Security when using Extended Dimensionality for differents LOB

Eva
New Contributor

Could you confirm if it is possible to apply Security when using in an application the EXTENDED DIMENSIONALITY: It means, if we  want that Corporate cannot create new users for a specific LOB, or create new companies or accounts or manage access rights for this LOB. It is possible to restrict to Corporate all these options? Many thanks

3 REPLIES 3

JackLacava
Honored Contributor

OneStream has no concept of "companies" or "LOB", so depending on which actual OS features you're mapping to those concepts, the answer might differ.

This said, as long as there is a privilege to express what you want, OneStream provides features to create groups that are not allowed those privileges.

Eva
New Contributor

Many thanks JackLacava.

In this case we are going to have an Entity dimension with Corporate entities (Cube Corp) and we will be using the Extended dimensionality for a  specific Subgroup (Cube Subgroup) . Same for account Dimension: a Corporate chart of accounts  and a Subgroup chart of accounts using Extended dimensionality. Subgroup want to work in an independent way:  themselves can create their own users (Corporate cannot create users for this Subgroup) and  their own accounts and entities. In Summary want that Corporate cannot do nothing related to its subgroup (even users creation and access) . Would be possible to avoid that Corporate can do this ?

 

MarcusH
Contributor III

Management of users cannot be restricted to a subgroup of dimension members - if a user has access to manage user security it is for all users. You can control the assignment of security groups to metadata items and artefacts but that is controlling access to data not restricting the management of users. The only way I see this working is for there to be an independent user who can only access security and who processes security requests. That user then checks that the person making the request can authorise the security eg a Corporate user cannot authorise a change for Subgroup Entity or account.