TM1 Forum

Posted: **Fri Feb 21, 2014 6:26 pm**

Hello Everyone

We are in the final stages of upgrading from TM1 9.5.2 to TM1 10.2 and running into issues with Cell Security Rules. The model originally had Cell Security rules which were working fine but that combined with the new Auto Generated Cell Security Rules in 10.2, things are not working as expected.

1.Since in TM1 10.2 }Cell Security Cubes have an auto generated rule set up post application is deployed, can we add the current conditional rules as well? If Yes - Can someone please shed some light on this?
2.If the response to question posted in point 1 is No - Can the auto generated rule sourcing from corresponding }RDCL cube (auto created during application creation) be Commented (#) or removed to add the conditional rules.
3.What are the possible ramifications of commenting out the auto generated application security rule from }Cell Security cubes?

Thanks for your Time
Anubha

Posted: **Mon Feb 24, 2014 6:08 am**

Hi,

1. Yes
3. I think deleting the system-generated rule is not a good idea

Hope this will help: http://www-01.ibm.com/support/docview.w ... wg21651554

Posted: **Mon Feb 24, 2014 1:15 pm**

Hi,

When you include a cube in a Contributor application, and no cell security cube existed before, it will automatically generate a new cell security cube with the approval dimension, the control dimension (if you have one) and the }Groups dimension. If you stop the server, delete the cell security cube, restart the server, you can create your own cell security cube with more dimensions.

But any time you re-deploy the application, it will add the auto generated rule which I wouldn't recommend removing as it caters for Contributor security. But at the same time you can also have your own rules in the cell security cube and you can hve more than just 2-3 dimensions. For example your approval hierarchy is cost centers but at the same time you want to apply some cell security to time and scenarios and gl accounts.

From the linke above:

If a cell security cube already exists for a given cube deployed in the TM1 Application, then the following action is taken:

- If the existing cell security cube had a rule applied, then the full dimensionality of the cell security cube will be retained, along with the existing rules. The TM1 Application Server will insert a new rule to enforce the application Rights at the top of the rule string for the cell security cube.

This requires some maintenance because every time you deploy the application, it may overwrite the order of the rules in the cell security cube but still it can work.

I really recommend reading the quoted link on the IBM site, it is really useful.

Posted: **Tue Feb 25, 2014 6:53 am**

Thank you Guys for sharing knowledge & your valued expertise on this thread. Really appreciated. We are figuring out the right balance between Cell & Element security to ensure that the auto generated rules are not touched - however supplementing to the auto security would be the best approach..

Thanks again.

Anubha

TM1 Forum

TM1 10.2 - }Cell security Auto generated Rules

TM1 10.2 - }Cell security Auto generated Rules

Re: TM1 10.2 - }Cell security Auto generated Rules

Re: TM1 10.2 - }Cell security Auto generated Rules

Re: TM1 10.2 - }Cell security Auto generated Rules