Oracle Cloud EPM Security

Oracle Cloud EPM Planning – Cell-Level Security Definitions & Testing

While recently testing out some Oracle Cloud EPM Planning security changes, I discovered the new cell-level security feature and found it really useful so thought I’d share 😊

Creating Cell-Level Security Definitions

The new cell-level security feature was introduced as part of the March 2021 Oracle Cloud EPM update, so it was deployed to Test environments on 5th March and will be deployed to Production environments on 19th March.

This new feature allows the setup of additional security down to a single cell for a selected user or group. This will be applied on top of existing dimension and valid intersections security.

Oracle Cloud EPM Planning 1


For each new rule, the following must be selected:

  • Users, Groups – Specify the users and/or groups to apply the rule to
  • Restrictions – Set to either Deny Read or Deny Write to override the current dimensional security
  • Anchor dimension – Similarly to valid intersections, when creating a new rule you must select the anchor dimension and any additional dimensions required for the combination. Then select members from each dimension to form the cells that this rule applies to.

For example, below I have setup a rule to Deny Write access to level 0 descendants of “EndDated_CC” in the Cost Centre dimension, for all users in the System-Users group.

Oracle Cloud EPM Planning 2


As well as specifying member combinations using member functions, you can also use substitution variables and attribute dimensions if required (again, similar to valid intersections).

Oracle EPM Cloud Planning 3


Some things to consider when deciding between cell-level security or valid intersections:

  • Specifying by user group – Valid intersections apply to all users (including admins), whereas cell-level rules can be set for individual users and/or groups
  • Security suppression – Forms can be set to suppress invalid intersections and dropdowns automatically show valid combinations only in Oracle Smart View. Cell-Level security will deny write access without following these suppression settings.


Testing Security

As well as creating cell-level security rules, the new feature allows you to test run the security access for any user, on any form, without having to login as them.

Oracle Cloud EPM Planning 4


For example, below, I’m testing the access that our Test_EPM user has on the OPEX input form, without having to login as them! This shows whether the user can Read or Write to each cell and applies security to the dropdowns as it would if you were logged in as the selected user.

Oracle Cloud EPM Planning 5


This is useful for to check security changes have been applied correctly, but also will be great for support when users claim they can’t write to a certain cell.

In conclusion, another great new feature from Oracle 😊

Until next time


Note: this feature currently applies to Planning, Planning Modules and Tax Reporting only, but hopefully will be added to the other EPM processes soon!

For more useful Oracle Cloud EPM and NetSuite ERP blogs posted by my colleagues, see the Brovanture website HERE