Forum Discussion

kmd's avatar
kmd
Contributor II
29 days ago

Looking for a security report

Hi all,

Does anyone know if the standard OS security audit or application dashboard reports present a way to determine all of the objects within a OneStream application where a particular Security group is used?
For example - let's say I have a grp called "E_WF_specialUsers" and I want to better understand where this group is used within my application (i.e. is it attached to the display group of certain user dimensions, or account members, or workflows, cube views, etc.).

I can't seem to find anything that does this within OS but want to make sure I'm not missing something here.

Thanks in advance,

K.

Metadata
Security

2 Replies

  • T_Kress's avatar
    T_Kress
    Icon for OneStream Employee rankOneStream Employee
    29 days ago

    No, no such report currently exists.  There are two Partner Solution Exchange tools that show that information, I believe.  These would be paid subscription tools:

     

     

     

     

     

     

     

     

    But none that are OS developed yet.  I developed a data adaptor that queries this info but the SQL data adaptors has to go across both the Framework database and the Application database.  This is because security groups are stored in the Application database with their unique IDs, not security group names.  So to pull back the group name you have to join tables from Framework and App databases.  And Azure does not let you SQL across databases in the Cloud (Azure limitation not OS) so this tool only works on my local laptop, unfortunately.

    But I understand your ask.  You are trying to find all the objects within an application where a security group has been assigned.  Effectively a trace of a security group.  The only way I know of right now is to extract app zip file and search, which is very manual and not easily repeatable.

    This is achievable in OS via a BR where you open a database connection to each database separately and then perform SQL joins in the BR, as opposed to directly in the data adaptor.

    Maybe a good idea for Idea Stream!

  • MarcusH's avatar
    MarcusH
    Valued Contributor
    26 days ago

    As T_Kress​ says there is no report in OneStream that shows a complete picture of where security is applied and what security groups are being used. You will notice that the descriptions on the two partner solutions do not say they cover all areas where security is used ('key security', 'virtually all'). We have written a report that lists everything: Application, System, Users, Data Access and Environment. It was not easy as it is not just that the security group information is in the Framework database - the information on the Application and System security role assignments is only available through a Business Rule is one of the challenges.

    There are a number of ways of getting around the problem of the security group information being in another database. You can create an in-memory data table (i.e. save it to a variable) or use a T-SQL statement that creates SQL variables to hold the security group info or read the info into a dictionary and look it up.