Page 1 of 1
Tm1 Security Implementation based on Flag status
Posted: Thu Oct 27, 2011 12:14 pm
by anoops81
Hi All ,
We have a requirement that when a particular group members enters some values in some fields , then after data entry those fields should become "read only" for them. Only members of other group should be able to edit those fields.
We tried to implement it with a Flag_ measure. When Flag is set to YES then all those measures should become "read" else "write". We tried to implement it through a rule in }elementsecurity_cube for measure dimension.
Below is the rule which we used.
Code: Select all
['CAMID(":TM1_DebtForecasting_BI_users")',{'BI_Flag','Float Spread','MATURITY DATE OVERRIDE Rationale','MAXIMUM POTENTIAL EXIT FEE AMOUNT','FORECLOSURE REVENUE AMOUNT','FORECLOSURE EXPENSE AMOUNT','NET SALES PROCEEDS','FORECASTED IBNR','FORECASTED IMPAIRE
D','Floating Loans Rate in CAT Override','Margin % ANI','Weighted Margin','Yield Maintanence'} ] =s:
IF(DB('Debt_Forecasting', 'Hotels', 'All Index', 'Accounts', 'BSLA', 'Time_Period', 'Year', 'Scenario', 'Product', 'Entities', 'DTS', 'CORP_CODE', 'Currency', 'Reporting', 'BI_Flag')='Y', 'READ' , 'WRITE' );
Here the issue is that element security cube does not contain the dimensions of Debt_Forecasting cube and we are forced to use consolidations for missing dimensions. For Example "All index".
Since it is a rule for string [=S:] , including consilodation for missing dimensions is not working.
Could you please suggest any work around for this ?
Regards,
Anoop
Re: Tm1 Security Implementation based on Flag status
Posted: Thu Oct 27, 2011 12:26 pm
by tomok
I really don't know why you would attempt something like this BUT if you change your flag to a numeric one then your scheme should work. Instead of IF ='Y' use IF > 0. You realize, of course, that your users would have to run a TI process that issues a SecurityRefresh command in order for the security to change don't you.
Re: Tm1 Security Implementation based on Flag status
Posted: Thu Oct 27, 2011 1:07 pm
by anoops81
Hi Tomok,
We had tried with numeric Flag also, But when we change a flag to 1 , then the value is summed up to consolidation and the consolidation will hold the value of 1. So the rule will evaluate to "READ" at element security cube.
For example when we put 1 for the flag at leaf level for dim Account Dim , then at consolidation it is holding that 1 (getting summed up). So the element level security rule will evaluate to "READ" since we use consolidations for the cube rule
Code: Select all
IF(DB('Debt_Forecasting', 'Hotels', 'All Index', 'Accounts', 'BSLA', 'Time_Period', 'Year', 'Scenario', 'Product', 'Entities', 'DTS', 'CORP_CODE', 'Currency', 'Reporting', 'BI_Flag')=1, 'READ' , 'WRITE' );
We are using contributor for end users. So I think it is impossible to include a TI process button for end user in contributor , we were thinking to schedule a TI process which does the securityrefresh very frequently (once in 5 sec). Since we couldnt get through the above issue , security refresh is also pending .
Regards,
Anoop
Re: Tm1 Security Implementation based on Flag status
Posted: Thu Oct 27, 2011 1:26 pm
by lotsaram
If you use rule based element security then you need a security refresh. If you run a security refresh with high frequency then your model will be crippled.
In this case rule based cell security would be better to achieve your aims as no security refresh is needed.
Re: Tm1 Security Implementation based on Flag status
Posted: Thu Oct 27, 2011 1:33 pm
by anoops81
Hi Lotsaram ,
Sorry, I could'nt get you .
You mean to say that , if Rule based security is used then Security Refresh via TI process is not needed ? I need to test it properly .
Stuck with the first requirment
Regards,
Anoop
Re: Tm1 Security Implementation based on Flag status
Posted: Thu Oct 27, 2011 9:01 pm
by lotsaram
If element security is rule derived then a security refresh is required to "push" any changes into the security model.
On the other hand for rule based cell security no security refresh is needed as cell security is evaluated only in real time at each request. Therefore if you are using cell security the value of an input cell can change and instantaneously cause an update in another cell's ability to be written to without need for additional steps.
Re: Tm1 Security Implementation based on Flag status
Posted: Fri Oct 28, 2011 12:13 pm
by anoops81
Thanks Lotsaram. I got it.