WIXLIB

Chapter 1Managing Groups1.Open Access Control. See Opening Access Control.2.Optional: In Manage Groups, locate the group to modify. See Using Search forinstructions on using the Search feature.Note:Group names may contain up to 71 characters. However, only the first34 characters appear in the list displayed in the Available Groupscolumn.3.Click4.Optional: Modify group name. Changes to the group name does not impact thesecurity assignments made using the group.5.Modify group assignment:a.(Action) in the row of the group you want to modify, and then select Edit.Optional: Add nested groups: In Available Groups, search for groups. See Using Search forinstructions on using the Search feature. From Available Groups, select groups and click Move.Selected groups are listed in the Assigned Groups list.b.6.Optional: Remove nested groups: From Assigned Groups, select the group to remove. Click RemoveModify user assignment:a.Click Users.b.Optional: Add users to group: In Available Users, search for users that you can assign as groupmembers. See Using Search for instructions on using the Search feature. From Available Users, select users and click Move.Selected users are listed in the Assigned Users list.c.Optional: Remove users from the group: From Assigned Users, select the users to remove. Click Remove.7.Click Save.8.Click OK.Deleting GroupsDeleting a group does not delete group members.To delete a group:1.Open Access Control. See Opening Access Control.1-4

Chapter 1Importing Group Assignments of Users from a File2.Optional: In Manage Groups, search for the group to delete. See Using Search forinstructions on using the Search feature.3.Click4.Click Yes to confirm the delete operation.5.Click OK.(Action) in the row of the group you want to delete, and then select Delete.Importing Group Assignments of Users from a FileService Administrators can import group assignments of users from a Comma SeparatedValue (CSV) file to create new assignments in an existing Access Control group. OracleEnterprise Performance Management Cloud enforces application-level and artifact-levelsecurity assignments based on the new group assignments.Note:All User Logins identified in the import file must exist in the identity domain; allgroup name included in the file must exist in Access Control. You cannot create agroup using this import process.You can only create new group assignments; you cannot remove users' currentgroup assignments.The import CSV file format can be as shown in the following illustrations:This format is identical to the CSV version of the User Group report. If you use this format,the import process ignores all columns other than User Login and Group. An easy way tocreate an import file is to export the current User Group Report and then modify it as needed.See Viewing and Exporting the User Group Report.To import group assignments of users:1.Open Access Control. See Opening Access Control.2.Click User Group Report.3.Click Import from CSV.4.Using Browse in Import User Group Assignment CSV, select the import file.5.Click Import.6.Click Yes.1-5

Chapter 1Assigning a User to Many GroupsOn completing the import process, a confirmation dialog box, which identifies thetotal number of processed assignments and status, is displayed.Assigning a User to Many GroupsOracle Enterprise Performance Management Cloud users can be members of manygroups maintained using Access Control.To assign a user to many groups:1.Open Access Control. See Opening Access Control.2.Click Manage Users.A list of all users of the current environment is displayed.3.Search for the user who is to be assigned to groups. See Using Search forinstructions on using the Search feature.4.Click(Action) in the row of the user listing, and then select Edit.The Edit User screen, which lists detailed user information, including currentgroup membership (in Assigned Groups), is displayed. On this screen, you canmodify group assignments only.5.Find groups to assign to the user. See Using Search for instructions on using theSearch feature.6.Complete an action: To assign additional groups to the user, from Available Groups, select one ormore groups and click (Move) to move the selected groups to AssignedGroups. Alternatively, click(Move All) to move all the groups in AvailableGroups to Assigned Groups. To remove groups assigned to the user, from Assigned Groups, select one ormore groups and click (Remove) to move the selected groups to AvailableGroups. Alternatively, click(Remove All) to move all the groups inAssigned Groups to Available Groups.7.Click Save.8.Click OK.Note:For Account Reconciliation, Financial Consolidation and Close, and TaxReporting, an individual user can be assigned to a maximum of 1,000groups, either directly or indirectly.Using SearchThe intelligent search for user and group artifacts works in an identical manner acrossAccess Control.You use a string from one of the user attributes (user name, first name, last name oremail ID) or the group name or role name to find specific users, groups or roles. You1-6

