User Roles

User Roles are used to restrict the capabilities of a user within Planning Analytics Workspace.

There are four user roles to date:

A complete list of roles and their capabilities within the workspace are defined here: User roles - IBM Documentation

Please note,  database security, such as the ability to edit data and database objects (if a user can see a dimension/cube etc), is controlled in the database itself.  This allows for differing data security by database model/databases. E.g. read only on a group reporting database while having read/write on a subsidiaries forecasting application.

Groups

Groups are used to simplify object security within Planning Analytics Workspace. For example, If a user can access a folder and/or the books within.

Permissions can be set on folders or subfolders which inherit permissions from above, as well as on an individual book and workbench.  Please see: Set permissions on the Shared folder and subfolders - IBM Documentation

Database Security

The Planning Analytics Database security applies to data and database objects

The TM1 Database within Planning Analytics has a robust security model covering objects, such as dimensions and cubes, and data such as view, read and/or write permissions on dimensional data and cells.  The security can even be applied down to a cell level however dimensional matrix security impacts performance less.

TM1 Database security uses defined users invited to Planning Analytics mapped to groups for security. There are two types of groups, workspace groups and database specific groups (that are native to the database). This separation when using database groups allows for an overall database group/admin to be separate from administration and operations of the workspace so sensitive data, such as employee salary, can be made inaccessible to the overall workspace administrators.

To watch a video on managing workspace users and groups see: Planning Analytics - Managing users and groups - YouTube

For more information on database security please see: Object security - IBM Documentation

Please note,  Each database in the Planning Analytics Workspace has its own security model to cater for differing requirements.

When initially adding a workspace group, the users and their membership are added.  As at the point of writing, membership is not synchronised so to refresh workspace groups and members used in the database security, Unassign all users by right clicking the group, Then re add the same workspace group using the button.

ONLY a modeler or administrator subscription can be assigned to the five database admin roles: