TM1 Forum

Hello Everyone

I updated a security for the version dimension and Element security cube for version dimension created.
I applied rule for element security cube for version dimension. I opened the cube and see the security values applied correctly for each groups.
I did security refresh.

However, Non-Admin users are not able to see elements inside the dimension.

Rule attached to cube:
[]= S:IF( SCAN('BU', ATTRS('}Groups', !}Groups, '}TM1_DefaultDisplayValue')) > 0,
IF( ELISANC('Version', 'Archived Fcst', !Version)=1 %
ELISANC('Version', 'Actual v Prior Fcst %', !Version)=1 %
!Version@='Actual' %
!Version@='Archived Fcst' %
!Version@='Budget_Final'
,'READ','NONE'
),
'WRITE'
);

*** }ElementSecurity_Version cube has correct values for BU and non-BU groups after applying this rule.

TM1 PA Local Version: TM1_version=TM1-AW64-ML-RTM-11.0.93.28-0

This looks strange to me. Please Advise.

Thank You
Dharav

After updating the security rules you should run the a security refresh available off the right click menu on the server in architect / perspectives or running the TI command https://www.ibm.com/docs/en/planning-an ... ityrefresh

Hi,

He said he did a security refresh. I presume this was after updating the security.

If he did do a security refresh as he states, then I would check to see if there is any Dimension security in place.

So, is there a }DimensionSecurity cube and if so what security is applied to the version dimension.

If this looks ok then we need to see an image of the dimension, along with any other relevant details.

Maren

Do the users look in the Subset Editor or the cube viewer ? Or similar tools when using PAW/PAX.

@Wim@marenC@steve:

1) Dimension security is good that’s why user is able to see dimension
2) User checked in PAX & PAW. I also check with impersonate feature in Arc for different users
3) We have this dimension in place since 4 years.

*** I create a rule on Admin DBA and feed Admin DBA rule. I placed rule headers for string and it works. This is work around.
Rule should work without rule header and without any feeder.

In short , we have to place Feedstrings in header and just feed any rule from the whole rule book and same rule worked.

Incase anyone is interest to debug further then I can provide dummy object files and sample rule file for your reference.

Thank You
Dharav

Hi,

This looks like PrivilegeGenerationOptimization is turned on in tm1s.cfg. Is it?

Elessar wrote: ↑Mon Oct 04, 2021 7:00 am Hi,

This looks like PrivilegeGenerationOptimization is turned on in tm1s.cfg. Is it?

Exactly the question I was going to ask! https://www.ibm.com/docs/en/planning-an ... timization

My advice woudl be to set this to F or remove from the config file. It is not needed for element security (and really not needed for cell secutity either).

@Elessar@lotsaram:

You guys nailed it. It was turn on in the CFG file.

Thank You Guys
Dharav

dharav9 wrote: ↑Mon Oct 04, 2021 4:26 pm @Elessar@lotsaram:

You guys nailed it. It was turn on in the CFG file.

Thank You Guys
Dharav

The person that inserted this property in the TM1s.cfg file, didn’t he or she know anymore ?

Allegedly a quick change to a configuration parameter just cost "someone" $7Bn... Best to know the impact before tweaking.