PA 2.0.9 Upgrade Concerns

Post Reply
User avatar
mce
Community Contributor
Posts: 329
Joined: Tue Jul 20, 2010 5:01 pm
OLAP Product: Cognos TM1
Version: Planning Analytics Local 2.0.x
Excel Version: 2013 2016
Location: Istanbul, Turkey

PA 2.0.9 Upgrade Concerns

Post by mce » Fri Jun 19, 2020 7:32 am

Hello,

Anyone upgraded to PA 2.0.9x in PROD environments?
If so, have you seen any major issues in this version?

From my point of view, I have the following concerns:
- Removal of TM1 Operations Console, and not having any TM1 server monitoring tool for non-admin users, except TM1Top.
- Change of behavior about element security handling in Dynamic subsets.

Any comments will be appreciated.
Regards,

lotsaram
MVP
Posts: 3412
Joined: Fri Mar 13, 2009 11:14 am
OLAP Product: TableManager1
Version: PA 2.0.x
Excel Version: Office 365
Location: Switzerland

Re: PA 2.0.9 Upgrade Concerns

Post by lotsaram » Fri Jun 19, 2020 1:17 pm

Yes I have a customer already on 2.0.9.1 and all is good. The MDX security issue doesn't really affect them. One really good thing is all the "sf_file" locking errors seem to be vastly reduced which is both good for performance and reduces garbage in the message log.
Please place all requests for help in a public thread. I will not answer PMs requesting assistance.

User avatar
Mike Cowie
Site Admin
Posts: 455
Joined: Sun May 11, 2008 7:07 pm
OLAP Product: TM1, MSAS
Version: Anything thru 11.x
Excel Version: 2003 - 2016
Location: Alabama, USA
Contact:

Re: PA 2.0.9 Upgrade Concerns

Post by Mike Cowie » Fri Jun 19, 2020 4:04 pm

As lotsa says, this otherwise seems to be a really good release with a lot of fixes and the added benefit of being designated a long-term support release, meaning IBM will continue to fix bugs and support the 2.0.9.x release for a total of 3 years.

The MDX / Element Security change is a pretty major change to be aware of. Be sure to budget upgrade time to identify and potentially workaround the issue for users impacted (by changing dynamic subsets to MDX and updating reporting content in PAW, etc. that rely on MDX). Many customers I know have subsets like these, since it's such a convenient way of expressing subsets when building out reporting content for users.

For now, because the change applies only to a subset (no pun intended) of the available MDX hierarchy functions it may not impact you today. The use of DESCENDANTS, for instance, will see this new behavior applied, but not the use of TM1DRILLDOWNMEMBER. I'd fully-expect that all of these hierarchy functions will be treated in the same way in a later release, but it means that if you authored reporting content in PAW or PAfE/PAx you're more likely to have had DESCENDANTS inserted at some point and have an issue for some users, compared to Perspectives/Architect which I believe would have seen TM1DRILLDOWNMEMBER or DRILLDOWNMEMBER generated by the dynamic subset recorder. The one customer of ours that I know of who hit this, so far, saw the problem in PAW books which had some expressions based on DESCENDANTS.

This change was made to address a security vulnerability, but I'm hoping IBM may consider making the current fix approach a little more nuanced and a less-painful upgrade step for people who use public subsets like these in views, etc., while still protecting from the scenario of the MDX snooper who's trying to get sensitive information through hierarchy functions.

User avatar
Ajay
Posts: 144
Joined: Wed May 14, 2008 8:27 am
OLAP Product: TM1
Version: 10.2.0, PA 2.0.9
Excel Version: 2016
Location: London

Re: PA 2.0.9 Upgrade Concerns

Post by Ajay » Mon Jun 22, 2020 10:31 am

Hi MCE

I actually did this myself on Friday. Moved from 2.0.9 to 2.0.9.1

Our environment also includes PAW 2.0.52 and PAfE 2.0.54

The only two things which we found:
a) Sample databases didn't start up with CAM.....not sure if this is an issue for you or not....I got around it by copy a CAM instance that worked from with our environment, then replaced the sample data directory and copied in our own }Clients.dim and it worked after that.....I did notice a couple of tm1s.cfg parameters which I hadn't seen before in the samples so could be related, but haven't had a chance to look into that yet.
b) Within the Planning Analytics Workspace Administration, we were being thrown an authentication issue when clicking onto a server to see it's health etc. We thought this was a Docker issue first and tried restarting Docker, but that didn't work, however we resolved this with a server restart.Everything is functioning fine now.

As safety, we have done a full 2.0.9.1 refresh of client tools as well, eg Architect, PA Perspectives and APIs.

HTH
Ajay

Post Reply