Planning Analytics

Planning Analytics

Get AI-infused integrated business planning

 View Only

  • 1.  PAW users and groups - automatic update

    Posted Wed May 27, 2020 12:26 PM
    Hi
    I am using PAW on-prem, where users and groups are managed separately from the PA security.
    Users and groups can be uploaded to PAW from e.g., a CSV file, but I need to sink users and groups to PAW automatically from other sources.
    How can I do so?
    Where are users and groups stored in the PAW DB?
    Is it possible to access and manipulate that data directly?

    ------------------------------
    Asgeir Thorgeirsson
    ------------------------------

    #PlanningAnalyticswithWatson


  • 2.  RE: PAW users and groups - automatic update

    Posted Thu May 28, 2020 12:52 AM
    Hi Asgeir,

    It's not possible to manipulate the users and groups in PAW outside of the UI or the CSV file upload options.  This is not something we support.

    We are interested in providing an API that would allow for you to manipulate users, groups, and access to books in Workspace.  However, this is not on our short term roadmap.  We will likely investigate this sort of feature starting in 2021.

    What is the 'other source' you want to sync users and groups from?  Are you referring to Active Directory or LDAP as a source for your users and groups? 

    Also, have you looked at CAM authentication with Planning Analytics?  CAM can be configured to work with Active Directory, LDAP, and other authentication sources.  User from the authentication source can be automatically imported in Workspce during the CAM login process.  Unfortunately, PA Workspace does not yet interact with groups from CAM.  



    ------------------------------
    Stuart King
    IBM Planning Analytics Offering Manager
    ------------------------------

    Original Message


  • 3.  RE: PAW users and groups - automatic update

    Posted Thu May 28, 2020 06:10 AM

    Thank you, Stuart, for your reply

     

    We are using AD, but previously, for the TM1 app, we configured and managed users and groups within the Cognos environment. This environment is a bit rough, missing oversight on who is connected to what, and so on. Therefore I moved this configuration into a PA (TM1) cubes and overrode the }ClientGroups security wit a cube rule

    ['}Groups':{'ADMIN','DataAdmin','OperationsAdmin','SecurityAdmin','CAMID("::Everyone")'}]=S: STET;

    [] = S:DB('Security_ClientGroups', !}Clients, !}Groups,'CAMID');

     

    In PAW, I now have a complete overview of who is connected to what group and dimensions, and I can now use the great drilling and filtering within PAW. Now I need a better way to configure the PAW users and groups, somewhat in relation to PA users and groups.

     

    Problems with the current setup in PAW:

    If anyone within our domain is automatically imported in the Workspace during CAM login, then we have a lot of unwanted users (a lot of trash), and default access must thus be restricted to nothing.

     

    An alternative to TM1 application sheet security wanted:

    In one TM1 model, we had some 30 sheets in the old application, and users only got to see the sheet if they had access to some of its data. As I understand, this functionality can not be replicated within the PAW environment. The solution is then to create several books and manage their access with PAW groups. This means that PAW groups must be related to PA data access groups. I could add this configuration to my PA cube described above, but then the data sink with PAW users and groups is missing.

     

    Can you please suggest a solution for me?

     




    Original Message


Related Content