TI upload process that abides by user security model
Posted: Tue Apr 12, 2016 1:42 pm
Hi guys,
I have a TI that uploads cost centre planning info from a flat file (.csv) and all is working well. I have implemented a cost centre security model in the following way:
CCTR1 with its ten children can be seen by security group CCTR_1
CCTR2 with its twenty children can be seen by security group CCTR_2
etc.
This is controlled via a control cube security rule.
I have 5 security groups that give access to the different top level cost centre consolidators and their respective child cost centres.
When I use ordinary websheets the security model is adhered to: a user can only see and plan on his cost centres based on the security groups that he is a member of. The issue I'm dealing with is that when a user uploads data from a flat file this security model is not adhered to as the TI runs as an admin and the admin has access to all cost centres. How would I test in the data tab for each record, if the user has access to the cost centre in the flat file then they can load data against it or reject it if they don't have access to it?
If this is still unclear I can provide additional info but I'm just after some examples of how security would be tested in an upload TI.
Many thanks.
I have a TI that uploads cost centre planning info from a flat file (.csv) and all is working well. I have implemented a cost centre security model in the following way:
CCTR1 with its ten children can be seen by security group CCTR_1
CCTR2 with its twenty children can be seen by security group CCTR_2
etc.
This is controlled via a control cube security rule.
I have 5 security groups that give access to the different top level cost centre consolidators and their respective child cost centres.
When I use ordinary websheets the security model is adhered to: a user can only see and plan on his cost centres based on the security groups that he is a member of. The issue I'm dealing with is that when a user uploads data from a flat file this security model is not adhered to as the TI runs as an admin and the admin has access to all cost centres. How would I test in the data tab for each record, if the user has access to the cost centre in the flat file then they can load data against it or reject it if they don't have access to it?
If this is still unclear I can provide additional info but I'm just after some examples of how security would be tested in an upload TI.
Many thanks.