OneStream Community

kblackmon · ‎01-21-2022

Is there a way to allow different entity security for different processes in OneStream - particularly when implementing a Marketplace solution which is in a separate distinct cube, with separate distinct scenarios. For example, the user may have RW access in Finance cube to entities 1,2, and 3, and needs RW access in the Tax cube to entities 4, 5, and 6. How can I prevent them from having RW in both cubes to 1, 2, 3, 4, 5, and 6?

I expect similar need may exist between actual and forecast scenarios in the Finance cube...

kberry · ‎01-24-2022

You can set up Data Access security by cube. It can vary by cube/entity and also cube/entity/scenario.

kblackmon · ‎01-25-2022

Thanks for your feedback - do you mean data cell access security? I thought that this kicked in AFTER entity and scenario security, and was generally used to refine security that has been privileged via other security groups. In my example, I think that I need to provide R/W security access to the 6 entities that I mention to my user that needs 3 entities in the finance cube and 3 other entities in tax cube. Would I then remove the 3 finance entities as part of slice security in the tax cube, and similarly remove the 3 tax entities in slice security in finance? This might be very voluminous as I have over 100 entities, and over 50 users - Is Data Access security supposed to be used with this volume?

kberry · ‎01-26-2022

It won't be pretty, but I can't think of another way. Like you say, you would grant access in entity security and take it away in data access security. I don't think there is a recommended limit to data access security, especially if it is the only way to accomplish a goal. I have seen as many as 800 lines. It was not a joy to maintain but worked otherwise.

OneStream Community

Different Entity Security in Different Cubes and/or Scenarios