The OneStream Community is temporarily frozen until June 29th due to the ongoing maintenance. Please read the blog post here to learn more.

Forum Discussion

ZachK's avatar
ZachK
New Contributor II
4 years ago

Security Models

SOURCE: ONESTREAM CHAMPIONS Hi Everyone, Curious to hear others’ experience in the area of Security. At BDO, we currently have: 5k users configured, of which 4.5k are enabled. 3.6k are in our...
Security
kyagla's avatar
kyagla
New Contributor
4 years ago

Hi Zach,
The security model at JELD-WEN is much different than BDO. It is driven by entity and workflow; with no cube slice security. We have a couple hundred users and 400 groups. During implementation, we chose to keep it open and simple. Nearly three years in and I am thrilled that it’s served us well. No major updates have been needed; on occasion a bit of maintenance is required for the groups. We maintain security manually. With solid naming conventions and nested groups, it’s relatively easy to add new users to the system by making them members of just a couple of groups.

Regards,
Kimberly

  • NicoleBruno's avatar
    NicoleBruno
    Valued Contributor
    4 years ago

    Hi all,
    We have about 140 users and 114 groups, many of which are nested depending on the access type. We use slice security with data access groups between entity and UD2 product segment. We also defined security groups around:
    -Cubes
    -Dashboard groups: Acct recs, RequestIt/ACM, copy/clear dashboards, export dashboards, etc.
    -Scenarios
    -Various roles: Mostly based on the Security Roles page for example, data management access to the file explorer structure, manage cube views, manage fx rates, manage data management groups, task activity screen
    -WF channels: Import, forms, journal entries

    Hope that’s useful!
    -Nicole

    • ZachK's avatar
      ZachK
      New Contributor II
      4 years ago

      Hi Nicole,

      That is helpful information, and has some similarities to our model.

      How frequent are changes to your model for cube slices?
      How would you classify the level of effort maintaining your model for changes (High, Medium, Low)?

      Thanks,
      Zach

      • NicoleBruno's avatar
        NicoleBruno
        Valued Contributor
        4 years ago

        Hi Zach,
        Not often - I just updated the slices recently because we split out a segment from one to two so we needed a new group. That happens once every 3-5 years 

         

         


        I’d classify the level of effort as low because the groups are already set up the way we need to so we’re just moving people around as roles changes or new folks are hired. I’d guess ~95% of users have clearly defined roles but we edit that ~5% of more involved users more often as we add new things into OS (ie. parcel service, specific data mgmt/dashboarding etc.). We have ~3 people very familiar with security also so that makes it easier if new things pop up, like the segment split mentioned above.

  • ZachK's avatar
    ZachK
    New Contributor II
    4 years ago

    Thank you Kimberly. This does sound very different from BDO, great to hear your experience that your number of groups is not driving high level of maintenance.

    Zach