Planning Analytics

Planning Analytics

Get AI-infused integrated business planning

 View Only

  • 1.  Element level Security

    Posted Mon April 01, 2024 06:36 PM

    Hi,

    I am new to TM1 security and trying to understand how we can assign the element security for the below scenario,

    We have below security cubes set up for Client1: Client 1 has been grouped as Contributor and access to Org123, Org 124 and Org 125

    Group
    }ClientGroups Dimension Contributor Org 123 Org 124 Org 125
    Client1   Contributor Org 123 Org 124 Org 125

    ORG security cube has WRITE access to the respective ORG but READ to other ORG

    Group
    }ElementSecurity_LowOrg LowOrg  Contributor Org 123 Org 124 Org 125
    Org 123 WRITE READ READ
    Org 124 READ WRITE READ
    Org 125 READ READ WRITE

    Requirement is: for the Planning Scenario we want Client1 to have READ access to Org 123, WRITE access to ORG124 and NONE to Org 125

    }ElementSecurity_Scenario Scenario Contributor Org 123 Org 124 Org 125
    Planning Scenario   READ READ WRITE
    Budget Scenario READ READ READ

    The above security set up doesn't fulfill the requirement. It allows Client1 access to all the Org (Org 123, 124 and 125) although we just provided WRITE access to Org 124.

    Any suggestion how can i achieve the goal to allow Client 1 to have WRITE access to only ORG 124

    Thank you,

    Sudeep



    ------------------------------
    Sudeep Rimal
    ------------------------------


  • 2.  RE: Element level Security

    Posted Tue April 02, 2024 03:40 AM

    If you want to overrule the standard element security setup for the planning scenario you might need to setup cell security for the corresponding cubes, which enables a lower granularity of defining your security model (using business rules).



    ------------------------------
    Luc Cusiel
    ------------------------------

    Original Message


  • 3.  RE: Element level Security

    Posted Tue April 02, 2024 05:00 AM

    You user is a member of all groups and the respective groups representing the org all have WRITE access to the same named org therefore Client1 has write access to all the Org. TM1 does not intersect element security for individual cells, if that's what you'd want, as Luc already elutes to, you'd likely end up using cell security.

    However in your scenario, if Client1 remained member of all groups, that wouldn't change much IMHO as each of those groups would give this user access to the respective intersections with Planning nevertheless resulting in him still having full access to the full org. Think the confusion is partly here because of the group name being the same as the LowOrg element name whereas you are giving everybody with membership to group Org124 access to Planning in this case. 



    ------------------------------
    Hubert Heijkers
    STSM, Program Director TM1 Functional Database Technology and OData Evangelist
    ------------------------------

    Original Message


  • 4.  RE: Element level Security

    Posted Tue April 02, 2024 01:07 PM

    Hello,

    the TM1-security is group-based. The user Client1 has WRITE access because he is member in all three groups (Org 123, 124 and 125). The easiest way would be to remove the user from the other two groups (in the }clientgroups cube).

    Florian



    ------------------------------
    Florian Waidick
    ------------------------------

    Original Message