TM1 Forum

We are working on a project that brings very sensitive company information from database into TM1. There are good security restrictions in place in DB to control the access. Now we are tasked to maintain that in TM1.

We have done all the goodies in TM1 - cube security, element level security to control who sees and what. What do we need to do outside of TM1? I'd like to know steps you have implemented to protect your data in TM1.

For ex - any object that we create ends up being a flat file on the server. The cube in our case - which has sensitive data in it, will have its own flat file. Data of the cube is not encoded/envrypted, it is plain text with ascii characters for delimitation. Any sysadmin on the server, who is not a TM1 user, can open the share and read/copy contents of any file. Is there a way to prevent it?

Thank you.

If you're already satisfied with your security model within TM1 itself, then this isn't really a TM1 question. Securing data saved to the file system just becomes a generic file security question better covered elsewhere. [..]

Edit: sorry, didn't read your post properly. In any case, I think it would be pretty tough to prevent determinedly dastardly sysadmins from getting their hands on the data. I guess you could implement a "breakglass" policy whereby certain access is only granted when necessary but ultimately, someone, somewhere, needs to be all powerful.

Thanks for responding. Yes you are right; we cannot do anything to a determined sysadmin.

What I was looking for, is an approach to protecting data. I was hoping folks out here have worked on bringing sensitive data (company, employee related etc) into TM1. In doing so what precautions did they take to protect data? Cube/Dimension/Element security is one thing, that protects data inside of TM1. Can we somehow protect it outside of TM1, if at all this is possible?

.cub file created by TM1 is 90% readable in a notepad editor. In designing a secure application system, this behavior came out as rather unexpected for us! Is it possible to encrypt the contents of .cub and .dim files? Has anyone done it? How was application response.

In Cognos planning world, data contributed by owners is stored in a column that is encoded in XML. It is cryptic with 128 bit guids and not easily readable. In addition, in sql server it is possible to lock out a sysadmin from accessing DB. So there is provision for an extended security in planning. We are able to do a whole lot more in TM1 than planning; however from data governance, TM1 is seeming to come up tad short; at least, based on our knowledge.

I am by no means a windows expert. But, securing a share where TM1 files reside and keeping fingers crossed that a sysadmin won't do anything, feels risky. In bigger organizations there are more windows admins than sql admins => more risk!

Sachin,

I gather you are just trying to find a way of encrypting the data within .cub files etc so that it can't be read when opened in notepad etc.

If that is the case I think you will struggle since TM1 constantly needs to be able to access that .cub file in the format it expects.
Most companies restrict the data directory to very few users and that stops people being able to get to the files at all.

I suppose you could maybe do some form of protection yourself in side TM1 where the values held in cubes are "pointers" and when viewed in TM1 Web or Excel; pre-defined reports do a lookup of each "pointer" value to the actual corresponding number. But that seems like a lot of work for not much benefit and you would be stuck to only using pre-defined reports etc.

Plus the lookup would need to be held somewhere else in tm1 so if someone was truly determined they could "break" your code.

I would just go with giving as few users as possible access to the directory, like asutcliffe pointed out there will always be some people who can access the data and would hopefully be trusted before getting into those positions.

I know that SAP deals with this. It breaks that data up so that it only becomes meaningful in views. As the last poster said you could something within TM1. Rule based values are not stored in cubes so if you seperate all your values (in a way that wouldn't make sense if you read the cube files) and bring them together using rules. This would make the final sensative data virtual. While somebody would still be able to piece things together if they knew what they were doing it would certainly stops casual browsing of the data. You could even use the rand function when loading the data. Store the rand number in a look up cube. When loading the data in to your main data cube multiply it by the random number, then add a rule to the cube so the final result is the loaded number divided by the look up random number,

Jim.