EPBCS ASO Level 0 Export

I was so excited the other day when I read this small yet so inviting tidbit in the EPBCS release notes for May:

You can now use Calculation Manager to export and import level zero data from an ASO cube.

I have been struggling with getting data out of ASO cubes in a usable format for the longest time so I had to try it this weekend.

I dreamed that it was going to be a new type of data export script that would make extraction from the cubes both quick and filterable. What we got was in my mind is a bit of a disappointment.

The URL to access the documentation for this feature in the release notes is not currently active so this is based on my digging.

The feature can be accessed within the Calc Manager Essbase screen of EPBCS. Once you are in Calc Manager select the database properties icon. Then navigate to your ASO application and database.


Select the Export Level Zero Data and the system will generate a zip file for you in the inbox that can be downloaded. It was very quick to generate the zip! When I downloaded the file and opened the zip I found that my data was in native Essbase format, not column format and therefore it could not be easily used effectively in any on-prem, non-Essbase downstream applications. This also cannot be scheduled through REST yet to provide lights out extracts if needed.

Basically, the functionality of on-prem ASO extracts has been replicated in the cloud.

I am hoping that this is just a start because with the power of data maps our BSO plan types can be smaller and quicker but the data physically only exists in the ASO plan types. Clients that need to share data with other applications require a more eloquent solution for extracting data out of ASO plan types. I was hoping for a change in the way that I implement but unfortunately, my designs will still rely on BSO for my client’s extract needs. I am optimistic this is just the start of really opening up the power of ASO to extract data!!

Part 2 – Where is my import/export security utility? How to Import Security

UPDATE  7/31/19


I would look to use the REST API to load and extract security now.  This method will still work but has been improved by Oracle.


After I posted this, I realized that I was not checking for XML special characters and if you had one in your metadata it would error when importing into PBCS. I have corrected this and updated the downloaded script. Sorry if this caused any frustration.

This is part two of the import/export utility for PBCS. Extracting security is fine, but now we want to import the security back into our system. As you may remember we extracted all of the group security and placed it all into one comma separated file using the Powershell utility in the last post.

We are going to utilize LCM to import the security back but we have to get the files and the archive in the correct format. Some key points to remember with the import:

  • LCM will import all of the user security from the file.  So even though the export creates a file for each group you can import it all in one file.
  • There does not seem to be a way to clear the security before you load it.  This was possible in the utility.  (I will keep playing with this.)
  • So based on the last point it is a merge of the security in the system.



PBCS requires a very basic but specific XML format. I have written a Powershell Script to convert the CSV into the correct format for planning to accept. To utilize the solution you will need two files located here SEC2XML.

The download has two files. Please place these files in the same directory.

  • listing.xml – is a file that will be used to build an archive file that can be loaded to your PBCS environment.
  • sec2xml.ps1 – is the Powershell script that will convert your csv file into the correct xml format and build an archive based on your original download that can be loaded back into PBCS.

This script will accept two parameters. The first is the path and name of the csv file. The second is the path to the original archive that you extracted application folder. A bit more detail on that parameter below:

This is an example of an unzipped lcm extract of just my security groups. The second parameter is looking for the path of the application folder in this structure in the below screenshot is HP-TOYS. TOYS is the name of my planning application.

Below is an example of the syntax to run the script:

/sec2xml.ps1 /Users/anthonymanfredi/Dropbox/POWERSHELL/SECURITY/securitymac.txt /Users/anthonymanfredi/Dropbox/POWERSHELL/BLOG/ZIP/HP-TOYS

  • /sec2xml.ps1 = The name of the script
  • /Users/anthonymanfredi/Dropbox/POWERSHELL/SECURITY/securitymac.txt = The path and name of my security csv file.
  • /Users/anthonymanfredi/Dropbox/POWERSHELL/BLOG/ZIP/HP-TOYS = Unzipped application folder.


The script does quite a bit of magic but here is a flow chart highlighting the steps:

The script will convert the csv file back into the proper xml format. Next it utilize your original zip extract to build a zip file to load your new security upload. I would recommend just using the groups export to simplify the process. The script will delete any existing xml security files in the groups folder and then place the newly created XML file in the directory. I deleted the other files so that there would be no contention on load and the latest updates will come from the new csv file.

The next step will copy the listing.xml in the info folder. This file will let planning know about the new export that you want to load.

Once that is complete it will zip the structure and put the file security_update.zip in the same directory you executed the Powershell from.



Now that the archive is built you can login to the PBCS application and navigate to the Migration section.
Once you are there select the Snapshots tab and upload your Archive.

Now that its uploaded you should be able to navigate the archive and see the security like below:

Import the snapshot when your ready and the application security will be updated

Couple of notes:

  • You will need to delete the snapshot in PBCS or rename it when you run the process again. You can’t have the same archive twice.
  • When you extract the original archive place it in its own folder so the Powershell script will not accidentally zip up extra files.


I hope this helps everyone with their security in PBCS. Please don’t try this for the first time in PROD!! Run it in test first. If you have any questions or problems let me know!!

Where is my import/export security utility???

UPDATE  7/31/19


I would look to use the REST API to load and extract security now.  This method will still work but has been improved by Oracle.




When I first started working on Hyperion Planning, clients and consultants would call the hotline and ask how they could see their existing security because back in the 1.0 days it was not available. So I dove into the database and wrote a Microsoft Access database that enabled consultants and clients the ability to see their security. We distributed the database and instructions if people asked nicely or loudly until the feature was written into the tool.

The Oracle EPBCS/FCCS platform does not come with a nice way of exporting and importing object security the way the on-prem version of Hyperion Planning had with its command line utilities. I decided to take a stab at hopefully making it easier.


This entry will focus on exporting the current security of an application and formatting it into a csv file so you can easily edit the security or view its contents.

I am going to focus on group security since it is a best practice to apply security at a group level. You can follow this process for users as well.

The first step is to extract the current application security using the migration component of EPBCS. You can use a complete application extract or just extract the security. Below I am just extracting the group security.


Once the migration is executed download it to your machine. Unzip the file and you will find your currently assigned security in super fun XML files for each group.


Here is what it looks like in XML.


Its pretty simple XML but not great to edit. Now that you have the files I have written a Powershell script that will convert all of the files in a directory to a combined csv file. By no means am I a Powershell master but I like it because its extremely quick, and handles XML, JSON, and CSV formats extremely well. Generally you will find it installed on most new servers or clients. Here is some documentation to enable it on windows.

It can also run on your mac or linux environment.

You can download the script here. Once you download it place it in a directory where you plan to execute it from.

The script accepts two parameters. The first is the directory where the XML files are stored and the second is the name of the file you want to create. If you dont put a path the file will be saved in the same directory as where you execute the script. The parameters should be separated with a space.

Once you launch the shell navigate to the directory you have saved the script in.


Here is the command :

./sec2csv.ps1 “V:POWERSHELL/BLOG/HP-TOYS/resource/Security/Access Permissions” security.csv

Place quotes around the directory.


I have updated the script to search the whole directory and create a report combining your user access and group access.


It will look like this in the shell.


Once the script runs it will generate your export.

It has now combined all of your group files into one csv file that will look like this.


The information in this file will be very similar to what was required for the import and export utility in planning. The definition of these fields can be found here. The only one that is really different is the IsUser field. For group security this will always be N.


I hope you find this first part of this conversion helpful. I am testing the CSV to XML script now, it has been working great and I should have that up soon. I hope this helps you manage security in the cloud!!