TM1 Forum

Hi all,

Quick question to check if someone has ever encountered the same or a similar issue with the Cognos BI Integrated Security Mode.
Issue we are facing is the following:

• TM1 Model is integrated with BI security through the IntegratedSecurityMode = 5 and ServerCAMURI and ClientCAMURI parameters in the tm1s.cfg file
• Within BI, the Active Directory Users are stored in specific Cognos BI user groups
• These BI groups are also used in TM1 to setup specific security on cubes, dimensions, etc. by group
• From my understanding with this setup, you then no longer need to maintain the client - group mappings within TM1 manually, these are synchronized with the mappings you have set up in BI
• However, when a user logs in, belonging to a certain group in BI, he does not get the required checkmark in the Client-Groups settings in TM1 and can therefore not access any of the cubes.
• If you set the check manually in TM1, it disappears again as of the moment the user logs in again.

Does this sound familiar to anyone? Seems like there's an issue with the synchronization with the BI security. We first thought the issue was related to the CAM IDs of the security groups but they seem to be based purely on the name of the group and do not contain any specific codes (unlike the CAM IDs for the users coming from Active Directory).

Any insights or tips are more than welcome!

Cheers,
Mathias

I believe that this is normal. It doesn't actually check mark the groups but it knows who is part of what. Have you setup group security to an object and checked to see if its working even though you don't see check marks?

Hi, thanks for your feedback.
To answer your question with some additional remarks:

- Without the checkmarks the security setup in TM1 restricts access to the cubes, which is, given our setup, the normal and expected behaviour

- In other instances we did notice a perfect synchronization of the check marks with the BI security, meaning that

• When a new user logs in to TM1, his Active Directory user account gets added to the list of clients within TM1
• He gets a check mark for each security group he belongs to within the BI setup and user - group mapping
• If you manually add or remove check marks directly in TM1, these get overwritten again each time the user logs in again (at which time a synchronization with BI occurs imo)

So the problem we do not seem to understand is why certain check marks disappear in TM1, even though the user belongs to that group in Cognos BI.