Hello - I am a TM1 newbie so any help would be greatly appreciated.
I have a Task Dimension consisting of the below structure. If Contractor Y logs in, I want them to only see only their data. I have granted them read access for their data and if they run the report at the contractor level (i am using a tree prompt), they only see their data. Issue is when I enable drilling or if they select the "Total Project" level on the tree prompt, the total project line is showing the total value for all contracts (X + Y + Z). I only want to show the total for Y.
I realize, the total project is really just a "number" in the TM1 model and it's not doing any on the fly calculations based on what you are running the report for. BUT Is there a way to limit the "Total Project" line to show only Contractor in which you are running the report for?
Total Project
...Contractor X
......Contract 1
.........Subtask 1.1
...Contractor Y
......Contract 2
.........Subtask 2.1
...Contractor Z
.......Contract 3
.........Subtask 3.1
How to set Element security in TM1 at highest level?
-
qml
- MVP
- Posts: 1098
- Joined: Mon Feb 01, 2010 1:01 pm
- OLAP Product: TM1 / Planning Analytics
- Version: 2.0.9 and all previous
- Excel Version: 2007 - 2016
- Location: London, UK, Europe
Re: How to set Element security in TM1 at highest level?
Yes, of course. There are many ways for a user not to see the total. These come to mind:okh310 wrote:BUT Is there a way to limit the "Total Project" line to show only Contractor in which you are running the report for?
a) Use element security to remove access to 'Total Project' from restricted users so that they cannot run the report for anything outside their Contractor consolidation. If you use Cognos BI you might not be able to use this option as users need access to the top-level consolidation.
b) Use cell security without element security so that restricted users can see the entire structure of the dimension, but they see no values on 'Total Project'.
c) Create alternate hierarchies for each user with the user only being able to access their own hierarchy with their own Total element (restricted through element security).
d) Create another security dimension with element security applied that has a bespoke consolidation for each user and the user having access to that element only. Under each personal consolidation would be all the subtasks that a person has access to. This effectively means that everyone has their own definition of 'Total Project' that is dependent on their access, but the Task dimension stays unsecured and users can still access all elements in it, but get different numbers.
Kamil Arendt
Re: How to set Element security in TM1 at highest level?
THANK YOU QML!!!!!
These are excellent suggestions. After some testing, option A seems to be our best bet. I was worried with this option that the user could still drill up to the total project level even though it's not showing on the tree prompt or report. However, that is not the case.
This option also works well for our admin users as they are able to see total project and all contractors so we just set them to have READ access to the total project level. The tree prompt shows the correct levels accordingly.
These are excellent suggestions. After some testing, option A seems to be our best bet. I was worried with this option that the user could still drill up to the total project level even though it's not showing on the tree prompt or report. However, that is not the case.
This option also works well for our admin users as they are able to see total project and all contractors so we just set them to have READ access to the total project level. The tree prompt shows the correct levels accordingly.
-
Sebastian.Klein
- Posts: 16
- Joined: Mon Oct 15, 2012 3:49 pm
- OLAP Product: TM1
- Version: 10.2
- Excel Version: 2010
Re: How to set Element security in TM1 at highest level?
I disagree to the point, that you can't use this option with Cognos BI. With TM1 10.2 FP1 you could use a config option in Cognos BI (minimum 10.2.1.1 IF3), that will define filler-members from the top to the level which the user can see. It is described here: http://www-01.ibm.com/support/docview.w ... wg21660287qml wrote:Yes, of course. There are many ways for a user not to see the total. These come to mind:okh310 wrote:BUT Is there a way to limit the "Total Project" line to show only Contractor in which you are running the report for?
a) Use element security to remove access to 'Total Project' from restricted users so that they cannot run the report for anything outside their Contractor consolidation. If you use Cognos BI you might not be able to use this option as users need access to the top-level consolidation.
I haven't seen it so far, but I will test it in the next days.
In previous versions you can get it working if you left the entries in the }HierarchyProperties Cube empty for the particular dimension.
German TM1 Consultant since 2008
Re: How to set Element security in TM1 at highest level?
