Hi All,

We are on-prem and for our PAL installs we have daily chores running overnight which output our user lists and groups which get automatically sent to a central IT access governance database. This feeds a company wide process handling leavers and privileged access as well as re-certification of access on a periodic basis.

We are looking to set users up on workspace as soon as possible but with an on-prem install the workspace users, role and groups are disconnected from PAL so you can't reliably produce a PAW extract using any of the related TM1 instances. For instance you can delete the user in all instances of TM1 but they can remain in workspace.

You can manually export user data for roles and groups via the GUI but this will be onerous to do 7 days a week so would like to automate. All advice gratefully received. Thanks,

Seconded!

For the deployments we manage, we have taken to building into our user account management process steps to manually make sure the PAW-related data (license type / role) is updated in all the relevant TM1 dbs on the }Clients dim any time a user is added, deleted, or changed, so we can "fake" a PAW report. This is tedious, only works when any and all user requests get routed through us (me), and absolutely does not resolve the pain point Michael is raising here.

Hi,  Just re-raising this.  We have multiple customers who are required to produce daily lists of the security state of the application, especially users and groups.  This is to satisfy SOX and / or other security regimes.

Whilst this is straight forward in v11 TM1 DB, it is not possible to export User and Groups / Role information from PAW.

Any views from the Product Management team on this making it onto the road map?

TIA