language
Call Us: 1-800-497-0151

Blog

Overview of PBCS Security

  • , Consultant

Access to PBCS components is controlled by the predefined user roles. Service Administrators or users with Access Control Manager can assign users to application-specific roles of planning.

For example, Service Administrators can assign a user to the Approval Administrator role of a planning application to enable the user to perform approvals-related activities.

Additionally, Service Administrators can create groups and assign roles to them. They can grant roles to many users at once, thereby reducing administrative overheads.

Roles can be assigned at the application level. It enhances the access rights of users, but it does not override privileges granted by a predefined role.

PBCS Roles

Service Administrator

Performs all Planning and Planning Modules including granting roles to users. This role should be granted to functional experts who need to create and administer Planning, and Planning Modules.

Power User

Views and interacts with data. This role grants high-level access to several functional areas within an environment and should be granted to department heads and business unit managers, and business users in charge of a region who need to control the approval process.

A Power User can perform these activities:

  • Creates and maintains forms, Oracle Smart View for Office worksheets, Reports, and Financial Reporting reports
  • Creates and manages user variables for the application but cannot delete them.
  • Views substitution variables
  • Controls the approvals process, performs actions on approval units to which they have write access, and assigns owners and reviewers for the organization under her charge
  • Creates Reports using Financial Reporting, accesses the repository to create folders and save artifacts
  • Loads data using forms and Data Management

User

The User role was created by renaming the Planner role. If your service was provisioned after May 2016, you will see the User role and not the Planner role.

A User/Planner can perform these activities:

  • Enters data into forms and submits them for approval, analyzes forms using ad hoc features, controls the ability to drill through to the source system
  • Accesses and modifies (rename, delete) the Financial Reporting content stored in the Repository for which the user has View, Modify, or Full Control permissions.
  • Previews Reports and Books

Viewer

Views and analyzes data through forms and data access tools. Typically, this role should be assigned to executives who need to view business plans during the budgeting process.

Assigning Roles to Users

You can assign predefined roles to users while creating them or by loading user assignments to role from a CSV file.

Any PBCS user assigned to the Identity Domain Administrator role can manage users and predefined role assignments.

Managing Groups

PBCS uses an internal repository to support role assignments at the application-level and to store information on the groups that you use during the role assignment process.

PBCS users and other groups can be members of groups maintained using Access Control. Users can be granted application roles by assigning a role to the group.

To enable you to view user assignments PBCS lists the predefined roles as groups. You cannot modify or assign roles to them from Access Control. Also, PBCS users, who are assigned to predefined roles, are listed in Access Control so that they can be added as group members.

In Manage Groups, the groups are by default sorted by Group Name values.

You can manage the groups by:

Creating Groups

Service Administrators or users with Access Control Manager application role can create and manage groups. PBCS users and other groups can be members of a group.

To create groups:

  • 1. Open Access Control .
  • 2. In Manage Groups , click Create .
  • 3. In Create Group , complete these steps:
    • a. In Name , enter a unique group name (maximum 256 characters). Group names are not case-sensitive. EPM Cloud does not allow you to create groups with names identical to predefined role names (Service Administrator, Power User, User or Planner, and Viewer).
    • b. Optional : Enter a group description.
  • 4.Optional: Add groups to create a nested group.
    • a. In Available Groups, search for groups. Groups that match the search criterion are listed. By default, this list is sorted by Group Name values.
    • b. From Available Groups, select the member groups for the new group.
    • c. Click Move. The selected groups are listed under Assigned Groups. To remove assigned groups, from Assigned Groups, select the group to remove, and then click Remove.
  • 5. Optional: Add EPM Cloud users as members of the group. Only users who are assigned to a predefined role can be added as group members.
    • a.Click Users.
    • b.In Available Users, search for users. Users that match the search criterion are listed. By default, this list is sorted by User Login values.
    • c.From Available Users, select the users to add to the group.
    • d.Click Move.
  • 6.Click Save.
  • 7.Click OK.

Modifying Groups

Service Administrators or users with Access Control Manager application role can modify group properties, including group name. The application roles assigned to the group and other security assignments are not affected if you rename a group.

To modify groups:

  • 1. Open Access Control.
  • 2. Optional: In Manage Groups, locate the group to modify.
  • 3. Groups that match the search criterion are listed. By default, this list is sorted by Group Name values.

    Note:

    Group names may contain up to 71 characters. However, only the first 34 characters appear in the list displayed in the Available Groups column.

  • 4. Click Action button (Action) in the row of the group you want to modify, and then select Edit.
  • 5. Optional: Modify group name. Changes to the group name do not impact the security assignments made using the group.
  • 6. Modify group assignment:
    • a. Optional: Add nested groups:
      • In Available Groups, search for groups.
      • Groups that match the search criterion are listed. By default, this list is sorted by Group Name values.
      • From Available Groups, select groups and click Move. Selected groups are listed in the Assigned Groups list.
    • b.Optional: Remove nested groups:
      • From Assigned Groups, select the group to remove.
      • Click Remove
  • 7. Modify user assignment:
    • a. Click Users.
    • b. Optional: Add users to group:
      • In Available Users, search for users that you can assign as group members. Users that match the search criterion are listed. By default, this list is sorted by User Login values.
      • From Available Users, select users and click Move. Selected users are listed in the Assigned Users list.
    • c. Optional: Remove users from the group:
      • From Assigned Users, select the users to remove.
      • Click Remove.
  • 8. Click Save.
  • 9. Click OK.

Deleting Groups

Service Administrators or users with Access Control Manager application role can delete groups. Deleting a group does not delete group members.

To delete a group:

  • 1. Open Access Control.
  • 2. Optional: In Manage Groups, search for the group to delete. Groups that match the search criterion are listed. By default, this list is sorted by Group Name values.
  • 3. Click Action button (Action) in the row of the group you want to delete, and then select Delete.
  • 4. Click Yes to confirm the delete operation.
  • 5. Click OK.

Assigning a User to Many Groups

PBCS users can be members of many groups maintained using Access Control. Service Administrators or users with Access Control Manager application role can assign a user to many groups.

At any given time, a user can be a member of a maximum of 1,000 groups either directly or indirectly.

  • 1. Open Access Control.
  • 2. Click Manage Users.
  • 3. Search for the user who is to be assigned to groups.
  • 4. Users that match the search criterion are listed. By default, this list is sorted by User Login values.
  • 5. Click Action button (Action) in the row of the user listing, and then select Edit.
    • The Edit User screen, which lists detailed user information, including current group membership (in Assigned Groups), is displayed. On this screen, you can modify group assignments only.
  • 6. Find groups to assign to the user. Groups that match the search criterion are listed. By default, this list is sorted by Group Name values.
  • 7. Complete an action:
    • To assign additional groups to the user, from Available Groups, select one or more groups and click (Move) to move the selected groups to Assigned Groups. Alternatively, click Move All button (Move All) to move all the groups in Available Groups to Assigned Groups.
    • To remove groups assigned to the user, from Assigned Groups, select one or more groups and click Remove button (Remove) to move the selected groups to Available Groups. Alternatively, click Remove All button (Remove All) to move all the groups in Assigned Groups to Available Groups.
  • 8. Click Save.
  • 9. Click OK.

Contact MindStream Analytics

Want to know more about Oracle? Please complete the form below and we'll get back to you shortly.

Partner SpotLight

Oracle Partner

Oracle

Oracle has the most comprehensive suite of integrated, global business applications that enable organizations to make better decisions, reduce cost..

Oracle Profile

Related Articles

Case Studies

Related Links