Oracle Hyperion EPM Shared Services
Connector name |
|
Connector type | Executable |
Type (UI field value) | Oracle Hyperion EPM Shared Services |
Target system versions supported / tested | The |
Connector status / support | Customer-Verified Clients may contact Bravura Security support for assistance with this connector. Troubleshooting and testing must be completed in the client's test environment as Bravura Security does not maintain internal test environments for the associated target system. |
Bravura Security Fabric performs operations on Oracle Hyperion EPM Shared Services using the agthss connector.
There three ways that Oracle Hyperion EPM Shared Services can be targeted:
Entire user directory – list users from all external user directories as well as the native users
Specific user directory – list users from a configured user directory, and the native users
The Native Directory – list only users from the native directory.
In all cases, the groups configured in the Native Directory are listed.
When the Native Directory is targeted, all the operations are supported. In contrast, if the entire or a single user directory is targeted, the accounts listed are read-only, and any operation that can affect the account is not supported.
The following Bravura Security Fabric operations are supported by this connector:
user verify password
user change password
update attributes
check account enabled
enable account
disable account
add user to group
delete user from group
List:
attributes
accounts
groups
members
For a full list and explanation of each connector operation, see Connector operations.
The following sections show you how to:
Prepare for target configuration
Target a Oracle Hyperion EPM Shared Services server
Overview
Oracle Hyperion EPM Shared Services is a web application that manages provisioning of Oracle EPM (Business Intelligence) applications. It targets LDAP type directory servers (LDAP, AD or eDirectory) and uses these directories to provision users to applications.
When an external user directory is targeted, the account is read-only and limited operations can be performed on the account. The agthss connector is able to add the user to Hyperion EPM Native Directory groups. The connector does not manage the Hyperion EPM Roles.
Preparation
Before you can target Oracle Hyperion EPM Shared Services, you must:
Ensure that Java 1.6 or 1.7 is installed.
Install client software
Set up a target system administrator
Installing client software
Before you can target Oracle Hyperion EPM Shared Services:
Install the Oracle Hyperion EPM Foundation Services without configuring its settings via the configuration tool
or
Manually copy the following directories from EPM server over to the instance server.
<HYPERION_HOME>\common\SharedServices <HYPERION_HOME>\common\JakartaCommons <HYPERION_HOME>\common\XML <HYPERION_HOME>\common\loggers <HYPERION_HOME>\common\config <HYPERION_HOME>\common\CSS <HYPERION_HOME>\common\epmstatic
Copy the following jar files into <HYPERION_HOME>\common\CSS from the following locations on the instance:
<ORACLE_HOME>\jdbc\jlib\ojdbc6.jarWhere <ORACLE_HOME> is the directory of the Oracle database client files.
For example,
C:\Oracle\Middleware\dbclient64<EPM_ORACLE_HOME>\oui\jlib\xmlparserv2.jarWhere <EPM_ORACLE_HOME> is the directory of the Hyperion EPM System files.
For example,
C:\Oracle\Middleware\EPMSystem11R1
Create the directory:
<HYPERION_HOME>\user_projects.Copy the <EPM_ORACLE_HOME>\config folder from the server into
<HYPERION_HOME>\user_projects.Modify the reg properties file located in
<HYPERION_HOME>\user_projects\config\foundation\11.1.2.0\reg.properties.Edit the jdbc.url references from localhost to the hostname of the server instance.
For example; modify:
jdbc.url=jdbc\:oracle\:thin\:@localhost\:1521\:adminto
jdbc.url=jdbc\:oracle\:thin\:@10.0.93.201\:1521\:admin
Setting up a target system administrator
Bravura Security Fabric uses a designated account on Hyperion to perform Bravura Security Fabric operations. Create an account with appropriate permissions if one does not already exist.
Targeting the Hyperion EPM Shared Services system
For each Oracle Hyperion EPM Shared Services system, add a target system in Bravura Security Fabric (Manage the System > Resources > Target systems):
Type is Oracle Hyperion EPM Shared Services .
Address uses the options described in the table below.
For 11.1.2.4, the address line needs to reference a newer version of Java (1.6 or 1.7). The URL option is no longer used in versions 11.1.2.4 and higher, and will use the property file provided in
<HYPERION_HOME>\user_projects\config\...\11.1.2.0\reg.propertiesto connect to the EPM Shared Services.Here is an example of the target system address syntax:
{hyperionApiPath=C:\\hyperion-11-1-2-4;javaRuntimeVersion=1.6;}
The full list of target parameters is explained in Target System Options .
Option | Description |
|---|---|
Options marked with a | |
Oracle Hyperion Shared Services Console URL | In older versions (11.1.2.3 and lower), (key: url) |
Hyperion API path | This is the location of <HYPERION_HOME> , where the Hyperion libraries and files are located. For example: (key: hyperionApiPath) |
Primary provider name | For older versions (11.1.2.3 and lower). The user directory defined within Hyperion. This can be the Native Directory or a configured user directory. The provider name is case sensitive. If the provider is not defined, the entire directory is listed. (key: provider_name) |
Java runtime version | This is the version of Java Runtime Environment to use for the target. Set to 1.6 by default. (key: javaRuntimeVersion) |
Group to list users from | Group to list users from Restrict user listing from the specified group. (key: listGroup) |
Notes on group management
When targeting an Oracle Hyperion EPM User Directory that is also managed in Bravura Identity , you must create an operation dependency (blackboard rule) to indicate that the group operations on the Bravura Security Fabric -managed system needs to complete before the Hyperion system. See Groups in the Bravura Security Fabric configuration documentation for details.