Forum Discussion

New Contributor III

7 months ago

Member List Business Rule in Data Access Security

Hi All, We are implementing some updates to the security model in our application, and we are coming across some unfamiliar territory, so we're looking for some input. We are using OneStream versio...

Cubes

Metadata

Security

Henning
7 months ago
I ran a quick test. Using a memberlist BR works and applies when you first save it. When you then change something in the BR, this is not reflected in the security access right away when you refresh e.g. your cube view. Your observation that this only refreshes every 24 hours is in line with IIS resetting every 24 hours. I restarted IIS myself after a change in the BR and the new security access was then applied in my test cube view.

The answers to your questions are as follows:

1. Yes, when changing the memberlist BR, you need to restart IIS (please note that this might log off active users)

1a. When you press save on the cube, except when you only change something in a BR, as the 'cube save button' does not account for that. For this you need to restart IIS.

1b. Yes, you are correct, the answer is: Performance.

2. Work locally on your laptop or your private cloud and restart IIS as needed. Migrate the final solution to the customers app in the end when testing is no longer required or kept to a minimum.

To restart IIS, I use the Internet Information Services (IIS) Manager on my laptop and press restart.

SAAS customer can press this button (Recycle App Pool) to restart IIS on a given server under System >> Environment:

Henning

Valued Contributor II

Hi, may I ask for a rule sample and how you execute this from Data Access Security on the cube? If I have time I could have a look at that.

Thank you for trying to use Data Access Security. Conditional Input Rules in Finance Rules should only be used if not to be avoided otherwise as those impact performance more than the solution you are working on.

Henning

Valued Contributor II

7 months ago

I ran a quick test. Using a memberlist BR works and applies when you first save it. When you then change something in the BR, this is not reflected in the security access right away when you refresh e.g. your cube view. Your observation that this only refreshes every 24 hours is in line with IIS resetting every 24 hours. I restarted IIS myself after a change in the BR and the new security access was then applied in my test cube view.

The answers to your questions are as follows:

1. Yes, when changing the memberlist BR, you need to restart IIS (please note that this might log off active users)

1a. When you press save on the cube, except when you only change something in a BR, as the 'cube save button' does not account for that. For this you need to restart IIS.

1b. Yes, you are correct, the answer is: Performance.

2. Work locally on your laptop or your private cloud and restart IIS as needed. Migrate the final solution to the customers app in the end when testing is no longer required or kept to a minimum.

To restart IIS, I use the Internet Information Services (IIS) Manager on my laptop and press restart.

SAAS customer can press this button (Recycle App Pool) to restart IIS on a given server under System >> Environment:

adykes
New Contributor III
6 months ago
Thank you very much! The information you provided here is in line with what we're seeing - other than the fact that we can't get the IIS reset to actually refresh the data access security. I just made another forum post with some additional information: https://community.onestreamsoftware.com/t5/Application-Build/Data-Access-Security-amp-App-Server-Issues/td-p/35931

Forum Discussion

Member List Business Rule in Data Access Security

Related Content

Security Group Update with Business Rule

Security

Application Security Role update with Business Rules

Updating Scenario Security in a Business Rule

How to derive Member ID from a Member Name in a Business Rule?