Connecting Oracle Cloud EPM Planning to Apex with Rest API: Separating Substitution Variable access by User

February 23, 2021

Did you ever want Oracle Cloud EPM Planning users to only have access to certain substitution variables that apply to their area of the business, without giving them access to all the variables for the whole application? Apex could work well as a solution to this problem.

Using Apex we can restrict the tables that use our Rest API web source modules to only show substitution variables that meet a certain criteria, for instance only pull through those from a certain Plan Type.

Our Objective

Here I will be demonstrating how to apply granular security to your Oracle Cloud EPM Planning application’s substitution variables within Apex. It will incorporate a lot from previous blog posts but I will point you toward these other posts when necessary.

Let’s Begin

We start off by creating a simple GET table that pulls through our substitution variables from Oracle Cloud EPM Planning, I covered this in an older post here. Then we want to allow for POST functionality, so we can edit these variables, details of which can be found with my two part post on the topic here and here. You may also want to duplicate the Dynamic Actions I assigned to my POST report in my Extras blog post here.

Once this is up and running and we can see and edit our substitution variables, we will then have the basis for splitting up the forms as per user defined access.

The first thing we want to do is limit the scope of these reports, we do this by adding a “Local Post Processing” SQL query. As shown below, mine limits the search for substitution variables down to those whose Plan Type is “Ard_Rep”.

I duplicated my original report so that I can see a comparison of the two, as you can see I now have my original table with all the substitution variables available, and the one below, that only shows those from the Plan Type “Ard_Rep”.

Great so we have a table that only displays substitution variables from one Plan Type, but how do we restrict access to these tables by user?

To assign user access you will first need to create a new user to assign the access to, you can do this within the “Manage Users and Groups” page.

Once the users you want are set up you can then head over to “Application Access Control”.

Click “Add Role” and create and name the roles you wish to make, I’ve made one for Admins, the Report Team and the Planning Team.

Then in the “User Role Assignments” section of that same screen, click “Add User Role Assignment” and type an active Username like one we created earlier and assign the designated Application Roles. You can assign multiple users here if required, which can be useful for providing greater access to admins or users that span multiple departments.

Then we want to head to “Authorization Schemes”, where we will want to create an Authorization scheme for each of the roles we just created, as you can see I made one for the Reporting Team and one for the Planning Team.

Click Create, and start “From Scratch”, give the scheme a name and select “Is In Role or Group”.

Choose type “Application Role” and provide an error message to display when the requirements are not met. Then simply assign the corresponding role to the scheme.

Now it is just a process of adding the Authorization scheme to the report we created earlier, making the report only visible to those users within the Authorization Scheme. i.e. to view the below report, your role must be valid with the “Report Team Auth Scheme”.

This is done in the “Security” section of the Interactive Report’s settings.

The last thing to note is that whilst they can only see the variables applicable to them, they could still use the “Add New Variable” button (which I covered in my post here) to create variables for other applications. You likely don’t want end users making entirely new substitution variables so I then simply removed the button.

But if you wanted to allow them to make new variables you could duplicate the form attached to that button and make the “PlanType” read only so they can only do so for their environment.

You also definitely want to make sure the “Name” and “PlanType” text fields are set to read only for the form that allows you to edit the variables. As this is intended for end users you don’t want them renaming or moving variables between environments.

You can even extend this logic to restrict the variables by their name, for instance as shown below, the table will only show variables with a name that begins with “WFP”, demonstrating how you can restrict access even further within the applications themselves, the only limit in customization being SQL.

It is worth noting here that while I would rather prefix my WFP variables with “WFP_” rather than just “WFP” the LIKE clause interprets an underscore as a single character. Meaning the difference between “WFP_%” and “WFP%” is only that the former needs at least one character to follow it while the latter does not, both would pick up a variable named “WFP_CurrYear”.

You should now have a report that pulls through only certain substitution variables based on the user’s defined access. This flexibility may allow admins to in future let more end users have access to their substitution variables without the risk of giving them further access to the system, or substitution variables that they have no business changing. This could work well in reducing system admin workloads by better distributing tasks down to the users that are directly affected by them.

Thanks for reading and let me know if you have any more ideas of where we can take these integrations.

