Financial Consolidation and Close

Get Involved. Join the Conversation.


    Steven Getze, CMA
    FCCS Security Configuration?
    Topic posted October 4, 2018 by Steven Getze, CMARed Ribbon: 250+ Points, tagged Balance Sheet, Consolidation, Data Integration, Dimensions, Income Statement, Task Manager 
    419 Views, 2 Comments
    FCCS Security Configuration?
    Users can no longer view forms & reports

    We have security configured extensively in our Production application, designed so that Power Users at each of our entity's can only view data in forms and reports for their specific entity.   This is done at the Entity dimension level, where we establish "Write" for the "Entity" member.

    This has been working fine since we configured this at our January 2018 go-live, but with our September close I am being notified that some, but not all, users cannot view reports and forms.   Has anyone else come across this issue?  I don't recall reading about security related changes in the 18.09 patch.



    • Wayne F

      Hi Steve

      There was a Provisioning Changes to Simplify Role Usage change in 18.09

      below are the details, this may have affected your security

      The following changes that affect provisioning are included in this update.

          Only the identity domain users who are assigned to a predefined role (Service Administrator, Power User, User, and Viewer) can log into service environments.
          Users who are not assigned to predefined roles but were previously assigned to groups in Access Control will no longer be able to sign into the environment.
          Only users who are assigned to predefined roles can be added as group members in Access Control.
          Users who are not assigned to predefined roles cannot be added to groups using the importSnapshot EPM Automate command.
          Users who are not assigned to predefined roles cannot be assigned Access Control privileges (Read, Write, Execute) on application artifacts.
          The Provisioning report will show only the users who are assigned to predefined roles.
          Users who are not assigned to predefined roles are not included in the comma separated value file that results from exporting the Provisioning Report.
          Exports using Migration will not export (in Groups.CSV content of group membership) users who were not provisioned with predefined roles but were assigned to groups in Access Control.


    • Nouria Kehli

      Hi Wayne


      I have a security question about power users. Would you know if there is an existing document on how to setup or check that all power users are provisioned correctly? We have a lot of issues at the moment, where some powers users are not able to consolidate or load data. We are not sure how to check this. 

      Thank you