TM1 Forum

Hi, please vote for the RFE below, which requests functionality to allow the creation of users via a GUI rather than having to resort to a TI process.

https://ibm-data-and-ai.ideas.aha.io/ideas/PAOC-I-426

Steve - is this different to creating Users and Groups in PAW and having them sync/replicate/be one-and-the-same in TM1?

Reading your Idea, it seems like you just want to add but that leave the gap between PAW Users and TM1 Users.

It sounds like longer term, they are looking to merge PAW Users and Groups - probably for the Applications and Plan functionality but cannot say for sure.
Ideally I would want one store for Users and Groups but happy to support the idea.

At the moment there are two distinct layers of security in PAW and TM1.

This is for TM1 exclusively, i.e. what you would get if you used the AddClient function. Many customers have PAW to use Pafe so PAW users and security are redundant.

I should of mentioned that this is for mode 1 security in the rfe but I'll try and make an edit.

On the concept of merging the security of PAW and TM1. This has many challenges, all solvable probably.

Given that PAW will / can bridge many TM1 instances I'm not convinced about having a single security model covering the whole piece, which is different order of problem to being able to manage the TM1 security via PAW. As long as "TM1 DB" is a dimension in the PAW security model then I guess we'll be OK but I would hate to be in a position where a users access to an element had to be the same across all the TM1 DB on an estate.

Also if the security model moves up into PAW consider that PAW doesn't really know about TM1 structures at the moment. All the action happens in TM1.

Anyway getting off track...

Yes. The fact that the security model (users and groups) for PAW is disconnected from the TM1 server is absolutely a case of "what the h3ll were they thinking?!"