TM1 Forum

Morning All,

I have a projects dimension in a forecasting cube where a single Project manager is assigned to each project (the n level element). We have around 80 PM's in the business and data needs to to be secured on a project level, i.e a single PM can only see their own projects.

As we can't set security at a user level at the moment there doesn't seem a away go get away from having to create a single group for each PM, then assigning that group to the elements in project dimension.

Does anyone have any further ideas on more inventive ways to tackle this?

Thanks

It's not that hard to write a TI which creates a group for each project manager, then assigns rights on (eg) name or attribute. Generally TM1's use of groups for security is efficient and flexible and (with the above) can cope with the use case you have.

Thanks David,

Do you believe this would work in a IBM cloud environment when the security mode is set to 5. I presume I would still be able to add TM1 groups to the model via that process as normal and assign those users.

I've done it on the shared partner cloud so I would suggest yes.

I suggest using Data Reservation in this case as it can be applied to a specific user.
Configuration made in }CubeProperties does enable it. The available Data Reservation modes you can use are listed here:

• Required (REQUIRED): disables write access for all users for the entire cube and requires you to explicitly assign Data Reservations for any user that needs to write to this cube.

• Allowed (ALLOWED): allows you to selectively restrict write access to an area of the cube by assigning Data Reservations to individual users as needed.

You should manage it via TI commands, so I suggest you create a security control cube and based on that you apply the commands:

• CubeDataReservationReleaseAll - clear all reservations

• CubeDataReservationAcquire - apply the reservations you want

It is hard at the beginning, but at the end, you can have a control cube to relate the users with the projects.