}CellSecurity and TI

[EvgenyT]

Good Afternoon Gents,

Can someone please refresh my memory here... I have a Version Security cube which controls user access to versions by year (Read, write etc).

For example if I set 'READ' access for 2013 Budget in my Sales cube for particular group I get expected results: Users can only 'read' that data.

On the other hand these users are able to run TI to load data: actuals,budget etc.... I have locked up 2013 Budget access with 'READ' access for these users, however they still able to overwrite data via TI if they run it.

So I guess the question here: does TI security explicitly (given that users have 'Read' access for the TI) overwrites }CellSecurity permissions? I could block their TI access, but they need to be able to load forward data



Any thoughts/suggestions are much appreciated

[rmackenzie]

A TI process executes with Admin privilege even if it is executed by a non-Admin user that has READ permissions on the TI process.

[EvgenyT]

Thanks Robin,

It clicked back in my brain now

Yeap, I'm guessing the only to stop user from updating 'Read' only cells is to put ProcessQuit in Prolog based on IF statement (check whether that Version/Year combination is 'READ' only in the Version Security cube and Groups membership of the user, because you dont want to affect Admin/DataAdmin users)....

Any other ideas would be appreciated

[rmackenzie]

It's not clear why users with READ-only access to data have any access to the TI? Can't you just let the people doing the budget/ forecast input (i.e. WRITE access) be the ones that can run the TI that brings in new data?

[EvgenyT]

good point Robin,

I guess the primary reason was to stop users (those ones who run jobs) from accidentally zeroing / amending (inputting wrong parameters) data in previous years
I have inherited a model that didn't have sufficient debugging routines in the processes and tried to find a universal solution to the problem


Thanks