TM1 Forum

Hello! Can u help me
If Client has access in two groups. Еach these group separately has access to different cubes. Is it possible in a single application (for the two nodes in the approval hierarchy) to allow access to these cubes separately?
for example:
client Ivanov has access to the group and group_Income and group_Expenses
approval hierarchy:
c PnL
n - Income
n - Expenses

Each group has a separate access to the cubes: cube_Income and cube_Expenses respectively.

If client will enter in each of these nodes, he can see each view: view of cube_Income and view of cube_Expenses (in one application).

Client rights are divided into 2 groups, because the user is responsible for entering income and expenses, but he is checked by two people - income and expenses separately.

how to organize security in this case?
Is threre a way to show for one client other views in other nodes he entered? Or Is there another way to resolve this problem.

Now, in my oppinion, the only one way - cell security. but if I use cell security, client
whatever can see two views in two nodes, but can write only by cell security access.


Thx!
sorry my english:)

Can anybody help me?

Or Can anybody say what's wrong in my topic?

Your post is very confusing. For a start it is a Contributor question first and fore most. You might want to change your title. Also your question is a little confusing. It doesn't look like English is your first language so I can understand your difficulties but if you could try to explain what you mean in more detail it may help,

Jim.

yep, english isn't my native language.


I have some problem with secutity.
Situation:
One user is in two client groups (group_A and group_B).
Each of these groups has (another) rights (for example write) to two different cubes separately (for example cube_A and cube_B).
There are two nodes (node_A and node_b) in the approval hierarhy for this user.

I want that when user enter in one node (for example in node_a) he should see only views of one cube (views of cube_A).
But this user rights consists of rights two groups. Thats why user can see all views both cubes.

I can not megre two nodes in single one, because two persons controls (reviews) these nodes separately in one application.
These nodes are in two consolidations separately. For example, node_a is in consolidation element cons_node_1, node_b is in cons_node_2.

i hope my english became more understandble.)

ps yep first post english is terrible), cause i used a lot google translations.
thnx for your replies!

The question is still relevant

Hey There,

I think I'm starting to grasp what you are trying to do. I think you can get close using lock, but the user will still be able to see the data in the other cube, even if they can't update it. ANother option is to use an excel sheet instead of a view and using an action button block access to the other cube. The only problem you'll have is resetting this access afterwards. (If needed)

When u wrote "using lock", Did you talk about cell security?
Now, i think, it is only one solution - It is mark some cells of cubes as "NONE" in }cellsecurity_cube. But in this case user still can see all views. But he can update only views where cellsecutity is "WRITE".

Using an exel sheet is interest idea, but it wiil be hard to support for many users.

If tm1 would support "CubeSecurity_by_nodes_in_application" I would use this my imaginary security type. But now i see no good solution for this situation. Am i right?