TM1 Forum

Discussing all things TM1, Planning Analytics, PAx and PAW
https://www.tm1forum.com/

TI process nullifies all acess rights

https://www.tm1forum.com/viewtopic.php?t=896

Page 1 of 1

TI process nullifies all acess rights

Posted: Thu Apr 02, 2009 3:07 pm
by harrytm1
Hi folks,
I'm new to TM1. Currently using version 9.4MR1.

We built this TI process that allows users to import data into a cube. The intention is to allow them to run this process only for entities that they have access assigned to. These entities are essentially elements in one of the dimensions of the cube.

However, I noticed that even if I have set User A to have Write access to Entity X only, he can still run the TI process and write into Entity Y.

The only time that the Security Assignment works is in a Cube View when the cells are grey out if Entity Y is Read access for User A only.

Does it mean that TI Process is effectively behaving like a Super Admin? We also tried using cube security rules but it still cannot prevent data writing to elements that the user is not supposed to have access.

Please advice. Thanks!

Re: TI process nullifies all acess rights

Posted: Thu Apr 02, 2009 3:22 pm
by George Regateiro
Processes run as admin so security will not apply. One option is to use the tm1user function to pass in whoever is running process and before writing, read what their access is to the element and process accordingly.

There are other options also just depends on the specifics of the situation

Re: TI process nullifies all acess rights

Posted: Thu Apr 02, 2009 3:38 pm
by harrytm1
Thanks, George!

You mentioned passing in the user function... how can this be done? Can you provide an example?

Re: TI process nullifies all acess rights

Posted: Thu Apr 02, 2009 5:19 pm
by David Usherwood
From the 9.1 online help

TM1User
This is a TM1 worksheet function, valid only in worksheets.
The TM1User worksheet function returns the user name of the current TM1 user.
If the current TM1 user is not connected to a server, or if the specified server is not running, TM1User returns an empty string.
Syntax
TM1User("ServerName")
Arguments
ServerName

The name of the server to which the TM1 user is connected.
Example
TM1User("SData")
If a user named BrianT is logged in to the SData server, the above example returns BrianT.

I dealt with this in a slightly different way recently. Users selected the entity they wanted to process from a picklist populated from TM1, which is only populated by the entities they can see. This is passed as a parameter to the TI job, which now knows what it ought to update. What happens after that depends on the content you want to process. In our case, we had a set of files organised by entity (n level or parent) with a well enforced naming convention. Seemed sound enough to me.

Re: TI process nullifies all acess rights

Posted: Fri Apr 03, 2009 3:09 am
by harrytm1
thanks fellas! will give it a go.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited