Break Glass – Putting You in Control of Access & Encryption in Oracle EPM.

 Oracle EPM April 2026: Break Glass – Putting You in Control of Access & Encryption

Why This Matters More Than Ever

 

One of the most common questions I hear from security teams, auditors, and CISOs is:

“Who from Oracle can access our EPM data, and how do we control it?”

With the April 2026 (26.04) update, Oracle has delivered a long‑awaited answer by introducing Break Glass for Oracle EPM Cloud — a governance‑first capability designed for organizations that care deeply about data sovereignty, compliance, and zero‑trust principles.

Break Glass is not just another toggle in the UI. It fundamentally changes the access model between Oracle Operations and your EPM environments.

 

What Is Break Glass in Oracle EPM?

Break Glass is a new subscription option for Oracle EPM Cloud that gives customers explicit control over:

• When Oracle support personnel can access your environments
• How your data is encrypted at rest

It introduces two tightly integrated security pillars:

 

1. Oracle Managed Access (OMA)

With OMA enabled:

• Oracle cannot access your environment by default
• Every access attempt requires explicit customer approval
• Access is temporary, time‑bound, and auditable

This is a major shift from the traditional cloud support model.

Think of it like this: Oracle now needs a temporary, customer‑issued key to enter your environment — and every use is logged.

 

2. Bring Your Own Key (BYOK)

BYOK gives you control over encryption keys used for your EPM data at rest:

• Keys are customer‑managed
• Stored and controlled using OCI Vault
• You can rotate or revoke keys based on internal policies

This aligns EPM with enterprise‑grade security standards commonly seen in OCI, ERP, and regulated workloads.

 

How Break Glass Works – End to End

Here’s what the real‑world flow looks like when Break Glass is enabled:

1. An issue requires Oracle support involvement
2. Oracle submits an access request, usually linked to a Service Request (SR)
3. Your designated EPM administrators review and approve or deny the request
4. If approved:
• Access is granted only for the approved duration
• All actions are logged and auditable
5. Access automatically expires when the time window closes

No silent access. No assumptions. No permanent privileges.

 

Key Benefits for Customers

• Stronger Security & Zero Trust

·       Oracle access is explicit, not implicit

·       Eliminates "always‑on" operator access

·       Supports zero‑trust security models

• Audit & Compliance Readiness

• Complete audit trail of who accessed what and when
• Ideal for SOX, GDPR, HIPAA, ISO 27001, and similar requirements

• Encryption Ownership

• You control the encryption keys
• Aligns EPM with broader enterprise key‑management strategies

 

 Built for Regulated Industries

Especially valuable for:

• Banking & Financial Services
• Healthcare & Life Sciences
• Government & Public Sector
• Any organization with strict data‑residency obligations

 

Which EPM Modules Are Supported?

Break Glass applies across major EPM Cloud modules, including:

• Planning
• Financial Consolidation and Close (FCCS)
• Account Reconciliation (ARCS)
• FreeForm
• Narrative Reporting
• Enterprise Data Management
• Tax Reporting
• Profitability and Cost Management

 

How to Get Break Glass

Customers can enable Break Glass in two ways:

• Include it during initial EPM subscription onboarding
• Add it later as an additional subscription (SKU B112331)

Because it impacts governance, access workflows, and encryption, enabling Break Glass typically involves IT security, EPM admins, and compliance teams working together.

 

Should You Enable Break Glass?

The short answer is: it depends on your risk profile, regulatory exposure, and security posture.

Use the table below as a quick decision guide when discussing Break Glass with Security, Risk, and EPM stakeholders.

Question	If Your Answer Is YES	Recommendation
Are you subject to regulatory, audit, or data‑sovereignty requirements (SOX, GDPR, HIPAA, ISO)?	You must demonstrate controlled, auditable access to cloud data	✅ Strongly recommended
Do security or audit teams ask who at Oracle can access your EPM environments?	You need explicit approval and traceability	✅ Strongly recommended
Do you operate under a Zero‑Trust or least‑privilege security model?	Always‑on vendor access is a risk	✅ Strongly recommended
Do you need customer‑controlled encryption keys for compliance or internal policy?	Oracle‑managed keys may not be sufficient	✅ Strongly recommended (BYOK)
Is your EPM environment business‑critical or used for external reporting?	Risk impact of unauthorized access is high	✅ Recommended
Are you in Banking, Life Sciences, Government, or Public Sector?	Enhanced governance is typically mandatory	✅ Recommended
Is your organization comfortable with standard Oracle support access and Oracle‑managed encryption?	Risk tolerance is higher	⚠️ Optional
Do you prioritize faster support access over approval controls?	Manual approvals may add friction	⚠️ Evaluate carefully

 

Rule of thumb:

If your EPM environment is reviewed by auditors, regulators, or internal security teams — Break Glass should be part of your standard architecture.

