Hello folks,
We are using Cognos 10.1 with TM1 9.5.1 (all possible 64 bit installs) on a Windows 2008 R2 server platform (64 bit).
Have TM1web configured and working, as well as full integration and access to TM1 cubes from within our cognos connection/ portal.
The TM1 security mode we are working with is '5' ... so it is fully integrated with our Active Directory and Cognos portal / single signon.
The question i have for you folks is this :
Is it possible to display the current viewer's security access level being used within TM1 objects?
We have a notion of fund / responsibility centers for financial information... and various people belong to various groups.
We also have a series of dashboard type reports with budget / actual / commitment type information right off of TM1 cubes.
I was hoping to add the extra information which displays exactly the detail level of access being displayed in our reports.
'Budget for responsibility center 1234' type thing.
Have tried googling till my eyes bled, but either my google-fu skills are weak, or this isnt trivial. :/
Can any of you recommend anything to try?
Display of viewer's security group info
-
lotsaram
- MVP
- Posts: 3702
- Joined: Fri Mar 13, 2009 11:14 am
- OLAP Product: TableManager1
- Version: PA 2.0.x
- Excel Version: Office 365
- Location: Switzerland
Re: Display of viewer's security group info
Hi bioh,
TM1 security settings are storred in cubes so it is relatively easy to pull out access rights for a particular security group. However TM1 security is additive and users can belong to multiple groups so pulling out the rights for a particular user is another matter and except for particular cases where users are members of only very few groups you can't pull out user access levels from any cube in any easy way (or in any way).
With the API there are functions to return the security level in effect for a user but this is no good for you in TM1 web (unless you do a lot of customization) also you still have the problem of tracking back to determine which particular group membership(s) contributed to the security access in effect.
If the security model has been set up with the need to report on a user basis and with adherence to object naming conventiosn then it shoudl be possible to come up with something, but if not then it will be a tough ask.
TM1 security settings are storred in cubes so it is relatively easy to pull out access rights for a particular security group. However TM1 security is additive and users can belong to multiple groups so pulling out the rights for a particular user is another matter and except for particular cases where users are members of only very few groups you can't pull out user access levels from any cube in any easy way (or in any way).
With the API there are functions to return the security level in effect for a user but this is no good for you in TM1 web (unless you do a lot of customization) also you still have the problem of tracking back to determine which particular group membership(s) contributed to the security access in effect.
If the security model has been set up with the need to report on a user basis and with adherence to object naming conventiosn then it shoudl be possible to come up with something, but if not then it will be a tough ask.
-
bioh
- Posts: 4
- Joined: Tue May 17, 2011 2:48 pm
- OLAP Product: cognos 10 studios and tm1web
- Version: 9.5.1
- Excel Version: 2007
Re: Display of viewer's security group info
Hello again,
Thanks for your reply.
Of most interest to me currently is ability to tell the parameters (filters) being sent or used to/in TM1 in order to produce output.
TM1 somehow knows my access level, and it does appear correctly for each person.... just how do i access that information from Report Studio (or .. anywhere really... how do i display this within TM1 ... ?)
TM1web we do use, but primarily we would prefer to use dashboards within Cognos 10.
(we have FM publishing TM1 cubes to the portal, and we use Report Studio to report on those)
So yes, "the problem of determining which particular group membership contributed to the security access in effect".... sums it up pretty well.
Are there any FM model queries or TM1 (TI), or anything else that would display this ?
Thanks for your reply.
Of most interest to me currently is ability to tell the parameters (filters) being sent or used to/in TM1 in order to produce output.
TM1 somehow knows my access level, and it does appear correctly for each person.... just how do i access that information from Report Studio (or .. anywhere really... how do i display this within TM1 ... ?)
TM1web we do use, but primarily we would prefer to use dashboards within Cognos 10.
(we have FM publishing TM1 cubes to the portal, and we use Report Studio to report on those)
So yes, "the problem of determining which particular group membership contributed to the security access in effect".... sums it up pretty well.
Are there any FM model queries or TM1 (TI), or anything else that would display this ?