User Group

[beek]

Hi there,

Recently we are deploying the TM1 model to few other countries. Now I'm at stage of planning the user groups . I noticed there's quite a lot of user groups that I need to create, and I have been cracking my heads for better ways in doing it.. but still no avails. Hence, am thinking of posting my situtation here, to see if anyone can suggest me alternatives

Below is my situation ..
I'm implementing to Country A, B, C, D,E. Product Managers will be using the system. Each product manager takes care of their own group of product, e.g. Product 1, 2, 3, 4, 5.
We have a cube, called sales cube, where stores the sales information. This sales cube consists of all sales data for all these countries, and we want to allow only the right product manager of the right country to have access to his own data.

I plan to have 25 groups. A1, A2, A3, A4, A5, B1, B2, etc.

At the Dimension Security for Country, I allow for all A* to access to only A, B* to access only B, etc.

I create a seperate cube to maintain the security. For A1, access only product 1(and the child under it), A2, access only product 2(and the child under it), , B1 access only product 1(and the child under it), , etc

At the Cube Security, I grant all users to READ Sales cube.

Is there any cleverer way of doing this? I feel my method is quite high in maintenance...


Pls share your view

[tushar.marathe]

Can't think of a clever way, but you can use a couple of TI processes to set this up.
Thinking out loud to outline the idea:
1 Input file with cols (User, User grp, product, Country)
1 process to add users
1 process to add User groups and associate user to the user grp
1 process to assign User grp to product dimension
1 process to assign User grp to Country dimension

However, Maintenance could be a dauting task depending on the volume.

[AmbPin]

If you can it might be worth implementing this security via rules.
Can you determine from your data who is a manager for a particular product group. If you can then you implement one rule to restrict access to country, then a second to restrict access to product.

[mvaspal]

I have just tried out and I think it is enough to create 10 groups instead of 25: A, B, C, D, E, 1, 2, 3, 4, 5
User A1 has to be assigned to two groups: A and 1
Element security for group A: WRITE for A, READ for other countries, READ for all products.
Element security for group 1: WRITE for 1, READ for all other products and READ for all countries.
This way, A1 is able to edit her own country and product group only.

You can choose from using a TI process or a simple rule for element security as suggested earlier.

[beek]

Thank you all for the valuable replies. Think I will heed for mvaspal's suggestion.. Yes, it can indeed cut down some groups and easier maintenance ..