ENTERPRISE PERFORMANCE MANAGEMENT SYSTEMS
Shared Services
Shared Services Console comprises a View pane, also known as the Application Management pane, and task tabs.
When you initially access Shared Services Console, it displays the View pane and a Browse tab.
The View pane is a navigation frame where you can choose objects (such as user directories, users, groups, roles, projects, and applications). Typically, the details of the current selection in the View pane are displayed on the Browse tab. Additional task tabs open as needed, depending on the task that you perform; for example, a Report tab opens when you generate or view a report.
Depending on the current configuration, Shared Services Console lists your existing objects in the View pane. You can expand these object listings to view details. For example, you may select the User Directories node to view a list of configured user directories. You may also search configured user directories for users and groups.
A shortcut menu, accessible by right-clicking an object, is associated with some objects in the View pane.
Shortcut menus associated with objects in the View pane provide the quickest method to perform operations on the
objects. Options in shortcut menus change dynamically, depending on what you select. These options are available also on a menu in the menu bar. Buttons representing enabled menu options are displayed on the toolbar.
Note:
Because Native Directory is administered from Shared Services Console, some menu options available in the shortcut menu for Native Directory are not available for other user directories.
Shared Services Console features:
When you initially access Shared Services Console, it displays the View pane and a Browse tab.
The View pane is a navigation frame where you can choose objects (such as user directories, users, groups, roles, projects, and applications). Typically, the details of the current selection in the View pane are displayed on the Browse tab. Additional task tabs open as needed, depending on the task that you perform; for example, a Report tab opens when you generate or view a report.
Depending on the current configuration, Shared Services Console lists your existing objects in the View pane. You can expand these object listings to view details. For example, you may select the User Directories node to view a list of configured user directories. You may also search configured user directories for users and groups.
A shortcut menu, accessible by right-clicking an object, is associated with some objects in the View pane.
Shortcut menus associated with objects in the View pane provide the quickest method to perform operations on the
objects. Options in shortcut menus change dynamically, depending on what you select. These options are available also on a menu in the menu bar. Buttons representing enabled menu options are displayed on the toolbar.
Note:
Because Native Directory is administered from Shared Services Console, some menu options available in the shortcut menu for Native Directory are not available for other user directories.
Shared Services Console features:
- User directory configurations
- Single sign-on configuration
- Native Directory management
- Role-based access control management
- Audit configuration and report management
- Access to Oracle Hyperion Enterprise Performance Management System Lifecycle Management and product artifact exploration
Provisioning (Role-based Authorisation):
EPM System application security determines user access to products using the concept of roles, permissions that determine user access to product functions. Some EPM System products enforce object-level ACLs to further refine user access to their objects.
Each EPM System product provides several default roles tailored to various business needs. Pre-defined roles from each EPM System application registered with Shared Services are available from Shared Services Console. These roles are used for provisioning. You may also create additional roles that aggregate the default roles to suit specific requirements. The process of granting users and groups specific access permissions to EPM System resources is called provisioning.
Native Directory and configured user directories are sources for user and group information for the provisioning (authorisation) process. You can browse and provision users and groups from all configured user directories from Shared Services Console. You can also use application-specific aggregated roles created in Native Directory in the provisioning process.
This illustration depicts an overview of the authorisation process:
EPM System application security determines user access to products using the concept of roles, permissions that determine user access to product functions. Some EPM System products enforce object-level ACLs to further refine user access to their objects.
Each EPM System product provides several default roles tailored to various business needs. Pre-defined roles from each EPM System application registered with Shared Services are available from Shared Services Console. These roles are used for provisioning. You may also create additional roles that aggregate the default roles to suit specific requirements. The process of granting users and groups specific access permissions to EPM System resources is called provisioning.
Native Directory and configured user directories are sources for user and group information for the provisioning (authorisation) process. You can browse and provision users and groups from all configured user directories from Shared Services Console. You can also use application-specific aggregated roles created in Native Directory in the provisioning process.
This illustration depicts an overview of the authorisation process:
- After a user is authenticated, EPM System product queries user directories to determine the user's groups.
- EPM System product uses group and user information to retrieve the user's provisioning data from Shared Services. The product uses this data to determine which resources a user can access.
Product-specific provisioning tasks, such as setting product-specific access control, are completed from each product. This data is combined with provisioning data to determine the product access for users. - Role-based provisioning of EPM System products uses these concepts.