Monthly Poll 202105 - What's your security mode poison?

Post Reply

What's your preferred security mode?

Poll ended at Mon May 31, 2021 6:20 am

1 Standard TM1 Security. I'm a traditionalist.
5
26%
2 I like to swing both ways; integrated and native TM1 security for me.
0
No votes
3 Integrated login; I can't be bothered resetting passwords.
0
No votes
4 Cognos Analytics for me.
2
11%
5 Cognos Analytics for both TM1 and Cognos Analytics users
6
32%
6 Standard on some servers, integrated login on others.
3
16%
7 Standard on some servers, Cognos Analytics on others.
2
11%
8 Integrated login on some, Cognos Analytics on others. (Seriously?)
1
5%
9 Something I've missed, note it in the comments below.
0
No votes
 
Total votes: 19

User avatar
Alan Kirk
Site Admin
Posts: 6606
Joined: Sun May 11, 2008 2:30 am
OLAP Product: TM1
Version: PA2.0.9.18 Classic NO PAW!
Excel Version: 2013 and Office 365
Location: Sydney, Australia
Contact:

Monthly Poll 202105 - What's your security mode poison?

Post by Alan Kirk »

Remember when we used to have these so that even the lurkers could have a little interactivity? I just realised that it has been years rather than months since we've had one, so let's see whether there is still an appetite for them. Let's start with an easy one. This far down the track, are people still holding on to the original security model? Or does integrated login rock your world? Or have you needed to go the CAM route?

As always in the polls, feel free to argue your case for one mode over another in the comments below if you choose to.

The poll closes at the end of May. You can have a change of heart if you become converted to another cause in the meantime.
User avatar
gtonkin
MVP
Posts: 1192
Joined: Thu May 06, 2010 3:03 pm
OLAP Product: TM1
Version: Latest and greatest
Excel Version: Office 365 64-bit
Location: JHB, South Africa
Contact:

Re: Monthly Poll 202105 - What's your security mode poison?

Post by gtonkin »

More options than you can shake a stick at!

For me as a consultant, the answer is "It depends..."

For offsite development, we use mode 1 or 2.

Mostly in production we use mode 3 as clients integrate with AD.
Due to the price point of PA, only larger clients purchase PA and they are the clients who have an IT department that have policies to be followed.
I cannot actually think of any clients who use TM1 security unless we are in early stages of POC/Dev or need to switch to test security.

And strangely enough, never needed to deploy CAM either - clients have never had or wanted CA.
The exception is obviously now Cloud instances where security is CAM/federated.
User avatar
scrumthing
Posts: 81
Joined: Tue Jan 26, 2016 4:18 pm
OLAP Product: TM1
Version: 11.x
Excel Version: MS365

Re: Monthly Poll 202105 - What's your security mode poison?

Post by scrumthing »

You triggered me here Alan. Authentication is such a painful experience...

We have to rely on native authentication because neither integrated login nor CAM provide the needed functionality.

We have to have a single CAM server for multiple internal clients where one user has access to databases from different clients and user management is decentralized. That will never work with CAM.

So we thought let us try Kerberos and integrated login. But here IBM needs unconstrained delegation rights (in TM1Web/PASSL) and that is something every decent it department will never allow. Therefore no Kerberos for us.

So we are stuck with either NTLM, which will not properly work if you plan to separate application layer and database layer and which is more unsecure compared to Kerberos.

In the end we stayed with native authentication for now. At the moment we are looking into OpenID and TM1 v12...
There is no OLAP database besides TM1!
declanr
MVP
Posts: 1815
Joined: Mon Dec 05, 2011 11:51 am
OLAP Product: Cognos TM1
Version: PA2.0 and most of the old ones
Excel Version: All of em
Location: Manchester, United Kingdom
Contact:

Re: Monthly Poll 202105 - What's your security mode poison?

Post by declanr »

My recommendation is usually CAM authentication for full SSO compatibility with all interfaces and it gets hooked up to AD.
But just 1 or 2 CAM groups per TM1 instance that give basic access.

Then once the users are authenticated in TM1 we have internal mode 1 groups that assign the actual user access to TM1 objects.

It means that you can break out the responsibilities:
- IT department control who can use TM1
- Super Users/Business Owners control what they can do with it

I've also often ended up with security requirements where for example a new Country that a company operates in may crop up out of the blue and I don't want to have to wait to get a new AD group added to handle it.

Prior to PAW/PAX though I always went mode 2 or 3... can't actually remember which 1 is which any more.

The first company I worked at used mode 1 and looking at the control cubes the passwords were obviously encrypted but I could still tell 90% of users had the same password...
Declan Rodger
User avatar
Steve Rowe
Site Admin
Posts: 2410
Joined: Wed May 14, 2008 4:25 pm
OLAP Product: TM1
Version: TM1 v6,v7,v8,v9,v10,v11+PAW
Excel Version: Nearly all of them

Re: Monthly Poll 202105 - What's your security mode poison?

Post by Steve Rowe »

Also triggered! I could rant but I've spent all afternoon wrestling with a total bizarre feeder / persistant feeder issue that I'm going to go have a beer instead.

Deleted the rant I was drifting nto anyway! Have a good w/e everyone, stay safe.
Technical Director
www.infocat.co.uk
TJMurphy
Posts: 74
Joined: Mon May 12, 2008 12:25 pm
OLAP Product: TM1
Version: PA 2.0.6 Local
Excel Version: Excel 2016

Re: Monthly Poll 202105 - What's your security mode poison?

Post by TJMurphy »

Would love to make some form of SSO to work but our IT folks guard the knowledge about how to integrate with it like the secret of life. Currently trying again with using PAW to let us move to PafE -- that's proving to be a whole other set of fun. Had SSO working within Perspectives but only in one location and of course that approach doesn't work for TM1 Web.
User avatar
Alan Kirk
Site Admin
Posts: 6606
Joined: Sun May 11, 2008 2:30 am
OLAP Product: TM1
Version: PA2.0.9.18 Classic NO PAW!
Excel Version: 2013 and Office 365
Location: Sydney, Australia
Contact:

Re: Monthly Poll 202105 - What's your security mode poison?

Post by Alan Kirk »

Steve Rowe wrote: Fri Apr 23, 2021 5:28 pm Also triggered! I could rant but I've spent all afternoon wrestling with a total bizarre feeder / persistant feeder issue that I'm going to go have a beer instead.

Deleted the rant I was drifting nto anyway! Have a good w/e everyone, stay safe.
That's a pity; I love me a good rant when the rant is justified. Scrumthing's was epic. There's still another month though, so if the trigger is pulled again...
"To them, equipment failure is terrifying. To me, it’s 'Tuesday.' "
-----------
Before posting, please check the documentation, the FAQ, the Search function and FOR THE LOVE OF GLUB the Request Guidelines.
Post Reply