企业绩效管理网

 找回密码
 立即注册

QQ登录

只需一步,快速开始

查看: 308|回复: 3

TM1 Security to restrict users from Compensation cub ...

[复制链接]

81

主题

389

帖子

575

积分

高级会员

Rank: 4

积分
575
QQ
发表于 2014-3-15 05:10:09 | 显示全部楼层 |阅读模式
Question regarding TM1 Security to restrict users from accessing Compensation cube or Salary data
---------------------------------------------------------------------------------------------------------------------
TM1 Ver 9.5.2 (64-bit) running on Windows Server 2008 R2

In my model I have Finance and Compension cubes
I have implemented Element level security on scenario and department dimensions and it all works great.
Basically I have one group per department and the users are assigned to the group(dept) they own.
(I am using rules to accomplish this). The users have WRITE Access to both cubes so they can enter budget data.

The client would like to add a couple of new users who would have READ access to ALL Departments but only in FINANCE cube and NOT in Compensation cube. Alternatively, it would be ok if these users see the Compensation cube but be able to see the "Salary" element.

I have tried several different approaches including rules in the CubeSecurity cube, but to no avail. I would appreciate any ideas that you may have to accomplish this. thank-you in advance.
回复

使用道具 举报

89

主题

395

帖子

598

积分

高级会员

Rank: 4

积分
598
QQ
发表于 2014-3-15 07:06:21 | 显示全部楼层
Surely for their group if you give that group only read access to the finance cube that should do it as the salary bit is an alternative. If this isn't the case I may have misunderstood you and you may need to expand a little further.

BTW What's a TM1Guru doing, asking for help from us mere mortals???  

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?立即注册

x
回复 支持 反对

使用道具 举报

67

主题

416

帖子

566

积分

高级会员

Rank: 4

积分
566
发表于 2014-3-15 08:01:51 | 显示全部楼层
TM1Guru wrote:The client would like to add a couple of new users who would have READ access to ALL Departments but only in FINANCE cube and NOT in Compensation cube.  Alternatively, it would be ok if these users see the Compensation cube but be able to see the "Salary" element.
It's pretty simple. Create a group for these new users, give that group READ to all elements in the Departments dimension, and NONE to the Compensation cube (in CubeSecurity). BTW, you did say NEW users. If these users aren't NEW, meaning they are already TM1 users with other rights, then this may not work because TM1 security rights are cumulative. You get the combination of all the rights you have from all the groups you are in. But you already knew that, right, being a guru and all.  

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?立即注册

x
回复 支持 反对

使用道具 举报

75

主题

385

帖子

554

积分

高级会员

Rank: 4

积分
554
QQ
发表于 2014-3-15 08:08:32 | 显示全部楼层
Hi,
I really appreciate the suggestions. It is working now. Just an FYI - Here is what I have done.

a) Created a group called "NoComp"
b) Assigned the new user to "NoComp" group ONLY

c) Provide "NoComp" Group READ Access to all departments (See rule below)
Rules in the Element Security Cube of Department dimension
------------------------------------------------------------------------
['Admin'] = S: STET;
['TOTAL'] = S: 'READ';
['NoComp'] = S: 'READ';
[] = S: IF (!Department @= !}Groups, 'WRITE', 'NONE');

https://picasaweb.google.com/115664559711295198173/March282013#5860426302323701298


d) For the Compensation cube, provide no rights to "NoComp" group (see rule below)
Rules in Cube Security
------------------------------------------------------------------------
['Admin'] = S: STET;
['Compensation','NoComp'] = S: 'NONE';
[] = S: 'WRITE';
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|手机版|小黑屋|企业绩效管理网 ( 京ICP备14007298号   

GMT+8, 2020-9-21 14:31 , Processed in 0.199010 second(s), 13 queries , Memcache On.

Powered by Discuz! X3.1 Licensed

© 2001-2013 Comsenz Inc.

快速回复 返回顶部 返回列表