TM1 Forum

Hi all,
This could be a stupid question, but I dont seem to find how to secure the rules from the end users who have access to Perspectives and have write access to the cube.
I do not even want them to see that this cube has a rule file.

THANKS a million
micheline

mnasra wrote:Hi all,
This could be a stupid question, but I dont seem to find how to secure the rules from the end users who have access to Perspectives and have write access to the cube.
I do not even want them to see that this cube has a rule file.

THANKS a million
micheline

You can't. Anyone that has at least READ to a cube can see the rules. They can't change the rules unless they have ADMIN.

mnasra wrote:Hi all,
This could be a stupid question, but I dont seem to find how to secure the rules from the end users who have access to Perspectives and have write access to the cube.
I do not even want them to see that this cube has a rule file. micheline

When you say "Perspectives" do you mean Excel add-in or server explorer? Using Capability Assignments you can restrict users from accessing Server Explorer so they wont be able to see rules but can still use Excel add-in.

Thank you all. Very appreciated.

Another alternative is to have a second cube where the results of the rule-driven cube and sent in via TI. Users who shouldn't be able to view the rule file can have access to this second cube and not the first - thus being able to access the data via Server Explorer but not be able to see the rules (if you set the security up right). Obviously there's quite a lot of development and maintenance overhead with this way not to mention that results will no longer be 'real-time'. YMMV.

rmackenzie wrote:Another alternative is to have a second cube where the results of the rule-driven cube and sent in via TI. Users who shouldn't be able to view the rule file can have access to this second cube and not the first - thus being able to access the data via Server Explorer but not be able to see the rules (if you set the security up right). Obviously there's quite a lot of development and maintenance overhead with this way not to mention that results will no longer be 'real-time'. YMMV.

Not to mention rules at C level of the dimensions

Wim Gielis wrote:

rmackenzie wrote:Another alternative is to have a second cube where the results of the rule-driven cube and sent in via TI. Users who shouldn't be able to view the rule file can have access to this second cube and not the first - thus being able to access the data via Server Explorer but not be able to see the rules (if you set the security up right). Obviously there's quite a lot of development and maintenance overhead with this way not to mention that results will no longer be 'real-time'. YMMV.

Not to mention rules at C level of the dimensions

Sure - good point. This alternative is only really going to be an option if your rules are at n: level only. Otherwise, you'd be faced with building summary dimensions in the 'reporting' cube and suddenly the option is looking quite impractical.