- OneStream Community
- Forums
- Application Build
- Security when using Extended Dimensionality for differents LOB
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Security when using Extended Dimensionality for differents LOB
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2023 07:23 AM
Could you confirm if it is possible to apply Security when using in an application the EXTENDED DIMENSIONALITY: It means, if we want that Corporate cannot create new users for a specific LOB, or create new companies or accounts or manage access rights for this LOB. It is possible to restrict to Corporate all these options? Many thanks
- Labels:
-
Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2023 07:08 PM
OneStream has no concept of "companies" or "LOB", so depending on which actual OS features you're mapping to those concepts, the answer might differ.
This said, as long as there is a privilege to express what you want, OneStream provides features to create groups that are not allowed those privileges.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-12-2023 03:34 AM
Many thanks JackLacava.
In this case we are going to have an Entity dimension with Corporate entities (Cube Corp) and we will be using the Extended dimensionality for a specific Subgroup (Cube Subgroup) . Same for account Dimension: a Corporate chart of accounts and a Subgroup chart of accounts using Extended dimensionality. Subgroup want to work in an independent way: themselves can create their own users (Corporate cannot create users for this Subgroup) and their own accounts and entities. In Summary want that Corporate cannot do nothing related to its subgroup (even users creation and access) . Would be possible to avoid that Corporate can do this ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-12-2023 05:28 AM
Management of users cannot be restricted to a subgroup of dimension members - if a user has access to manage user security it is for all users. You can control the assignment of security groups to metadata items and artefacts but that is controlling access to data not restricting the management of users. The only way I see this working is for there to be an independent user who can only access security and who processes security requests. That user then checks that the person making the request can authorise the security eg a Corporate user cannot authorise a change for Subgroup Entity or account.
