OneStream Administrator Security Role

New Contributor III

Hi All,

I am very new into the OneStream world. Wondering for those OneStream Functional Administrators out there, do you have the “Administrator” role or it is just for the IT team?

I have been a techno and functional guy in the HFM world for many years, so I am not used to lose the admin rights.

Just want to see whether it is a common practice out there that I need to adjust.

Thanks in advance!

* This post has been migrated from Champions


Contributor III

My company splits it by having one IT lead who is responsible for new user set up and security inside of OS and the financial systems team (two people including me) roll up to the Finance side of the company and we’re the OS admins responsible for everything else in the system. Hope that’s helpful!

Hi Nicole,

but that split is outside one stream, inside one stream you both have the same role as Administrator, Am i right ?



Hi Darpan - correct, the IT lead and finsys admins all have the “administrator” role inside OS.

So then your Query is closed ?


Dear Michael,

Here the Administrator has both the functional as well as Technical Roles in One Stream.

As a technical guy you can monitor application analaysis, diagnostic tools , maintaining the security groups and so many many things.

Into the functional role you have to create all the master dimensions setup and transformation rules and so many things.

so happy thing is that your role remains intact here.

Hope this reply makes you comfortable.


Darpan Bhansali

New Contributor III

For my case, they specifically took away my “administrator” role. But on the other side, the IT guys do not know too much about One Stream (or HFM in the past). We are now heavily rely on consultants to help with user security and anything require admin rights. I am a bit concerned and frustrated.

New Contributor III


This requires some effort; however, security can be developed and implemented in such a manner that you could still manage and update items on the Application tab, etc. but not have Administrator rights. Hope all is well.


Hi all,

Terry’s right - before I was a full time admin/FinSys manager, I had a joint consolidations/finsys role. As a result, we created an “admin light” role that allowed me access to what I needed without interfering with my consolidations role. It was painful and time consuming but possible. Though if you’re role is actually FinSys manager and admin of OS, I’d be questioning why it’s necessary first before presenting that it’s an option 

Good luck!

New Contributor III

I am the only FinSys and the Manager here. We have over 100 OneStream users to support, but my security access within the application only allows me to see my own activities. I can not change user system settings. I can not even change my own Page Per Rendering settings. This change takes away lots of fun from the role I used to be on HFM. I reached out to your folks to see whether this is what OneSTream FinSys supposed to be or I am just on a wrong boat. Thanks for all those valuable feedbacks! I hope I did not unintentionally opened a box of worms 

New Contributor II

We manage security in IT for all systems as that’s part of our SOX controls. We do a quarterly review that the finance team approves on a user-to-role relationship basis but they don’t have access to update at our firm

New Contributor II

Hi Mike,

In our company an administrator reports into Finance organization, so I do have Administrator security role and manage everything in the system. Our IT has no involvement with OneStream.

New Contributor III

Thanks. I report to Corp Controller as well.

New Contributor II

I am new to OneStream as well. we just went live January 1st. I just closed our first month in OS. 


I am in FP&A and we have the admin rights along with one person in Accounting. We do have an IT Admin, but only to load updates and answer any questions that OS might have behind the scenes.

Contributor III

I'm the lead admin at my company (we have 2 total admins) and we report to the Finance organization.  We both have full Administrator role access and IT doesn't have any OneStream access.  We manage the system along with consultant support for various project implementations.  There are also SOX controls in place.  This is exactly how it was at my prior employer, too.