Generate Security report for Planning 9

I’ve seen this question being asked by many people. “How can I generate a security report for Planning?”. This report should provide all access information about Webforms, Dimension.

Of course you can use ExportSecurity.cmd and export the information from Planning. Yes you are right there. 

However let me ask you this, how about the inherited access (i.e. the access a user gets from a group he/she is part of). You’ve to now search for group and then derive the access of the user.

What if we could do this easily? (Easy works for me :))

You can log into Shared Services and generate a PDF report on Planning security.

Here is how it is done

Login to Shared Services, Right click on a Planning application -> Access Control


You can select Users/Groups from this screen.

You can select the objects. (Yes you can even extract the just WebForm security as opposed to ExportSecurity.cmd)

There are lot of filters available with this mode of export
  • You can generate the report based on matching access (Read, Write or None access)
  • You can generate the report based on matching relation (Children, Descendants,…..)
  • You can get the inherited access (access inherited from a group)
  • You can generate the effective access (This will expand the relation @Children(Market) to East, West, Central)
11.1.2.x Shared Services you can even manage Forms, Dimensions and Task Lists, no need to login to Planning after provisioning a user, I like that one 🙂

About Celvin Kattookaran

I’m an EPM Consultant, my primary focus is on Hyperion Planning and Essbase. Some of you from Hyperion Support team might recognize me or have seen my support articles, I was with the WebAnalysis Support Team. I'm an Independent Consultant with “Intekgrate Corporation” based out of Aurora office. I’m from God’s Own Country (Kerala, India), lived in all southern states of India, Istanbul and Johannesburg (and of course United States). I’m core gamer :) and an avid reader. I was awarded Oracle ACE Director for my contributions towards EPM community.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

9 thoughts on “Generate Security report for Planning

  • Anonymous

    This is an excellent feature for Hyperion Security Administrators.
    In fact this is not a new feature which we can generate same kind of report from shared services in the earlier version 9.3.x.
    I was trying to generate this report since i started working 11.x version, but didn’t get luck. Thanks Celvin , you are Hyperion Champ 🙂

  • Anonymous

    Very helpful.

    This report worked fine for me until we upgraded from to The report disappeared from the menu options. I really miss it!

  • mahesh

    Hello Katookaran,

    I have a problem in shared services. I want assign a essbase filter from shared services but when i select application under application group and right click and click on assign access control i got this ERROR Network Error [11004]: Unable To Locate [king.localdomain] In Hosts File.
    i also did this in my pc hosts file and point your Essbase server name to
    but it did not solve the issue. Could you help me on it.

  • Unknown

    Thank you , this is very helpful. Could you also please help with the sql query we can use to get the Hyperion user creation/modified report. That would be Awesome.Much Appreciated!!!

  • Anonymous

    as new note on this, know that the feature is now under Planning. Tools -> Reports with the same functionality as before. This has changed from onward when using IE11.

  • Syed

    Celvin, great article Thanks but doesn’t help me much. Here is the error message I am getting // Error 403–Forbidden
    From RFC 2068 Hypertext Transfer Protocol — HTTP/1.1:
    10.4.4 403 Forbidden

    The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.

  • Rita

    Hi – very helpful. I wanted to extract all users from groups for planning. Please let me know how can I do that. Please respond