Hello TM1 & Planning Analytics community,

Last week we released TM1py 1.6.
It's a big release with interesting new features like impersonation and improved write speed.

You can find an overview of the release here:
https://code.cubewise.com/blog/tm1py-v1 ... -available

------------------------------
Marius Wirtz
------------------------------

#PlanningAnalyticswithWatson

With the impersonate functionality could any user impersonate any other user or could only an admin in the tool use the impersonate feature?  My concern would be another user who knows TM1py uses impersonate feature to become an Admin.  ​

------------------------------
Karen Hewitt
------------------------------

Original Message:
Sent: Wed February 03, 2021 05:16 AM
From: Marius Wirtz
Subject: TM1py 1.6

Hello TM1 & Planning Analytics community,

Last week we released TM1py 1.6.
It's a big release with interesting new features like impersonation and improved write speed.

You can find an overview of the release here:
https://code.cubewise.com/blog/tm1py-v1 ... -available

------------------------------
Marius Wirtz
------------------------------

#PlanningAnalyticswithWatson

Only admins can impersonate users. Only non-admin users can be impersonated.

------------------------------
Marius Wirtz
------------------------------

Original Message:
Sent: Thu February 04, 2021 07:31 AM
From: Karen Hewitt
Subject: TM1py 1.6

With the impersonate functionality could any user impersonate any other user or could only an admin in the tool use the impersonate feature?  My concern would be another user who knows TM1py uses impersonate feature to become an Admin.  ​

------------------------------
Karen Hewitt

Original Message:
Sent: Wed February 03, 2021 05:16 AM
From: Marius Wirtz
Subject: TM1py 1.6

Hello TM1 & Planning Analytics community,

Last week we released TM1py 1.6.
It's a big release with interesting new features like impersonation and improved write speed.

You can find an overview of the release here:
https://code.cubewise.com/blog/tm1py-v1 ... -available

------------------------------
Marius Wirtz
------------------------------

#PlanningAnalyticswithWatson

Hi Karen:

To add a little to Marius' reply, I believe these are the constraints on impersonation via REST API based on the last time I tested this:

• Anyone in Admin + DataAdmin groups:
  • Impersonate another Admin group member: NO
  • Impersonate a DataAdmin group member: YES
  • Impersonate a SecurityAdmin member: YES
  • Impersonate any non-Admin group user: YES

So, in short: anyone who is not in the Admin or DataAdmin group cannot impersonate another user (this restriction extends to SecurityAdmin group members).

Also, note that there are Info level login events that you should see when impersonation takes place, for instance:

61456 [7] INFO 2020-09-21 15:56:16.436 TM1.Login User Admin authenticated, attempting to impersonate user Joe

This means you've got an audit trail for any user impersonations, too, meaning an admin can't go in and change data as a user without there being a record of the impersonation.

Hope that helps!

------------------------------
Michael Cowie
QueBIT Consulting
Tuscaloosa AL
------------------------------

Original Message:
Sent: Thu February 04, 2021 07:31 AM
From: Karen Hewitt
Subject: TM1py 1.6

With the impersonate functionality could any user impersonate any other user or could only an admin in the tool use the impersonate feature?  My concern would be another user who knows TM1py uses impersonate feature to become an Admin.  ​

------------------------------
Karen Hewitt

Original Message:
Sent: Wed February 03, 2021 05:16 AM
From: Marius Wirtz
Subject: TM1py 1.6

Hello TM1 & Planning Analytics community,

Last week we released TM1py 1.6.
It's a big release with interesting new features like impersonation and improved write speed.

You can find an overview of the release here:
https://code.cubewise.com/blog/tm1py-v1 ... -available

------------------------------
Marius Wirtz
------------------------------
#PlanningAnalyticswithWatson

Hi All,

I just wanted to add that the TM1 impersonation feature is a great addition to TM1 and it will make the life of TM1 Administrators much easier.

• Being able to see the model as the user sees it, make it easier to test security access
• Being able to help users with their private objects as the TM1 Admins will be able to access all private objects.
• With TM1py, you can automate the security access tests for all your users with one script.

More information about how to use the TM1 impersonation feature with TM1py can be found in this article:

• code.cubewise.com/blog/save-time-testing-tm1-security-with-impersonation

Cheers,

Vincent

------------------------------
Vincent Viau
------------------------------

Original Message:
Sent: Wed February 03, 2021 05:16 AM
From: Marius Wirtz
Subject: TM1py 1.6

Hello TM1 & Planning Analytics community,

Last week we released TM1py 1.6.
It's a big release with interesting new features like impersonation and improved write speed.

You can find an overview of the release here:
https://code.cubewise.com/blog/tm1py-v1 ... -available

------------------------------
Marius Wirtz
------------------------------

#PlanningAnalyticswithWatson