TM1 Forum

I know the answer is probably no, but i have to ask since it is becoming a serious pain for me. Is there anyway that you can have TM1 reload just one section of security?

I have a process that they users can build their own consolidations outside of the normal hierarchy, but if they were to add a new member to the hierarchy they cannot see it until a security refresh occurs. With using TM1 web this is causing timeouts. I prefer to not extend the timeout, since I was hoping that i could find another solution to the problem.

Is there anything that can be done beyond a full system security refresh?

Try at the end of your TI

Sorry I was not very clear

I currently have the securityrefresh command in the epilog of the tab of the TI, but with this at the end of the process it can take a while to complete since it is refreshing all my security rules. This is causing issues with user response time while the process is running and in the web it has been causing timeout issues. The changes that are occurring are only to one dimension, so I was wondering if there was a way to force only the security of that one dimension to update and not have to lock up the system for 30 to 40 seconds. It does not sound like much, but to a user who is trying to access something that normally takes two or three seconds this is an issue if it is occurring throughout the day.

Short answer is no. A security refresh is all or nothing.

Maybe you could consider an "almost real time" solution where you have say for example 2 "batch processing" windows throughout the day and you append the security refresh at the end of these processes. If users add elements to their specific hierarchies then they might not see them immediately but if they were added at 10am and knew that they would be available from 12pm would that be acceptable?

If your change applies only to one user you can ask that user to log in and out. That's generally how I do it, as SecurityRefresh takes a long time even in a small model.

Martin

It sounds like you are using rules to drive your security, or you would not need a security refresh?

Try putting your rule logic in another (string) cube. TI the results of this into the security cube to update it, you should be able to control the amount of the security you update fairly easily.
No rule driven security=no requirement for security refresh?
Unless TM1Web needs security refresh to update any type of security?
Just an idea.
HTH
Cheers,

I'm pretty sure it does need a refresh (at least for users already logged in), not got time to test right now tho. I do know from my own models that rules to generate security are the wrong way to approach it. Its so much slower to refresh security i wrote a suite of TIs to do the same job. The TIs were far more complex to write than the rules, but the impact was substantial. We went from a 20 min+ refresh down to 2s including running the TIs as well

Thanks for the ideas. I was already planning to streamline the security in the near future since they have changed directions as the product has evolved and the rules needed to be cleaned through. I will definitely look into the TI route. I would rather invest the time up front then deal with users complaining when they are trying to access a tempalte when someone has kicked off the security refresh.

Steve Vincent wrote: ... rules to generate security are the wrong way to approach it. Its so much slower to refresh security i wrote a suite of TIs to do the same job. The TIs were far more complex to write than the rules, but the impact was substantial. We went from a 20 min+ refresh down to 2s

I don't know if I'd agree with a blanket statement like that. Rules can often be a very good approach to security and have the added advantage of being "maintenance free." The 20 minute example seems extreme for a security refresh and in this case TI seems to have been the way to go but I've have models with over 1000 users, several hundred groups and over one hundred cubes where security was all driven by rules (albeit no cell security but plenty of element security) and security refresh was around 30 sec.

Sorry, i meant that in the context of if rules were making the security refresh take ages then TI would be the prefered route. Our issue was the manner in which the business required its security model, it had lots of "if this then but if that then" type code and it just wasn't rule friendly. The same code in TI and its over in a blink.