Chapter 1Using Searchdo not need to use wildcards in search strings. For example, using the string st to search forgroups displays all groups names that contain the string st, for example, TestGroup,Strategic Planner, AnalystsGroup, and so on. Similarly, using the string jd to search forusers lists users whose user name, first name, last name or email address contain the stringjd.Note:Some Access Control screens, for example, Assign Application Roles, RoleAssignment Report, and User Group Report, offer you a search choice. Make anappropriate selection before starting a search.To search for users:1.Access a screen, for example, Manage Users, where the user search feature isavailable.2.In the search field, enter a partial string from a user attribute (user name, first name, lastname or email ID).3.(Search).ClickThe search results display all available properties for the users who match the searchcriterion. You can sort the list of retrieved users by clicking any of the column headers.To search for groups: Access a screen, for example, Manage Groups, where the group search feature isavailable. In the search field, enter a partial string from a group name. Click(Search).The search results display the name and description of groups that match the searchcriterion. You can sort the list of retrieved groups based on the group name ordescription.To search for users based on their roles in the Role Assignment Report: Access the Role Assignment Report tab.1-7

Chapter 1Using Search Select Users or Roles from the search drop down list. In the search field, enter a search string. Click(Search).The search results display all available information for the users assigned to theroles that match the search criterion.1-8

2Managing Role Assignments at theApplication LevelRole assignment at the application level is supported for planning, consolidation and close,tax reporting, and Oracle Enterprise Data Management Cloud applications, which useapplication-specific roles to enhance the access granted through predefined roles.Profitability and Cost Management assigns user and group level data grants to secure accessto application data.OverviewWhile the overall access rights are controlled by the predefined Oracle EnterprisePerformance Management Cloud roles, Service Administrators can grant application-specificroles and data grants to users and to groups created and managed in Access Control. Forexample, a User, by default, does not have the right to design the approvals process, whichis granted only to Power Users and Service Administrators. From Access Control, ServiceAdministrators can assign the Approvals Administrator role to enable the user to performapprovals-related activities.Role assignments at the application level can only enhance the access rights of users; noneof the privileges granted by a predefined role can be curtailed by assigning role at theapplication-level.You manage the role assignment process using Access Control. You can perform thesetasks: Create groups and add EPM Cloud users or other groups as members. Add or delete group members Assign planning, consolidation, tax reporting, account reconciliation, and OracleEnterprise Data Management Cloud application roles to groups or to users includingyourself View a list of users who are members of a groupEPM Cloud UsersYou create and manage EPM Cloud users in the identity domain associated with theenvironment to which the business process belongs. Only the users who are assigned topredefined roles can be assigned application-level roles to enhance the access they have toperform tasks within a business process.Planning, Planning Modules, Financial Consolidation and Close,and Tax Reporting Application RolesThe following roles apply to Planning, Planning Modules, Financial Consolidation and Close,and Tax Reporting business processes only.2-1

