SOURCE: ONESTREAM CHAMPIONS
Curious to hear others’ experience in the area of Security. At BDO, we currently have:
Would like to hear other’s experience! How many users and groups do you have? Is your security model granular or more open and simple? Do you use any automation to manage your model? Anything unique about your model and processes for security?
The security model at JELD-WEN is much different than BDO. It is driven by entity and workflow; with no cube slice security. We have a couple hundred users and 400 groups. During implementation, we chose to keep it open and simple. Nearly three years in and I am thrilled that it’s served us well. No major updates have been needed; on occasion a bit of maintenance is required for the groups. We maintain security manually. With solid naming conventions and nested groups, it’s relatively easy to add new users to the system by making them members of just a couple of groups.
We have about 140 users and 114 groups, many of which are nested depending on the access type. We use slice security with data access groups between entity and UD2 product segment. We also defined security groups around:
-Dashboard groups: Acct recs, RequestIt/ACM, copy/clear dashboards, export dashboards, etc.
-Various roles: Mostly based on the Security Roles page for example, data management access to the file explorer structure, manage cube views, manage fx rates, manage data management groups, task activity screen
-WF channels: Import, forms, journal entries
Hope that’s useful!
That is helpful information, and has some similarities to our model.
How frequent are changes to your model for cube slices?
How would you classify the level of effort maintaining your model for changes (High, Medium, Low)?
Not often - I just updated the slices recently because we split out a segment from one to two so we needed a new group. That happens once every 3-5 years
I’d classify the level of effort as low because the groups are already set up the way we need to so we’re just moving people around as roles changes or new folks are hired. I’d guess ~95% of users have clearly defined roles but we edit that ~5% of more involved users more often as we add new things into OS (ie. parcel service, specific data mgmt/dashboarding etc.). We have ~3 people very familiar with security also so that makes it easier if new things pop up, like the segment split mentioned above.
I am surprised to hear the model your team has chosen to implement at BDO. I am curious to know about the security setup. At Flex, our security access is a combination of WF and security group combination in addition to RCM for Account reconciliation product. This process is currently manual, we are facing lot of challenges in maintaining it.
Can you please brief about your implementation method for security model. At Flex, currently 200+ users for 80 + work profiles which will grown to 700+ users with 400+ WF entities by next year. How to automate the security model.
We chose this model as we needed our Legal Entity in the Entity Dimension for Intercompany Eliminations, but we manage the business primarily by Location and Department, which is our U2 and U3 respectively.
Our route to getting where we are today was not straight forward. We went live last year with a very simple model, with almost no security by U2 and U3. However, management once using the system and to provide more self service to data, which includes employee comp, decided we needed more granular restrictions. This lead us to our current model over the last year.
We do little workflow security since most data is loaded by automated processes, or entered via forms.
For maintaining our growing 4.5k user base, our IT group used an API to auto create each night users meeting certain criteria and auto assign them to a specific group. Do not know specifics how they accomplished this. This has been a game changer from something that was going to be manually maintained.
Hope this helps!
Agree security has been a challenge for us too, especially with how granular we have gotten, which requires new groups and slices rather frequently with our growing business.
Does Flex have two environments? Have found that to be critical for developing a model like we have.