Morning All,
I have a projects dimension in a forecasting cube where a single Project manager is assigned to each project (the n level element). We have around 80 PM's in the business and data needs to to be secured on a project level, i.e a single PM can only see their own projects.
As we can't set security at a user level at the moment there doesn't seem a away go get away from having to create a single group for each PM, then assigning that group to the elements in project dimension.
Does anyone have any further ideas on more inventive ways to tackle this?
Thanks
Securing dilemma
-
- Site Admin
- Posts: 1458
- Joined: Wed May 28, 2008 9:09 am
Re: Securing dilemma
It's not that hard to write a TI which creates a group for each project manager, then assigns rights on (eg) name or attribute. Generally TM1's use of groups for security is efficient and flexible and (with the above) can cope with the use case you have.
-
- Posts: 49
- Joined: Mon Oct 08, 2012 12:02 pm
- OLAP Product: TM1 10.1.1
- Version: TM1 10.1.1
- Excel Version: 2010
Re: Securing dilemma
Thanks David,
Do you believe this would work in a IBM cloud environment when the security mode is set to 5. I presume I would still be able to add TM1 groups to the model via that process as normal and assign those users.
Do you believe this would work in a IBM cloud environment when the security mode is set to 5. I presume I would still be able to add TM1 groups to the model via that process as normal and assign those users.
-
- Site Admin
- Posts: 1458
- Joined: Wed May 28, 2008 9:09 am
Re: Securing dilemma
I've done it on the shared partner cloud so I would suggest yes.
- tiagoblauth79
- Posts: 25
- Joined: Fri Aug 26, 2016 1:42 pm
- OLAP Product: Cognos BI and TM1
- Version: 10.2.2
- Excel Version: 10
- Contact:
Re: Securing dilemma
I suggest using Data Reservation in this case as it can be applied to a specific user.
Configuration made in }CubeProperties does enable it. The available Data Reservation modes you can use are listed here:
Configuration made in }CubeProperties does enable it. The available Data Reservation modes you can use are listed here:
- Required (REQUIRED): disables write access for all users for the entire cube and requires you to explicitly assign Data Reservations for any user that needs to write to this cube.
- Allowed (ALLOWED): allows you to selectively restrict write access to an area of the cube by assigning Data Reservations to individual users as needed.
- CubeDataReservationReleaseAll - clear all reservations
- CubeDataReservationAcquire - apply the reservations you want