Planning Analytics

Hi,
Can anyone share how you can have multiple different users use TM1PY to connect to a PA cloud instance?  We are current on premise with our Planning Analytics and have multiple groups that are using TM1PY to connect to the system.  We are in the process of transferring to PA on the cloud.  One of the stumbling blocks we have run across is that for accessing PA on the cloud using TM1PY the suggestion is to use a non-interactive account.  The users of TM1PY have access to different cubes/elements so a single account will not work.  Does anyone have any suggestions?


------------------------------
Scott Brown
------------------------------

#PlanningAnalyticswithWatson

Simple - multiple non-interactive accounts.
You can assign different security groups for different non-interactive accounts. Basically that means we need to duplicate or create additional non-interactive accounts for some users

I would like IBM to answer why we have to use non-interactive accounts and not the regular ones for IBM Cloud?
What is the license policy for multiple non-interactive accounts?

@Svetlana Pestsova
@STUART KING​

------------------------------
Vlad Didenko
Founder at Succeedium
TeamOne Google Sheets add-on for IBM Planning Analytics / TM1
https://succeedium.com/teamone/
------------------------------

Original Message:
Sent: Fri October 14, 2022 12:06 PM
From: Scott Brown
Subject: Multi User Access to TM1PY on Cloud

Hi,
Can anyone share how you can have multiple different users use TM1PY to connect to a PA cloud instance?  We are current on premise with our Planning Analytics and have multiple groups that are using TM1PY to connect to the system.  We are in the process of transferring to PA on the cloud.  One of the stumbling blocks we have run across is that for accessing PA on the cloud using TM1PY the suggestion is to use a non-interactive account.  The users of TM1PY have access to different cubes/elements so a single account will not work.  Does anyone have any suggestions?


------------------------------
Scott Brown
------------------------------
​
#PlanningAnalyticswithWatson

The TM1py community is tracking an issue to enhance authentication support for IBMid. You can track it here. https://github.com/cubewise-code/tm1py/issues/816

------------------------------
Ryan Clapp
------------------------------

Original Message:
Sent: Fri October 14, 2022 12:06 PM
From: Scott Brown
Subject: Multi User Access to TM1PY on Cloud

Hi,
Can anyone share how you can have multiple different users use TM1PY to connect to a PA cloud instance?  We are current on premise with our Planning Analytics and have multiple groups that are using TM1PY to connect to the system.  We are in the process of transferring to PA on the cloud.  One of the stumbling blocks we have run across is that for accessing PA on the cloud using TM1PY the suggestion is to use a non-interactive account.  The users of TM1PY have access to different cubes/elements so a single account will not work.  Does anyone have any suggestions?


------------------------------
Scott Brown
------------------------------

#PlanningAnalyticswithWatson

Hi Scott,

I know there are a couple of enhancement requests for TM1Py log-ins​ for PA on the Cloud. Would you mind adding another one on github using the link below? It is probably something that should be included as an option in TM1Py but it really depends on what authentication is implemented.

https://github.com/cubewise-code/tm1py/issues

------------------------------
Ian Boltz
------------------------------

Original Message:
Sent: Fri October 14, 2022 12:06 PM
From: Scott Brown
Subject: Multi User Access to TM1PY on Cloud

Hi,
Can anyone share how you can have multiple different users use TM1PY to connect to a PA cloud instance?  We are current on premise with our Planning Analytics and have multiple groups that are using TM1PY to connect to the system.  We are in the process of transferring to PA on the cloud.  One of the stumbling blocks we have run across is that for accessing PA on the cloud using TM1PY the suggestion is to use a non-interactive account.  The users of TM1PY have access to different cubes/elements so a single account will not work.  Does anyone have any suggestions?


------------------------------
Scott Brown
------------------------------

#PlanningAnalyticswithWatson

"One of the stumbling blocks we have run across is that for accessing PA on the cloud using TM1PY the suggestion is to use a non-interactive account."

Having to use non-interactive accounts is a condition / limitation enforced by Planning Analytics for Cloud (PAoC).  It is needed to connect ( as in to logon ) to a TM1 instance running within a PAoC environment from outside the PAoC environment using the TM1 REST API.  Non-interactive accounts are not related to TM1py.

"What is the license policy for multiple non-interactive accounts?"

AFAIR the non-interactive accounts are included in your PAoC subscriptions, and thus do not come at an extra cost.  You can request up to 99 non-interactive accounts.

"I would like IBM to answer why we have to use non-interactive accounts and not the regular ones for IBM Cloud?"

A PAOC environment is using Cognos Access Manager (CAM) for user authentication. CAM forwards a user logon to an external authentication provider, either to a standard one like LDAP which is mapped / tied to a Cognos namespace or to a custom one, using a Custom Java Authentication provider (CJAP).  A CJAP has limitatations.
The IBMid being used for PAoC user authentication is a custom authentication provider, thus using a CJAP. The IBMid is used to logon to a PAoC environment. That is all the CJAP does. The IBMid cannot be used to connect to a TM1 instance running within a PAoC environment using the TM1 REST API.
To achieve that a standard authentication provider must be used. Thus a LDAP Server is connected to a PAoC environment, hosting the non-interactive accounts. This LDAP Server is mapped / tied to the Cognos namespace "LDAP".

------------------------------
Bernd Siebert
------------------------------

Original Message:
Sent: Fri October 14, 2022 12:06 PM
From: Scott Brown
Subject: Multi User Access to TM1PY on Cloud

Hi,
Can anyone share how you can have multiple different users use TM1PY to connect to a PA cloud instance?  We are current on premise with our Planning Analytics and have multiple groups that are using TM1PY to connect to the system.  We are in the process of transferring to PA on the cloud.  One of the stumbling blocks we have run across is that for accessing PA on the cloud using TM1PY the suggestion is to use a non-interactive account.  The users of TM1PY have access to different cubes/elements so a single account will not work.  Does anyone have any suggestions?


------------------------------
Scott Brown
------------------------------
#PlanningAnalyticswithWatson