TM1 Forum

HI gurus ,

Could anyone clarify the scenario when a user is assigned to multiple groups ?

I alwasys assume TM1 would use the access from the group with the highest security cleareance if a user has been assigned to more than 2 groups . But it seems I am wrong .

I have the scenario where a user is assigned to both a "WRITE" group and a "READ" group ,the user would only have read access . If I assign the user to "WRITE" group only , he would have write access to the data .

much appreciate your replies .

Cheers

hyunjia wrote:
Could anyone clarify the scenario when a user is assigned to multiple groups ?

I alwasys assume TM1 would use the access from the group with the highest security cleareance if a user has been assigned to more than 2 groups . But it seems I am wrong .

I have the scenario where a user is assigned to both a "WRITE" group and a "READ" group ,the user would only have read access . If I assign the user to "WRITE" group only , he would have write access to the data .

The least restrictive access applies when you're applying security from different groups to the same object. (A specific cube, dimension, element, etc.) If any group gives you write access to that object, you have write access to it regardless of whether other groups give you a lesser access.

The most restrictive access applies when you're looking vertically down the object hierarchy. (In other words, if you have only read access to a cube then it doesn't matter whether another group gives you write access to the elements; you cannot write to that cube, period.)

See this thread for a more wide-ranging discussion.

Thanks Alan , the post is very helpful .