Chapter 2Planning, Planning Modules, Financial Consolidation and Close, and Tax Reporting Application RolesBy default, these application roles apply to some predefined roles, See PredefinedRole Mapping for Planning, Planning Modules, Financial Consolidation and Close, andTax Reporting. Assign the appropriate application roles to users if they need toexecute some functions beyond the ability received from assigned predefined roles,For example, by default, only Service Administrators and Power Users can accessData Management to work on the data integration process. To enable users with theUser or Viewer predefined roles to participate in the integration process, ServiceAdministrators should assign Data Management roles (Create Integration, RunIntegration, and Drill Through) to them. For information on the application roles already mapped to predefined roles, seePredefined Role Mapping for Planning, Planning Modules, Financial Consolidationand Close, and Tax Reporting If you are migrating applications from an on-premises environment to OracleEnterprise Performance Management Cloud, see " Role Mapping for Migrating toEPM Cloud " in Administering Migration for Oracle Enterprise PerformanceManagement Cloud to understand how you should assign predefined roles tousers.Approvals AdministratorResolves approval issues by manually taking ownership of the process. Comprises theApprovals Ownership Assigner, Approvals Process Designer, and ApprovalsSupervisor roles.Typically, this role is assigned to business users in charge of a region who need tocontrol the approvals process for the region but do not require the ServiceAdministrator role. They can perform these tasks: Control the approvals process Perform actions on Planning units to which they have write access Assign owners and reviewers for the organization under their charge Change the secondary dimension or update validation rulesApprovals Ownership AssignerPerforms the following tasks for any member of the planning unit hierarchy to whichthe user has write access: Assign owners Assign reviewers Specify users to be notifiedApprovals Process DesignerIncludes Approvals Ownership Assigner role. Additionally, performs the following tasksfor any member of the planning unit hierarchy to which they have write access: Change secondary dimensions and members of entities to which the user haswrite access Change the scenario and version assignment for a planning unit hierarchy Edit data validation rules of data forms to which the user has access2-2

Chapter 2Enterprise Profitability and Cost Management Application RolesApprovals SupervisorPerforms the following tasks for any member of the planning unit hierarchy to which the userhas write access even if the user does not own the planning unit. This user cannot changedata in planning units that the user does not own. Stop and start a planning unit Take any action on a planning unitAd Hoc Grid CreatorCreates, views, modifies, and saves ad hoc grids.Ad Hoc UserViews and modifies ad-hoc grids and performs ad hoc operations. Ad Hoc Users cannot savead-hoc grids.Ad Hoc Read Only UserPerforms all ad hoc functions, but cannot write back into ad hoc grids or load data using DataManagement.Calculation Manager AdministratorAdministers Calculation Manager.Mass AllocationRuns mass allocation rules within form grids.Task List Access ManagerAssigns tasks to other users.Create IntegrationUses Data Management to create mappings to integrate data between source and targetsystems. Users can define data rules with various run time options.Run IntegrationFrom Data Management, executes data rules with runtime parameters and views executionlogs.Drill ThroughDrills through to the source system of the data.Enterprise Profitability and Cost Management Application RolesThe following roles apply to Enterprise Profitability and Cost Management only.By default, these application roles are included in predefined roles, see Enterprise Profitabilityand Cost Management Role Mapping. A Service Administrator can assign application roles tousers who need to perform operations beyond the privileges received from their predefinedroles.2-3

Chapter 2Enterprise Profitability and Cost Management Application RolesAd Hoc Grid CreatorCreates, views, modifies, and saves ad hoc grids.Ad Hoc Read Only UserPerforms all ad hoc functions, but cannot write back into ad hoc grids or load datausing Data Management.Ad Hoc UserViews and modifies ad-hoc grids and performs ad hoc operations. Ad Hoc Userscannot save ad-hoc grids.Clear POV DataClears data from a point of view in the Calculation Control page without removing thepoint of view.Copy POV DataCopies data from one point of view to another in the Calculation Control page.Create/Edit RuleCreates or edits an Allocation Rule, Custom Calculation Rule, or Rule Set in theDesigner page.Create IntegrationUses Data Management to create mappings to integrate data between source andtarget systems. Users can define data rules with various run time options.Create ModelCreates a new model in the Modeling page.Create POVCreates a new point of view in the Calculation Control page.Create Profit CurveCreates profit curves on the Profit Curves tab in the Intelligence cluster.Delete Calculation HistoryDeletes a selected instance of a completed calculation from the Calculation Analysispage. Deleting calculation history does not delete any data. It merely deletes therecorded instance of a calculation that was run.Delete ModelDeletes a model in the Modeling page. Deleting a model will also delete all of the rulesin the model.2-4