Thank you for the Filler suggestion, Sebastian. We have tested this on our end and it doesn't seem to be working. The tree prompt is showing up as blank for a User without top level priveleges. We modified the file as stated in the instructions and rebooted server.
Could you let us know if you were able to get it working? If so, did you have to do anything differently?
Thanks!
Could you let us know if you were able to get it working? If so, did you have to do anything differently?
Thanks!
-
Sebastian.Klein
- Posts: 16
- Joined: Mon Oct 15, 2012 3:49 pm
- OLAP Product: TM1
- Version: 10.2
- Excel Version: 2010
Re: How to set Element security in TM1 at highest level?
I had the chance to test it today, with a little success.
I have a Cognos BI server on 10.2.1.1 IF 3 and TM1 on 10.2.1 IF1. I created a hierarchy that is secured for a single user to a node beginning at the 4th level. I defined the level names beginning with Level1 to Level6 in the }hierarchyProperties cube. After that, I tested in Cognos Workspace Advanced the metadata as mentioned in the link I posted above. If I open the "Members" node, I see the directly the correct node the user can access. If I drill down there, BI throws an error message: The server returned an unrecognizable metadata response.
So I opened Level4 where the users security start from and here I am able to see the element and drill down to its childs. I also tried a tree prompt with the same result. The tree prompt shows me the element, but I cannot drill down from there.
So at the end it works a little bit better than in the past, but not the way it is documented by IBM. The strange thing is that it did not displays the "^" signs as mentioned by IBM. Perhaps we haven't configured it correctly or the documentation is not correct. My last try is to edit the xqe.config.xml file directly but I have no access to the BI server at the moment. I will test it next week. Could you try it, okh310?
I have a Cognos BI server on 10.2.1.1 IF 3 and TM1 on 10.2.1 IF1. I created a hierarchy that is secured for a single user to a node beginning at the 4th level. I defined the level names beginning with Level1 to Level6 in the }hierarchyProperties cube. After that, I tested in Cognos Workspace Advanced the metadata as mentioned in the link I posted above. If I open the "Members" node, I see the directly the correct node the user can access. If I drill down there, BI throws an error message: The server returned an unrecognizable metadata response.
So I opened Level4 where the users security start from and here I am able to see the element and drill down to its childs. I also tried a tree prompt with the same result. The tree prompt shows me the element, but I cannot drill down from there.
So at the end it works a little bit better than in the past, but not the way it is documented by IBM. The strange thing is that it did not displays the "^" signs as mentioned by IBM. Perhaps we haven't configured it correctly or the documentation is not correct. My last try is to edit the xqe.config.xml file directly but I have no access to the BI server at the moment. I will test it next week. Could you try it, okh310?
German TM1 Consultant since 2008
Re: How to set Element security in TM1 at highest level?
Sebastian,
We tried to modify the XML file as per the tech note. We added the line of code for <hierarchyUseFillerMember value="true"/> in the xqe.config.custom.xml file. No luck!
Note: We have labeled our hierarchy levels so this may present an issue of TM1 not automatically shifting the levels. We need to rename the levels for ease of use.
We tried to modify the XML file as per the tech note. We added the line of code for <hierarchyUseFillerMember value="true"/> in the xqe.config.custom.xml file. No luck!
Note: We have labeled our hierarchy levels so this may present an issue of TM1 not automatically shifting the levels. We need to rename the levels for ease of use.
Re: How to set Element security in TM1 at highest level?
Sebastian,
We finally got it to work modifying the xqe file. Basically, I have given user access to 3rd level. On the prompt, levels 1 and 2 show a ^. I am wondering if there is a way to default the prompt to show the first element in which there is data instead of showing the ^^. It looks ugly.
Let me know if it does not work for you, I had to try many times before it worked.
We finally got it to work modifying the xqe file. Basically, I have given user access to 3rd level. On the prompt, levels 1 and 2 show a ^. I am wondering if there is a way to default the prompt to show the first element in which there is data instead of showing the ^^. It looks ugly.
Let me know if it does not work for you, I had to try many times before it worked.