Tm1 server not starting up

[anoops81]

Hi All ,

we have a model which will have around 500 users who's access will be defined by Cost center (5000 elements). Actually we dont want to create 500 groups to define access.

Instead we created a custom cube 'WS&GCA_AccessControl' with CC , Groups and Users which will help us to define the access to cost center.

in element level security cube for CC , we have written the following rule

['Input_Write']=S:IF(DB('WS&GCA_AccessControl','Input_Write',TM1user(),!Cost Centre)=1,'WRITE',STET);

Everything is working fine till now. When user logs in the access is getting defined. But when the server is restarted , it is not coming up & we are forced to remove the above rule to bring the server up.
We think the server is not coming up because of the TM1User() function which is used.

Is there any work around by which we can remove the TM1User() from the rule ? Or we we have to create 500 groups to define the security ?

Any suggestions are welcome !!!

Regards
Anoop

[lotsaram]

Sorry but you have lost me entirely here. Why do you think you need to assign client to cost center directly? And why do you think you would need 500 groups? (I'm guessing there is some hierarchical relationship for CC members or other grouping and not all 500 may be valid or in use so the true number of required groups is probably much less.) But even if you did need 500 groups what's really the problem in that?

Seems pretty simple you have a relationship of group to CC and simply assign client to the appropriate group. It's not more work than setting a value in this access control cube. Assuming a naming convention of the groups to the CCs then the element security can be all automatic and rule derived, as for that matter could membership of the groups based on the value in the access control cube if that's how you wanted to play it.

[anoops81]

Lotsaram,

We were too lazy to add and manage the security groups. The idea was to create a single group and manage the security.Tm1 should read from access control cube and transfer it to CC element security. But it reads only first admin user's access using tm1user() function and transfers the same access to all the users who are logged in. So the baisc idea was also not working. More over the server was not starting up because of the rule which was written. some $dim files were getting created and then getting stopped.

TM1 doesn't support enabling security using any other mean than groups ??

The CC dimension had hierarchy but the access for users was random CC's. Hence one group was each user's was required.


Regards,
Anoop

[lotsaram]

We were too lazy to add and manage the security groups. The idea was to create a single group and manage the security.Tm1 should read from access control cube and transfer it to CC element security.

Too lazy? If I was being uncharitable I would say too something else (starting with i, 11 letters, for the Sunday crossword readers). Management of groups for cost centers is no work or effort at all since this can be 100% automated and scheduled with TI. In terms of assignment of users to groups and likewise groups to CC element security, as I already said this can likewise be 100% automated via the user access cube you already have, either via rules in }ClientGroups or via TI that processes the user access cube (in fact you could combine the TI to create and assign groups as one process.) This would not only work, I'd say this is how it should work.

TM1 doesn't support enabling security using any other mean than groups ??

The CC dimension had hierarchy but the access for users was random CC's. Hence one group was each user's was required.

Security is enabled via groups this is what groups are for and how security works. TM1 isn't alone on this, its a pretty universal concept.

[anoops81]

Lotsaram,

I was aware that we could do this very well by creating groups. Was trying to find an "easy" way to do this.

I was insipred by http://www.lifeoptimizer.org/2009/11/14 ... zy-person/


But unfortunately it didnt work !!!

Regards,
Anoop

[lotsaram]

I was aware that we could do this very well by creating groups. Was trying to find an "easy" way to do this.

An "easy" way to do it would be to use your "cost center access control" cube in more or less the same form that you have it now and process this cube and use TI to:
- create groups
- assign element security to groups
- assign users to groups

I'm all for work smarter not harder but it sounds like the option you selected was actually the harder one.

[tomok]

An "easy" way to do it would be to use your "cost center access control" cube in more or less the same form that you have it now and process this cube and use TI to:
- create groups
- assign element security to groups
- assign users to groups

I agree completely. Probably one of the most common scenarios I've encountered is companies wanting to secure their data using the cost center/profit center dimension. All you do is then create a group for each center and give it a name like the center # concatenated with "_Group", like "100_Group" and assign people to whatever cost centers they're allowed to have access to. Why anyone would think it's easier to manage security by user is beyond me. As a matter of fact, I can't remember a single project I've done where the security needs didn't have a "group" concept to it. Sure, there may be instances where some users may need to have greater access than the other members of their group but you solve that by making them members of more than one group, or you create a "one-off" group just for them as an ecxeption.