Overview
Security within TM1 is limited to assigning a client to a group then a group to one or many levels and selections of objects. The levels of objects are:
Tier 1:
- Cubes
- Applications
- Processes
- Chores
Tier 2 – Dimensions
Tier 3 – Elements
Tier 4 – Cube Cells/Intersections of Elements
The level based security is reciprocated up the tiers meaning in example that if the ‘Final Budget’ Element within the ‘Scenario’ Dimension was switched to ‘Read Only’ for all groups, no data could be written to any cube against the ‘Scenario’ ‘Final Budget’.
Creating a user
Users can be added to the system in three ways:
Use the Security Tools Provided by Right Clicking on the server and selecting ‘Security’ -> ‘Client Groups’
By directly maintaining the ‘}Clients’ control dimension
From within a Turbo Integrator Process
Creating user groups, security assignments etc
Groups can be added to TM1 the same ways as the clients are with the exception that you would maintain the ‘}Groups’ Dimension instead of the ‘}Clients’.
Assigning clients to groups can be done through the same security form ‘Client Groups’ under ‘Security’ when right clicking on the TM1 server in server explorer.
This data is held within the ‘}ClientGroups’ control cube which allows developers to implement rules and processes to derive TM1 Security.
Exercise – Create a few users and assign them to Groups
Cube Level
Cube level security is held in the ‘}CubeSecurity’ Cube. The user interface for these settings can be accessed through right clicking on ‘Cubes’ and selecting ‘Security Assignments’
Application, Processes, Chores and Dimension Security is all managed the same way
Exercise – View the cube security
Element Level
Element level security is slightly different in that the ‘}ElementSecurity_DimensionNameHere’ Cubes are created per dimension when the individual dimensions security assignments are changed.
The security page can be accessed by right clicking on a dimension and selecting ‘Security Assignments’
Exercise – Add some Element Level Security
Public/Private Objects
Some objects (Applications, Subsets and Views) have two states, Public and Private.
Private Objects – Are accessible only to the user that created them, they can be a default View or Subset for a specified cube or a default application to load within TM1 web.
Public Objects – Are defined by administrators and are accessible as ‘Read-Only’ for all users.
Public Objects can be made from private ones via an administrator ‘Publishing’ it.
This can also be managed through a Turbo Integrator Process.
Security Refresh
In most instances a ‘Server Security Refresh’ is needed for the server to apply any security changes.
This is done by right clicking on the server and under the ‘Security’ menu selecting ‘Security Refresh’. In large environments this can take a while.
Exercise – Find and Run a Security Refresh
This is some sample text.