Chapter 2Enterprise Profitability and Cost Management Application RolesDelete POVDeletes a point of view in the Calculation Control page. Deleting a point of view will alsodelete the associated data, as well as the calculation history page for that point of view. Italso removes the point of view from the Calculation Control page.Delete RuleDeletes an Allocation Rule, Custom Calculation Rule, or Rule Set in the Designer page.Drill ThroughDrills through to the source system of the data.Edit POV StatusChanges the status of a point of view from the Edit Point of View dialog box in the CalculationControl page. The available statuses for a point of view are Draft, Published, and Archived.Edit Profit CurveEdits profit curves on the Profit Curves tab in the Intelligence cluster.Mass Edit of RulesAccesses the Mass Edit tab in the Designer page to make edits to multiple rules at once.Run CalculationCalculates a model in the Calculation Control page.Run IntegrationFrom Data Management, executes data rules with runtime parameters and views executionlogs.Run Profit CurveRuns profit curves on the Profit Curves tab in the Intelligence cluster.Run Rule BalancingViews the Rule Balancing report to see the impact of each rule.Run Trace AllocationTraces allocation amounts on the Trace Allocations tab of the Intelligence cluster.Run ValidationValidates models in the Model Validation page.View Calculation HistoryViews completed calculations from the Calculation Analysis page.View ModelViews models and their associated rules in the Designer page.2-5

Chapter 2Oracle Enterprise Data Management Cloud Application RolesOracle Enterprise Data Management Cloud ApplicationRolesThese roles apply to Oracle Enterprise Data Management Cloud business processonly. For information on the application roles already mapped to predefined roles, seePredefined Role Mapping for Oracle Enterprise Data Management Cloud. If you are migrating applications from an on-premises environment to OracleEnterprise Performance Management Cloud, see " Role Mapping for Migrating toEPM Cloud " in Administering Migration for Oracle Enterprise PerformanceManagement Cloud to understand how you should assign predefined roles tousers.Application CreatorRegisters applications in Oracle Enterprise Data Management Cloud. The user whoregisters an application is assigned Application Owner permission. This user also isassigned as the view owner of the default application view.AuditorViews audit related information such as transaction history and requests for changesto data in Oracle Enterprise Data Management Cloud.View CreatorCreates views in an Oracle Enterprise Data Management Cloud application. The userwho creates a view is assigned View Owner permission to the view.Account Reconciliation Application RolesA Service Administrator can assign the appropriate application roles to users if theyneed to execute some functions beyond the privileges received from their predefinedroles. For example, you might want to assign the ability to manage reports to anotherperson who would not have that privilege with their predefined role.For information on the application roles that can be assigned to other predefined roles,see Predefined Role Mapping for Account Reconciliation.The following roles apply to Account Reconciliation only.Table 2-1AreasAccount Reconciliation List of Application Roles and FunctionalApplication RoleFunctional Area in Account ReconciliationManage Alert TypesApplication / Configuration / Alert TypesManage AnnouncementsTools / Announcements2-6

Chapter 2Account Reconciliation Application RolesTable 2-1 (Cont.) Account Reconciliation List of Application Roles andFunctional AreasApplication RoleFunctional Area in Account ReconciliationManage Data Loads Application / Configuration / Data LoadApplication / Overview / Data LoadsApplication / Periods / Auto ReconcileApplication / Periods / Import DataManage OrganizationsApplication / Configuration / OrganizationsManage Periods Application / Configuration / PeriodsApplication / Periods / Row Action /Check For Missing ReconciliationsApplication / Periods / Row Action /Create ReconciliationsApplication / Periods / Row Action /Import Currency Rates ForApplication / Periods / Set Status2-7

Chapter 2Account Reconciliation Application RolesTable 2-1 (Cont.) Account Reconciliation List of Application Roles andFu

To open Access Control: 1. Access the environment as a Service Administrator. 2. Complete a step: Click (Navigator), and then Access Control. Click Tools and then Access Control. Narrative Reporting only: Click Access Control. Managing Groups. Oracle Enterprise Performance Management Cloud uses an internal repository to