Excellence, Everytime.

Integrating Oracle DRM security with Hyperion Shared Services

DRM console, CSS tab

Many companies have now started using Oracle Data Relationship Manager as their master data system. DRM comes with really sophisticated tools to maintain a single source of truth, and also provides efficient, effective and easy to use governance tools. Another good thing about DRM is its ability to integrate with Hyperion EPM architect ( thought EPMA itself seems to be on the way out) and also with Oracle E-business suite.

Anyway, this blog post is about a simple step of integrating the security part of DRM ( user login) with Hyperion Shared Services (HSS). This step is a prerequisite if you want to use directory based security in HFM, using MSAD, OID etc. The process is to first setup HSS to work with the security systems and then integrate DRM to piggyback on HSS.

This tutorial assumes that you have already configured Hyperion shared services. If you have enabled some form of AD in HSS, at the end of this tutorial you should be able to allow users from that directory to login to DRM using their credentials. However, if you do not have access to an AD, you can still use this  approach, to create users in HSS native directory and use them in DRM.

The first step is to fire up the DRM admin console, and click on the “host machines” tab followed by CSS sub tab. Under general, check the “CSS bridge” box and enter the name of the server hosting the shared services. Note that in my example, I am using “localhost” because I have both DRM and Hyperion on the same server. In a corporate setup, they usually have different machines for each of these components.

If your HSS server is not the same as your DRM server, you do need to install HSS components ( no need to configure) on the  DRM server. This is because of the dependencies on certain JVMs, which are shown on this screen.

DRM console, CSS tab
DRM console, CSS tab







The next step is to check the “classes” under the “Class Path” tab. Usually the paths are already populated and hence you do not need to type anything. However it is a good idea to check if the directories are actually valid and the files listed are present in those directories.

Class paths







The next step is to select the “Security Settings” tab. Here, under Authorization sub tab, click on “load settings” and select mixed mode authentication.

Security Settings








Next step is to create a user in HSS. This of course, assumes that we do not have a directory based system configured in HSS. As I explained earlier, you can use “native directory” users in HSS in DRM the same way as an AD user. In this example, I do not have access to an AD system, so I am creating a native user. Rest assured, the idea is the same for AD users as well.

New user in HSS






Next step is to add the user( reference rather) we have created in HSS into DRM. Here the step is to just create a new user, and follow the standard process, except select the “CSS (External) option for authentication. When you save this user, you will notice that the prompt for password doesn’t show up, proving that this users password is managed outside of DRM. As a side note, if we use “Common User Provisioning” we do not have to add uses individually to the system. However, I am not using that in this tutorial for the sake of simplicity. I will add that in my next post.

Adding user in DRM





That’s about it, all we need to do now is to test the access by logging into DRM. Fire up the DRM front end, log out as admin ( if you are logged in) and login using the credentials we have just created.

DRM login screen







Successful login








The author is a passionate Hyperion practitioner with deep interests in Hyperion Planning, Essbase, HFM, ODI and DRM.He can be reached via his LinkedIn profile.


Leave a Reply