Final Thoughts

Oracle Break Glass is one of the most important governance and security advancements EPM Cloud has seen in years.

It answers a long‑standing enterprise question:

“Can we trust the cloud — and still stay in control?”

With Break Glass, the answer is finally yes.

 

If you operate EPM in a regulated environment — or simply want enterprise‑grade control over your data — this is a feature you should be actively evaluating as part of the 26.04 release planning.

 

Oracle EPM April 2026: Two Quiet Changes That Can Break Your Automations

The April 2026 (26.04) Oracle EPM update looks calm on the surface — but behind the scenes, two technical changes can impact almost every EPM technical team if they’re not spotted early.

This blog focuses on only two changes, but both are high‑risk if ignored:

1. EPM Automate – Windows installation path change
2. Groovy rules – HTTP (insecure) authentication now disallowed

Both are documented by Oracle, but neither will show up as a shiny UI banner. If you rely on automation, scripts, or Groovy‑based integrations, this blog is for you.

All About Oracle EPM FreeForm!!

 If you’ve ever tried to force a complex planning or reporting problem into a standard Planning application, you already know the pain: required dimensions that don’t fit, workaround hierarchies, and logic that feels “almost right”—but never quite clean.

That’s exactly the gap Oracle FreeForm apps were designed to fill.

FreeForm is not a lighter version of Planning, and it’s not just Essbase in the cloud. It’s Oracle EPM’s most flexible application type, built for scenarios where your business model should dictate the structure—not the other way around.                                   Refer Doc -[docs.oracle.com]

 

All about Advanced Predictions in Oracle EPM.

Advanced Predictions – Why This Feature Matters

Forecasting in the real world is rarely driven by a single number. Revenue is influenced by pricing, promotions, volume, market growth, seasonality, macro‑economic conditions, and many other factors. Until now, Oracle EPM’s Auto Predict and Predictive Planning features looked at only one measure at a time, which limited how realistic and explainable forecasts could be.

With the August 2025 Oracle Cloud EPM release, Oracle introduces Advanced Predictions – a significant shift toward driver‑based, machine‑learning forecasting that feels native to finance teams, not data scientists.

Unlocking EPM Power: Get User Variables with Oracle Planning REST APIs!

Retrieving User Variables in Oracle EPM Using REST APIs

If you’re building integrations with Oracle Enterprise Performance Management (EPM), sooner or later you’ll run into User Variables. They are everywhere—driving form personalization, security filters, default selections, and even calculation behavior.

The good news? Oracle EPM provides powerful REST APIs that let you retrieve user variable values programmatically.

In this blog, we’ll break down two commonly used REST APIs:

• GetUserVariablesForUser
• GetUserVariablesForUserAndMember

You’ll learn:

• What user variables are and why they matter
• When to use each API
• How to call them
• What the response looks like
• Common real‑world use cases

All examples and explanations are provided with reference 

 

What Are User Variables in Oracle EPM?

User Variables are configurable placeholders that dynamically resolve to dimension members based on the logged‑in user. They are widely used across Planning, FreeForm, FCC, and other EPM modules to personalize the experience.

Typical use cases include:

• Default Entity, Version, or Scenario for a user
• Security‑driven data access
• Dynamic filtering in forms and dashboards
• Personalized calculations and rules

From a technical perspective, user variables help avoid hardcoding dimension members and allow applications to scale across users with different responsibilities. [docs.oracle.com]

 

Why Retrieve User Variables via REST APIs?

While user variables are usually set and managed through the UI, integrations often need them programmatically. Common scenarios include:

• External applications that need to respect EPM personalization
• AI agents or middleware dynamically resolving context
• Audit and validation of user setup
• Mass analysis of user configurations
• Integration testing and automation

Oracle addresses these needs through the User Variable Values REST APIs available in Planning REST API v3. [docs.oracle.com]

 

API #1 - What This API Does

This API retrieves ser variable values set for all users and for all user variables defined for the application.

 

REST Endpoint

GET {{BASE_URL}}/HyperionPlanning/rest/v3/applications/EPBCS/uservariablevalues

Response

API #2 - What This API Does

To retrieve user variable values set for all users for a user variable with a specific name.

