When I create new dimensions and then edit the element level security values(DimensionName (e.g. 'Account')->Security->Elements Security Assignments), I notice that all entries are defaulted to 'WRITE'. Is there a way to change this entry to default to something else when a dimension is created?
Thanks!
Default Security on Dimension Elements
- rkaif
- Community Contributor
- Posts: 328
- Joined: Fri Sep 05, 2008 6:58 pm
- OLAP Product: IBM Cognos TM1
- Version: 9.1 or later
- Excel Version: 2003 or later
Re: Default Security on Dimension Elements
Yes, you can use the ElementSecurityPut() function in the TI Process which is creating that dimension
Code: Select all
ElementSecurityPut(Level, DimName, ElName, Group);
Cheers!
Rizwan Kaif
Rizwan Kaif
-
- MVP
- Posts: 3660
- Joined: Fri Mar 13, 2009 11:14 am
- OLAP Product: TableManager1
- Version: PA 2.0.x
- Excel Version: Office 365
- Location: Switzerland
Re: Default Security on Dimension Elements
Don't confuse element security with cube security and dimension security.
If users only have read access to a cube then this is what will apply and the distinction between lock, reserve, write, read element security (for that cube) will be irrelevant. Generally element security should only be applied where needed i.e. to "secured" dimensions. For example, typically in a budgeting application the secured dimensions would be cost center and version.
If no element security is applied to a dimension then the default element security status is write as typically for most dimensions element security is not needed. As per the manual (read it!), once element security is applied to a dimension then the default access level for all elements created from that point will be NONE. This means element security need to be set for all new elements otherwise no users will have any access. You can use ElementSecurityPut in TI but often the best way to automate/manage element security in a large or frequently changing dimension is via rules.
If users only have read access to a cube then this is what will apply and the distinction between lock, reserve, write, read element security (for that cube) will be irrelevant. Generally element security should only be applied where needed i.e. to "secured" dimensions. For example, typically in a budgeting application the secured dimensions would be cost center and version.
If no element security is applied to a dimension then the default element security status is write as typically for most dimensions element security is not needed. As per the manual (read it!), once element security is applied to a dimension then the default access level for all elements created from that point will be NONE. This means element security need to be set for all new elements otherwise no users will have any access. You can use ElementSecurityPut in TI but often the best way to automate/manage element security in a large or frequently changing dimension is via rules.
-
- Posts: 6
- Joined: Mon Sep 13, 2010 2:13 pm
- OLAP Product: TM1
- Version: 9.5.1
- Excel Version: 2007
Re: Default Security on Dimension Elements
Thank you for the replies. Yes, we are currently populating specific slices with the ElementSecurityPut() function in a TI process.
I am trying to limit the number of accounts our user-groups have access to in a planning cube. I know the set of accounts that each should see and need to remove access to the other accounts. I was trying to set their security value to 'NONE' or blank in the }ElementSecurity_Account cube for the ones I want hidden and noticed that in this situation, the vast majority of cells would be set to 'NONE'. Rather than having the access each entry in the cube and setting its value I thought it would be easier to already have it defaulted to 'NONE' and then just flip the permissions of the allowed combination's based on my permissions input file.
I am trying to limit the number of accounts our user-groups have access to in a planning cube. I know the set of accounts that each should see and need to remove access to the other accounts. I was trying to set their security value to 'NONE' or blank in the }ElementSecurity_Account cube for the ones I want hidden and noticed that in this situation, the vast majority of cells would be set to 'NONE'. Rather than having the access each entry in the cube and setting its value I thought it would be easier to already have it defaulted to 'NONE' and then just flip the permissions of the allowed combination's based on my permissions input file.