Hi,
in our company we are using Cognos TM1 10.2.2. Security users and user groups are integrated into Cognos BI. TM1 server does not have its own users/groups, it gets users/groups from Cognos BI. Then Cognos BI users and user groups are integrated into using LDAP users and groups.
When I add new user to LDAP and assign it into one LDAP user group it is perfectly well visible in Cognos TM1. I can open "Cognos TM1 Architect" and from tree TM1 click on <server_name>. Then right click on it and select Security | Clients/Groups. On this screen on columns there are LDAP user groups displayed and on rows there are LDAP users displayed. Perfectly fine, working as expected.
In LDAP when I remove user from LDAP group I expect above list to get refreshed. For LDAP users that are removed from all LDAP user groups, I expect to be completely removed from the list. But to my surprise all of the users when ever they existed are listed here. Also users that have left the company like 10 years ago.
I have tried:
Restarted Cognos BI and Cognos TM1, just in case if this list is populated after restart, but it did not work. Users/groups did not change. It is just growing and never shrinks.
Is there a way I can freshly populate users from LDAP, so this list of users and groups is realistically populated?
It would be nice if some solution is found (to clear the list), because we are in IBM license revision process and auditor requested I create print-screens of TM1 | <server_name | Security | Clients/Groups.
P.S. I know I should upgrade TM1 product to newer version, but business decision was made we migrate solution to other vendor, but we have not yet been able to do it so.
Thanks
How to clean up TM1 | server_name | Security | Client/Groups
-
Stanislav2
- Posts: 31
- Joined: Tue Aug 20, 2013 5:53 am
- OLAP Product: TM1
- Version: 10.1.1
- Excel Version: -
-
Elessar
- Community Contributor
- Posts: 412
- Joined: Mon Nov 21, 2011 12:33 pm
- OLAP Product: PA 2
- Version: 2.0.9
- Excel Version: 2016
- Contact:
Re: How to clean up TM1 | server_name | Security | Client/Groups
Hello,
That's rather strange, if you have IntegratedSecurityMode=5 and the auditor asks you screenshots from TM1, not from Cognos BI Administration.
Nothing is deleted from TM1 automatically. You can at least have data on deleted users in a cube with }clients dimension.
With ISM=5, the clients and their groups relationships are imported from Cognos BI (CA now) automatically when the user logs in.
That's rather strange, if you have IntegratedSecurityMode=5 and the auditor asks you screenshots from TM1, not from Cognos BI Administration.
Nothing is deleted from TM1 automatically. You can at least have data on deleted users in a cube with }clients dimension.
With ISM=5, the clients and their groups relationships are imported from Cognos BI (CA now) automatically when the user logs in.
- The simplest way is just to delete all the "CAMID*" elements from }Clients dimension (if there is no data "in a cube with }clients dimension"). And, maybe, to ask all the users to log in (if there are few)
- You can tell auditor that he does something wrong auditing licences this way, and show him user-group relationships in Cognos BI Administration. Also, you can export all the relationships from Cognos CS DB using this select: https://www.cognoise.com/index.php?topic=3079.0
- OR you can use the select (https://www.cognoise.com/index.php?topic=3079.0) to find out all the users who are in roles/groups, and delete unused from }Clients dimension in TM1
-
Stanislav2
- Posts: 31
- Joined: Tue Aug 20, 2013 5:53 am
- OLAP Product: TM1
- Version: 10.1.1
- Excel Version: -
Re: How to clean up TM1 | server_name | Security | Client/Groups
Hi,
we have IntegratedSecurityMode=4 which means users and groups are imported from Cognos BI server and TM1 does not have its own users/groups.
I have solved the problem by:
1. Open TM1 Architect.
2. From TM1 tree, right click on <my_server> and select Security | Client/Groups.
3. For each of the users that is not active anymore (I have a list of active Cognos BI users), I have right clicked on user and selected "Delete Client".
4. When finished I clicked on OK button.
5. In tree TM1 | <my_server> | Processes I created new process and left everything default except Advanced tab and select Prolog sub-tab and type in command:
save the process and run it.
Now problem is solved. I had to add step 5. Without step 5 TM1 gets deleted users back somehow, despite they do not exists in Cognos BI.
I just got instructions what to do in document (step-by-step). I have now performed above steps (not deleting active users from TM1) and created print-screens. At the top of the document I have to prepare I have written note, that I think this is not proper way of auditing licences.
Thanks for help
we have IntegratedSecurityMode=4 which means users and groups are imported from Cognos BI server and TM1 does not have its own users/groups.
I have solved the problem by:
1. Open TM1 Architect.
2. From TM1 tree, right click on <my_server> and select Security | Client/Groups.
3. For each of the users that is not active anymore (I have a list of active Cognos BI users), I have right clicked on user and selected "Delete Client".
4. When finished I clicked on OK button.
5. In tree TM1 | <my_server> | Processes I created new process and left everything default except Advanced tab and select Prolog sub-tab and type in command:
Code: Select all
SaveDataAll;Now problem is solved. I had to add step 5. Without step 5 TM1 gets deleted users back somehow, despite they do not exists in Cognos BI.
Code: Select all
You can tell auditor that he does something wrong auditing licences this way, and show him user-group relationships in Cognos BI Administration
Thanks for help