TM1 Forum

Discussing all things TM1, Planning Analytics, PAx and PAW
https://www.tm1forum.com/

Managing user rights

https://www.tm1forum.com/viewtopic.php?t=12598

Page 1 of 1

Managing user rights

Posted: Thu Jun 30, 2016 7:50 am
by LJU
Hello,

I didn´t find a related topic but I´m sure that I´m not a first one who faced with the following issue. We have two environments - DEV & PROD and we use AD authentication. From time to time we face with the issue when a user doesn´t see application or can´t edit data etc. All these issues are related to the user rights.
I have 5 test users who are saved in LDAP and I need to set up an each user individually according to the user who reported a problem. You can imagine how difficult it is.

Product: Cognos BI 10.2, TM1 10.2.2 FP4

Do you have some reccomendations in this case?

Thanks for help

LJU

Re: Managing user rights

Posted: Thu Jun 30, 2016 1:01 pm
by tomok
There are no shortcuts for assigning user rights to objects in TM1. If your security model was designed properly it was done with the concept of "roles" whereby rights are designed to roles in the organization. This way all you have to do is assign new users to their respective roles which should take only a few seconds or minutes, depending on how many roles they have.

Re: Managing user rights

Posted: Thu Jun 30, 2016 9:27 pm
by jwilkins
I'm a software engineer at Motio and we're currently working on a feature for our TM1 admin tool that could be helpful. The goal was to make debugging security issues as easy as possible. The feature is currently in beta but if you want to give it a spin and see if it helps, send me a PM and I'll get you a beta key.

There are some other good 3rd party tools out there, some of which include improved views of security. I'm not sure how much they help in debugging a specific issue, but they may be worth a look.

If you don't want to go with a 3rd party solution, Tom is right. It's all about starting out with a very well designed system and sticking to it. I'd just add that you probably want to document your roles and the types of access they should have so you don't end up with ambiguously defined roles.

Re: Managing user rights

Posted: Fri Jul 01, 2016 7:39 am
by Elessar
1. Login as a test user to TM1 (login to perspectives, open .../pmpsvc, etc). The rights in }clientgroups cube will be filled from Cognos user-groups assignment
2. Open new architect, login as admin. Open }Clientgroups cube, ZeroOut everything in "Tetsuser" column, copy everything from a problem user to the test user.
3. By test user refresh the page. No RefreshSecurity is needed
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited