TM1 Forum

I am working on a project which requires TM1 workflow. I am trying to applied the cell-level sercurity to the working dimension according to the TM1 workflow user manual. However, when I used one assigned user to complete the data input and then submit it. The user still can make changes on data. That means such cell-level sercurity dose not work.

Is there anyone can help on this issue? Is it a bug of TM1 workflow? If the workflow cannot control the access, it cannot be a real process management tool....

"
Is there anyone can help on this issue? Is it a bug of TM1 workflow? If the workflow cannot control the access, it cannot be a real process management tool....
"
Indeed. TM1 Workflow is a potemkin Village
http://en.wikipedia.org/wiki/Potemkin_village
when it comes to actually doing anything useful. However, cell level security, in itself, works rather well. I tend to use it to open and close periods/versions for update, using a rule in the cell security cube, as TM1 locking isn't useful with two time dimensions.

I am working on a project which requires TM1 workflow. I am trying to applied the cell-level sercurity to the working dimension according to the TM1 workflow user manual. However, when I used one assigned user to complete the data input and then submit it. The user still can make changes on data. That means such cell-level sercurity dose not work.

Is there anyone can help on this issue? Is it a bug of TM1 workflow? If the workflow cannot control the access, it cannot be a real process management tool....

[Admin note: This is a copy of a question that's already been asked and answered; it's been merged into the thread of the previous question.]

Now i am trying to use TM1 rule for setting the cell level security. But in this approach, it seems that a status cube is required for indicating if the task is completed within the process. I also found a control for storing the status of the tasks. Unfortunately, this cube bases on client level instead of user group level. My current project will not include any api development. What i want to is that after submitting the task, corresponding cells are changed to read only for the users who submitted it. It would be grateful if someone has such experience on similar project can give me a hand. Many thanks.

To reiterate....
TM1 Workflow doesn't actually do anything. As you are finding (and as I found some years ago when it first came out) it is really quite hard to make it do something useful.
Have you found out yet that the cubes it builds to manage a submission are a) built anew for each cycle and b) have @ signs in the names, which can't be used in rules?
Unless you have promised someone it will work, stop now.

I had some time trying to work out how one could use Planning Manager. I even did two presentations showing it, because I was planning to use it later in a project assuming it could be usefull. But simple example on presentation does not equal something you can use in production.

Pure Planning Manager doesn't deal with security, but you can make it work by adding some own code in one of Planning Manager TI Processes (one of them is always called when a user does "Submit", "Approve", "Reject" and all those other actions). When you want to change security, you also need to remember to "check" this process as one that can change security (do not remember what was the name of this process parameter, you'll find it under right click menu of a process).

Anyway after few tests on what particular processes do and how I could make them do, what I want them to do I decided I will build my own workflow from the beginning using own dimensions, cubes and processes. I always did that and I think I still will.

Maybe I am wrong. I wasn't trained in Planning Manager, my whole knowledge is this manual attached in installation (which was not clear for me in many areas, but English is not my native, so maybe here was a part of a problem) and own experiments.

Sorry, if such opinion ruins your plans :/

David Usherwood wrote:To reiterate....
TM1 Workflow doesn't actually do anything. As you are finding (and as I found some years ago when it first came out) it is really quite hard to make it do something useful.
Have you found out yet that the cubes it builds to manage a submission are a) built anew for each cycle and b) have @ signs in the names, which can't be used in rules?
Unless you have promised someone it will work, stop now.

Actually I have to figure out a route to control this. What I have to make is that: user A complete the data input in his task then submit to user for review and approve. After submission, user A should have only read authority to the submitted data. Then user B will review the data and then approve.

I understand that I can use TI to set the permission for the users. However, in such approach, I have to incorporate this TI to the workflow. I wonder if there is anything I can do by TM1 rules so that the permission can be set correctly after submission...

kempzhong wrote:

David Usherwood wrote:To reiterate....
TM1 Workflow doesn't actually do anything. As you are finding (and as I found some years ago when it first came out) it is really quite hard to make it do something useful.
Have you found out yet that the cubes it builds to manage a submission are a) built anew for each cycle and b) have @ signs in the names, which can't be used in rules?
Unless you have promised someone it will work, stop now.

Actually I have to figure out a route to control this. What I have to make is that: user A complete the data input in his task then submit to user for review and approve. After submission, user A should have only read authority to the submitted data. Then user B will review the data and then approve.

I understand that I can use TI to set the permission for the users. However, in such approach, I have to incorporate this TI to the workflow. I wonder if there is anything I can do by TM1 rules so that the permission can be set correctly after submission...

Take a look at Martin's suggestion in this thread:
http://forums.olapforums.com/viewtopic. ... 7428#p7428

It may do what you want.

kempzhong wrote:I am working on a project which requires TM1 workflow. I am trying to applied the cell-level sercurity to the working dimension according to the TM1 workflow user manual. However, when I used one assigned user to complete the data input and then submit it. The user still can make changes on data. That means such cell-level sercurity dose not work.

Is there anyone can help on this issue? Is it a bug of TM1 workflow? If the workflow cannot control the access, it cannot be a real process management tool....

I have met the same problem and at loss.

Maybe we need the aid of TI process.

Good luck

TM1 workflow can be quite a pain to work with but personally I wouldn't be as down on it as David. Yes out of the box it really is nothing more than a navigation aid, however you can make it do all sorts of useful stuff like triggering TI processes or setting cell or element security for example. I have set this up a couple of times and it works a treat. You can use TI or rules - using the @ symbol as the separator/delimiter in workflow object names was a monumentally bad piece of design but you can enclose the dimension names in single quotes to get around this. (this workaround might be broken in some versions I have always gone the TI route to be safe.)

However the requirement for security to change ONLY for the user with the workflow status change simply isn't possible unless you have a separate group for each client. My advice here would be to advise the customer that TM1 security is group based and simply won't work the way you describe. IMO this would defeat the purpose of workflow for say a budgeting process anyway. If an authorised user has closed the budget for a cost center then it should be closed for all users.

One last piece of advice, the admin interface for creating workflow is extremely manual and slow, for all but the smallest workflow dimension you will be much better off developing some custom TI to build the workflow! Otherwise you will find administrators dropping like flies from sheer frustration.

lotsaram wrote:TM1 workflow can be quite a pain to work with but personally I wouldn't be as down on it as David. Yes out of the box it really is nothing more than a navigation aid, however you can make it do all sorts of useful stuff like triggering TI processes or setting cell or element security for example. I have set this up a couple of times and it works a treat. You can use TI or rules - using the @ symbol as the separator/delimiter in workflow object names was a monumentally bad piece of design but you can enclose the dimension names in single quotes to get around this. (this workaround might be broken in some versions I have always gone the TI route to be safe.)

However the requirement for security to change ONLY for the user with the workflow status change simply isn't possible unless you have a separate group for each client. My advice here would be to advise the customer that TM1 security is group based and simply won't work the way you describe. IMO this would defeat the purpose of workflow for say a budgeting process anyway. If an authorised user has closed the budget for a cost center then it should be closed for all users.

One last piece of advice, the admin interface for creating workflow is extremely manual and slow, for all but the smallest workflow dimension you will be much better off developing some custom TI to build the workflow! Otherwise you will find administrators dropping like flies from sheer frustration.

Thanks for your advice. However, I tried to invoke a TI process when performing submit action. I just type the TI process name into the task attributes. But it doesn't work. As I am very green to the TM1 workflow. Would you please share more about how to build a workflow which can invoke a TI when submitting. Many thanks in advance.

If that's your level of TM1 skill then you might be better off getting assistance from someone who is expert in TM1 and who has preferably some experience with workflow. A workflow task object is typically an application folder websheet, if you want to run a parametised process then the easiest way is to run the process from an action button in the sheet. If you want to run the process automatically when "submit" is selected from the task dropdown this requires the code in the workflow TI itself to be edited.

lotsaram wrote:If that's your level of TM1 skill then you might be better off getting assistance from someone who is expert in TM1 and who has preferably some experience with workflow. A workflow task object is typically an application folder websheet, if you want to run a parametised process then the easiest way is to run the process from an action button in the sheet. If you want to run the process automatically when "submit" is selected from the task dropdown this requires the code in the workflow TI itself to be edited.

I understand a TI can be invoked by an action button. However, my user want to be navigated to a view rather than a worksheet.... He said the view looks better than worksheet... You said i can run the process automatically by submitting but coding is required. Is there some TI process for the submitting action? This TI is prepared when the workflow is built? I need to modify this TI?

Actually I have worked on TM1 for 4 years. I have experience on API and VBA development. But my current project dose not include any API and makes use of workflow. I have not any experience on TM1 workflow. The TM1 workflow manual is all my knowledge of workflow and I would like to say the manual tells nothing about how to build a useful workflow.

kempzhong wrote:my user want to be navigated to a view rather than a worksheet.... He said the view looks better than worksheet...

If that is the case then there perhaps is something wrong with your worksheet design! Yes a plain vanilla slice or active form is not that attractive, but there is no reason for a worksheet to be a plain vanilla slice and indeed in a finished application this should never happen. Is this not just a case of some additional Excel beautification effort? If the preference is for a view due to the ability to pivot dimensions and actually change the view then that would be valid (but questionable for a "workflow task" where preset configuration of a view would be expected.) You can also navigate to a URL with workflow in 9.4 so it is possible to embed a TM1 web view and websheet as frames within a larger page...

kempzhong wrote:You said i can run the process automatically by submitting but coding is required. Is there some TI process for the submitting action? This TI is prepared when the workflow is built? I need to modify this TI?

Yes that's right, sort of. Workflow runs on many hidden processes which are prefixed with "}sm_". When the workflow is built, workflow dimensions and cubes are created. The processes exist independently of the actual workflow objects and are created when workflow is installed on the directory. There are many workflow processes, the easiest way to identify the process you would need to edit is to change a workflow status from the task drop-down and look at the server message log for the name of the process run at that time, then you can insert additional code into the process.

kempzhong wrote:Actually I have worked on TM1 for 4 years. I have experience on API and VBA development. But my current project dose not include any API and makes use of workflow. I have not any experience on TM1 workflow. The TM1 workflow manual is all my knowledge of workflow and I would like to say the manual tells nothing about how to build a useful workflow.

True the manual does not give much away in terms of building a useful workflow. Unfortunately your previous experience with external programmatic interaction with TM1 may not count for much when it comes to "actual TM1 development" with rules and TI which is where you now need to come up to speed.