TM1 Forum

I am working on defining TM1 security and I run in to an issue. We use integrated security mode 4 . During testing I deleted user ‘John Doe’ from client list and refreshed security.
But then when John Doe tried to log in using Architect, he was still able to log in and was automatically added as a client.
We tried couple of times deleting him but once he uses Architect, he is automatically back in as client. Any idea what we are missing.
Thanks for your help

arulvarman wrote:During testing I deleted user ‘John Doe’ from client list and refreshed security.

How? Did you use the User and Group Maintenance interface or just remove from }Clients dimension manually? If manually, then you'll have to recycle the TM1 Server service. Sorry, "refreshing security" won't do it.

Thanks for the reply Tom. I used Clients/Group interface to remove the client.

Isnt the user automatically validated against the existing group and created on the fly, given it's a mode 4?
I would have thought procedures would be as followed:
Run RemoveClientFromGroup, then remove the user from the group in CAM

This is new installation. I haven't imported any CAM Group yet. I added couple of CAM users and then tried to remove one user. But he is added as client automatically every time he tries architect. Object Security prevents him from doing anything in TM1,but the fact that he is able to log in to TM1 bothers me.
Or is it normal behavior, any CAM user can log in to TM1 and I have to secure the objects by object security?

I haven't imported any CAM Group yet. I added couple of CAM users and then tried to remove one user.

Sorry, that's a little contradicting. You can either add a CAM user to a CAM group or any of the three TM1 admin groups under security mode 4

arulvarman wrote:This is new installation. I haven't imported any CAM Group yet. I added couple of CAM users and then tried to remove one user. But he is added as client automatically every time he tries architect. Object Security prevents him from doing anything in TM1,but the fact that he is able to log in to TM1 bothers me.
Or is it normal behavior, any CAM user can log in to TM1 and I have to secure the objects by object security?

RTM. If you are using security mode 4 or 5 then this is expected behaviour. Users are created upon logging in. This is the default behaviour.

As of I think FP5 or FP6 there is a new config parameter which disables this default behaviour and enforces users being added manually or via TI as opposed to on the fly on first login if the default behaviour is not what you want.

As of I think FP5 or FP6 there is a new config parameter which disables this default behaviour and enforces users being added manually or via TI as opposed to on the fly on first login if the default behaviour is not what you want.

Interesting info. Haven't been able to locate any documentation on that however.

EvgenyT wrote:Interesting info. Haven't been able to locate any documentation on that however.

Try this for size.

Hah, nice one Andy! ( Didnt look very hard, did I )

Nope. First guess at the search terms, fifth item on the list..!

Thanks everyone, it is good to know that I can control it with config change.