Security Examples Skip Navigation
Essbase® Analytic Services Database Administrator's Guide | Update Contents | Previous | Next | Print | ? |
Information Map

Security Examples


This chapter describes some sample security problems and solutions, which are based on the Sample application. These examples use security procedures described in Managing Security for Users and Applications.

Security Problem 1

Three employees need to use Analytic Services-Sue Smith, Bill Brown, and Jane Jones. Each requires update access to all databases in the Sample application.

Solution:

Because the users need update access to only one application, they do not need to have Supervisor permission. Because the users do not need to create or delete applications, users, or groups, they do not need to be defined as special types of users with Create/Delete permission. All these users need is Application Designer permission for the Sample application.

The supervisor should perform the following tasks:

  1. Set up the users with Administration Services.

    For more information, see Essbase Administration Services Installation Guide.

  2. Create Sue, Bill, and Jane as ordinary users with Application Designer permission.

    If Sue, Bill, and Jane are created without Application Designer permission, assign Application Designer permission to the three users.

    For more information, see Creating Users or Granting Designer Permissions to Users and Groups.

Security Problem 2

Three employees need to use Analytic Services-Sue Smith, Bill Brown, and Jane Jones. Sue and Bill require full access to all databases in the Sample application. Jane requires full calculate access to all databases in the Sample application, but she does not need to define or maintain database definitions.

Solution:

The supervisor should perform the following tasks:

  1. Set up the users with Administration Services.

    See the Essbase Administration Services Installation Guide.

  2. Create Sue and Bill as ordinary users with Application Designer permission.

    If Sue and Bill are created without Application Designer permission, assign Application Designer permission to the two users.

    For more information, see Creating Users or Granting Designer Permissions to Users and Groups.

  3. Define global Calculate access for the Sample application as the Minimum Database Access setting to give all additional users Calculate access to all databases for the application.

    See "Setting Minimum Permissions for Applications" in the Essbase Administration Services Online Help.

  4. Create Jane as an ordinary user with no additional permissions. She inherits the Calculate access from the application global setting.

    For more information, see Creating Users.

Security Problem 3

Three employees need to use Analytic Services-Sue Smith, Bill Brown, and Jane Jones. Sue and Bill require full access to all databases in the Sample application. Jane requires full update and calculate access to all databases within the Sample application, but she will not define or maintain the database definitions. Additional users will be added, all of whom will require Read access to all databases.

Solution:

Because the current users have different needs for application and database access, define their user permissions individually. Then, to save time assigning individual Read permissions for future users, make Read the global setting for the application. (It does not matter in what order you assign the user permissions and the global access.)

The supervisor should perform the following tasks:

  1. Set up the users with Administration Services.

    For more information, see Essbase Administration Services Installation Guide.

  2. Create or edit Sue and Bill as ordinary users with Application Designer permissions.

    For more information, see Creating Users and Granting Designer Permissions to Users and Groups.

  3. Create Jane as an ordinary user, and give her Calculate permission for the Sample application.

    For more information, see Creating Users and Granting Application and Database Access to Users and Groups.

  4. Define global Read access for the Sample application as the Minimum Database Access setting to give all additional users Read access to all databases in the Sample application.

    See "Setting Minimum Permissions for Databases" in the Essbase Administration Services Online Help.

Security Problem 4

Three employees need to use Analytic Services-Sue Smith, Bill Brown, and Jane Jones. Sue requires full access only to the Sample application; Jane requires calculate access to all members of the Basic database; Bill requires Read access to all members. No other users should have access to the databases.

Furthermore, Jane and Bill need to run report scripts that are defined by Sue.

Solution:

Because the different users have different needs for application and database access, define the global access setting as None, and assign the user permissions individually.

The supervisor should perform the following tasks:

  1. Set up the users with Administration Services. (Because Jane and Bill need to run the report scripts, they must use Administration Services.)

    For more information, see Essbase Administration Services Installation Guide.

  2. Create Sue as an ordinary user, but grant her Application Designer permission for the Sample application.

    For more information, see Creating Users and Granting Designer Permissions to Users and Groups.

  3. Create Jane as an ordinary user, and give her Calculate permission for the Sample application.

    For more information, see Creating Users and Granting Application and Database Access to Users and Groups.

  4. Create Bill as an ordinary user and give him Read permission on the Sample application.

    For more information, see Creating Users and Granting Application and Database Access to Users and Groups.

Security Problem 5

The Supervisor, Sue Smith, needs to perform some maintenance on the Sample application. She must make changes to the database outline and reload actual data. While she changes the application, Sue must prevent other users from connecting to the application.

Solution:

Sue should perform the following tasks:

  1. Disable the Allow Commands setting to prevent other users from connecting to the application, and also prevent connected users from performing any further operations.

    For more information, see "Clearing Applications of User Activity" in the Essbase Administration Services Online Help.

  2. Check to see if any users have active locks.

    If any users have active locks, Sue's calculation or data load command might halt, waiting for access to the locked records. Sue can allow the users to complete their updates or clear their locks.

    For more information, see "Viewing Data Locks" in the Essbase Administration Services Online Help.

  3. After confirming that no users have active locks, proceed to perform maintenance on the application.



Hyperion Solutions Corporation link