS_AR , Native Directory
Import Using LCM
Administration Tasks after the
first import and any subsequent
application creation
• In EPM:
• Provision native groups created by the LCM import
to the appropriate role(s) in the application. This is
a “one time” activity.
• If the groups and apps are high in number, bulk
provisioning can be done via LCM.
Provision EPM Roles to EBS
Responsibility Groups
Provision EPM Roles to EBS
Responsibility Groups
Download