Richard

You can read more of Richard’s blogs on his site HERE

upcoming events

april 2024

tue23apr10:00 amtue11:00 amOracle Cloud EPM Consolidation and Close – Delivering a Faster Close (1 hour webinar)Event Type :Webinar

Cost

There is no charge to attend this event

Details

Oracle Cloud EPM Consolidation and Close – Delivering a Faster Close (1 hour webinar)

A fast financial close has long been a target for finance and accounting organisations. It is seen as a sign of a well-run financial department and overall business. More than that it helps the organisation to better respond to changing business and economic conditions. It provides more time to analyse the results, address issues, make decisions and frees up time for other tasks. The generally accepted measure is that the close should be completed in a business week.

Join us to find out how your organisation can streamline your financial close with Oracle Cloud EPM Consolidation and Close. You will have the opportunity to see the software working and to ask questions to our uniquely qualified team.

Oracle Cloud EPM Consolidation and Close is a solution purpose-built for both effectively and efficiently managing financial consolidation and close, end to end. No matter what their size organisations can have 100% confidence in their financial consolidation, close and reporting processes. It helps corporate finance ensure that the entire process is dependable and correct, timely and transparent, streamlined and efficient and, compliant and auditable.

The solution can be configured to fit an individual organisation’s requirements using best practices along with pre-seeded content. This enables organisations to build a solution that meets both their business needs and specific requirements.

Date

(Tuesday) 10:00 am - 11:00 am UK Time

Location

on-line Webinar

How to register

Please use RSVP function to book your place on the webinar

RSVP

To reserve your place please click the 'yes' button below and complete the simple form. We will get back to you by email asap.

Yes

OpenSpaces Still Available

Can not make it to this event?Change my RSVP

Future Event Times in this Repeating Event Series

june 25, 2024 10:00 am - june 25, 2024 11:00 amseptember 24, 2024 10:00 am - september 24, 2024 11:00 amnovember 19, 2024 10:00 am - november 19, 2024 11:00 am

Calendar GoogleCal

thu25apr2:00 pmthu4:00 pmOracle Cloud EPM Financial Consolidation and Close – Refresher Training Courses (2 hours per course)Event Type :Training Course

Cost

No charge for Brovanture clients with current support contracts. Non Brovanture customers contact us to discuss participation.

Details

Oracle Cloud EPM Financial Consolidation and Close – Refresher Training Courses (2 hours per course)

These courses are applicable to administrators and/or end users within organisations who have Oracle Cloud EPM Consolidation and Close applications including Oracle Consolidation and Close Cloud Service (FCCS).

These courses are designed to be a perfect knowledge boost, whether you’re at the beginning of your path, or simply looking for ‘tips & tricks’ and advanced features information.

During each course you’ll be fast tracked, getting an overview of a specific set of features and having a chance to try them out in our development Oracle Cloud EPM environment. The course mode will be geared toward being working through examples and analysing common scenarios and best practices.

PLEASE NOTE THAT EACH COURSE COVERS SPECIFIC SUBJECTS AND ARE DESIGNED FOR EITHER ADMINISTRATOR OR END USER ATTENDEES. PLEASE MAKE SURE YOU BOOK ON THE APPROPRIATE COURSE(S). Use the links highlighted by ‘Register HERE’ below to select the correct course and date and then click the RSVP button to book on that specific course.

Monday 19 February 2024: Register HERE

ADMIN 1: Metadata Management, Data Maintenance, Ownership Structure, Daily maintenance

Thursday 25 April 2024: Register HERE

END USERS: Journal Management; Using Forms and Running Reports

Tuesday 16 June 2024: Register HERE

ADMIN 2: Member formulas & Variables, Valid Intersections & User Security; Task Manager, User Interface

Thursday 17 October 2024: Register HERE

ADMIN 1: Metadata Management, Data Maintenance, Ownership Structure, Daily maintenance

Thursday 12 December 2024: Register HERE

END USERS: Journal Management; Using Forms and Running Reports

After completing each course:

End Users will have the knowledge to confidently use their application and carry out their daily, monthly and annual tasks.

Administrators will have the knowledge to not only maintain their applications, but to develop new features, have more confidence supporting their end users, and overall, have an in-depth understanding of the application.