Security is crucial with any application that contains an organisations data. If we want to modify TM1 security to use Active Directory, via Cognos Access Manager, we need to create new groups and then replicate the old security assignment on TM1 objects to use the new CAM groups. This post details how to do this and includes TI’s to simplify the process.
Note this post is about how to modify the objects in your TM1 model to use CAM, not how to modify the model itself. To modify a Planning Analytics model to use CAM security, rather than standard TM1 security, please see this post.
Steps in Creating TI to copy Native to CAM Security
For a pre-existing TM1 environment using the native security, matching the security with the new CAM security groups might be not be too difficult if you’re assigning cube and dimension level security only. If your organisation has setup element and cell security, the task becomes considerably more laborious. Using a TI to copy the security from old to new groups reduces the required effort and time copying the TM1 object security from native to CAM.
The steps below are what you need to do to complete this exercise easily.
- Load all the Active Directory security groups from Cognos Analytics.
- Create attribute for }Groups where we can enter the Active Directory equivalent of our native security.
- Open the }ElementAttributes_}Groups cube.
- Update the attributes of the native TM1 security group with the AD security equivalent. Be careful to enter the CAM group exactly!
- Download the TI below.
This will generate the an output file of the TM1 object security for the native security groups and their matching CAM security groups. It will then update cube, dimension and element level security to use the new CAM groups. Also included is a sub TI process that will run automatically to update any cell security.
Need Help with the Transition to CAM Security?
Do you need help with converting your TM1 models from using native security to use Cognos Access Manager (CAM) security? Please just ask. We’d be delighted to assist.