REST Endpoint  

GET {{BASE_URL}}/ /HyperionPlanning/rest/v3/applications/EPBCS/uservariablevalues/Asset - Buy

API #3 - What This API Does

GET {{BASE_URL}}//HyperionPlanning/rest/v3/applications/EPBCS/uservariablevalues?q={"userName":"dayalan.example@example.com"}

to retrieve user variable values for one or more users.

Example Use Case

• An external planning portal needs to open with the same defaults as EPM
• A batch job validates that users have all mandatory variables assigned
• AI‑driven workflows resolve default dimension context before executing rules

 

 

Security and Access Considerations

• Service Administrators can retrieve variables for any user
• Regular users can retrieve only their own variables
• APIs follow standard EPM REST authentication (Basic Auth or OAuth2)

Oracle also enhanced these APIs in recent releases to allow retrieving multiple users’ variables in a single request, improving performance for administrative use cases. [docs.oracle.com]

 

Real‑World Integration Patterns

Here’s how these APIs are commonly used in modern EPM architectures:

• AI agents translating natural language into EPM actions
• Data pipelines aligning user context across systems
• Automated testing validating environment consistency

If you’re building an EPM Control Center, middleware, or AI‑driven workflow, user variables are often the first API call you make.

 

Final Thoughts

User variables may look simple on the surface, but they are foundational to personalization and security in Oracle EPM. Oracle’s REST APIs make it easy to retrieve them in a clean, scalable, and secure way.

 

If you’re building advanced integrations or AI‑powered solutions on Oracle EPM, mastering these APIs is a must.

 

 Happy days on the cloud!

Dynamic Period Locking Using Smart List in Oracle EPM (using Groovy Rule)

Have you ever faced the challenge where business users need flexibility to edit data in some months, but strict control in others? This is a common scenario in Oracle EPM Planning, and managing it manually can quickly become a headache. Luckily, there’s a way to automate this process using Smart Lists combined with a Groovy rule—making your forms dynamic, business-controlled, and much more efficient.

 

Let’s dive into how this solution works and why it’s so powerful.

 

**Business Requirement**

Here’s the goal: We want a Smart List column (let’s call it Account = SL) that acts as a simple toggle for whether a month is editable. If the user selects “DoNotUpdate” for a month, then certain accounts (like A_77300 and A_77600) should become read-only for that period—while other months remain editable. This puts the control squarely in the hands of your business users, without the need for IT to lock and unlock forms each month.

Mastering EpmScript in Oracle Cloud EPM Groovy Rules!

 If you're building Groovy business rules in Oracle Cloud EPM, you've likely encountered EpmScript. It's not a class you import or instantiate—it's just there, quietly offering its powerful methods to control almost every part of your Planning application.

In this blog, we’ll demystify EpmScript, explore its capabilities, and walk through practical examples of how it unlocks dynamic planning automation.

Groovy Scripting in Oracle Cloud EPM: A Deep Dive!

 Groovy scripting in Oracle Cloud EPM Planning is not just a scripting tool—it's a superpower. With the ability to manipulate forms, validate data, execute calculations, and orchestrate workflows dynamically, Groovy turns your Planning environment into a living, breathing application.

Whether you’re validating input, enforcing business rules, or orchestrating complex data flows, Groovy scripting provides flexibility and control that traditional Planning business rules can only dream of.

Groovy most commonly used functions and codes!

 In the world of Cloud EPM Planning, where forms, calculations, and allocations rule the day—and multiple times, you need Groovy scripting to do what regular calc scripts simply can’t. This blog gives you the easy to use functions and codes that you can reuse work across projects.

Automating Emails in Oracle Cloud EPM with Groovy Email Template!

 Sometimes you just need to let someone know what’s going on in your EPM application—maybe a process finished, a check failed, or you just want to send a heads-up. This Groovy business rule makes it easy by sending emails right from EPM, using just a few runtime prompts.

Run Data Management rule on Autopilot: Streamlining DM Data Jobs with Groovy

Have you ever wanted to run a series of Data Management integrations in Oracle Cloud EPM automatically for specific forecast periods — all while staying user-friendly with runtime prompts and full-on status tracking?

Well, this Groovy business rule does exactly that. Let’s break it down

 

This Groovy rule is designed to automate and control the execution of Data Management (DM) integration jobs for forecast data. It dynamically interprets user input, validates required conditions, and executes the appropriate integration job for each forecast period in sequence.

The rule orchestrates the execution of multiple forecast data movement jobs in Oracle Cloud EPM. The jobs transfer forecast data from one scenario/version to another (like from mid-forecast to working version) using a Data Management (DM) integration job. The timing and execution logic is governed by runtime prompt inputs and substitution variables.