TM1 Forum

I’m having trouble setting up security properly in CE (loosely realated to http://www.tm1forum.com/viewtopic.php?p=25301)

We have TM1 9.1.4 and EV and I'm trying to get this up and running in CE as easily as possible.

I see that if I want to just use Xcelerator then an IntegratedSecurityMode setting of 1 or 2 should be set.
As per these links:
http://publib.boulder.ibm.com/infocente ... N0437.html
and
https://www-304.ibm.com/support/docview ... s=swgimgmt

However doing this means that TM1 security works fine but Advisor and Reporter does not connect to the TM1 data using the CAM method.

I tried setting IntegratedSecurityMode to 4.
As per this IBM document that explains the limitation: https://www-304.ibm.com/support/docview ... 5257&aid=1 (anyone else find this doc a little confusing?)
I can then create users in Cognos and those users then appear in the TM1 sever explorer. I can also create groups that appear in the server explorer. But if a user is a CAM user and not a TM1 user they cannot read from cubes unless they are in the TM1 administration group ADMIN.
Obviously I don’t want to give all my users access to this.
I tired giving my new CAM group access to read from a cube but unfortunately we have element level security so the user would get errors when trying to open a cube.
Has anyone got security in CE to work with existing TM1 security or does this require a complete rebuild? If so how do you manage security within a cube using the CAM model?

My cfg file is below: On a similar note has anyone been able to get the N_CONNECT macro to work with Cognos Express CAM security?

On a similar note has anyone been able to get the N_CONNECT macro to work with Cognos Express CAM security?

When using CAM Security (-> IntegratedSecurityMode=[4|5]) you cannot use the N_CONNECT macro, see for instance the TM1 9.5.2 Reference Guide ->


http://publib.boulder.ibm.com/infocente ... f_NConnect
TM1 9.5.2 Reference Guide
TM1 Macro Functions > Accessing Macro Functions >
N_CONNECT

[...]

Note: The N_CONNECT function is not supported when a server is using Integrated Login or IBM® Cognos® 8 security for authentication. This function can only connect to a server that is configured to use standard TM1 authentication.


When using CAM Security, instead of the macro N_CONNECT you have to use some TM1 VB API code to connect to a TM1 server instance, see for instance in this forum the thread ->

http://www.tm1forum.com/viewtopic.php?p=15270
Xcelerator VBA API CAM Server Connect

Thanks to a suggestion from jstrygner (Jaroslaw)
I have setup CE with IntegratedSecurityMode=5.

This means I have to have a CE cam group and a TM1 group for each security group in CE. However in testing so far it seems to mean that the other security setup works.

Although all users must now be cam users.

I could be wrong but my experience so far doesn't seem to match with the IBM doc.