Task Manager Auditor / View Only Access
I have a requirement to setup auditor (view only) access within the Task Manager solution. Unlike Account Reconciliations, there isn't a dedicated Role within the Global Options settings of the solution. My initial thought was to assign an Auditor role to the "Viewer Group", however this would require every single task to have the role assigned. Does anyone know of a better solution, or do we actually have to assign the viewer group on all 2,000+ tasks? E.g., regarding assigning the auditor role to the viewer group.
Environment Management
Hi All, In your OneStream implementation, how many environments do you have? Dev, UAT and Prod? Or do you also have Pre-Prod environment that is common in ERP systems? Also, in the UAT environment do you also have copy of data so that when testing happens or developers need to test the changes - there is enough sample data to test? Would you consider brininging data from Prod, randomize it and load into UAT env so that UAT env data at all intersections as Prod? Thanks!About Security Essentials
This OneStream mini-book offers practical guidance, analogies, and in-depth information to help you design, test, and maintain a robust security model. Whether your company is small, large, public, or private, this book delivers the background and tools to meet your company’s unique security and data requirements. Whether you are a consultant guiding implementations, a developer building solutions, or an administrator managing day-to-day operations, you’ll gain a deep understanding of: What’s possible with OneStream security How to define a Security Model tailored to your company’s needs Extending security with Custom Use Cases (aka Slice Security and more) Reporting off your Security Framework and Application Tables Effective Testing and Maintenance strategies for optimal results From practical advice on security group nesting and naming conventions to detailed information on database tables, API calls, and sample code, this mini-book is your one-stop shop for mastering OneStream security quickly and effectively! To access the complete publication, you must purchase either the PDF or the physical copy of the book. Purchases can be made at onestreampress.com. Table of Contents Chapter 1: Introduction Chapter 2: Framework Chapter 3: Design Chapter 4: Common Roles Chapter 5: Application Security Chapter 6: System Security Chapter 7: Other Security Chapter 8: Security ToolsCube | Data Access | Data Cell Access Security/Slice Security by U1#Geography
Data Management Access Security Please share your expertise to set up a Cube's Data Cell Access Security / Slice Security to limit data read access as outlined below: Dimension: U1# - Geography Total_Geography = Child 1 + Child 2 = Total / Top North_America = Child 1 / NA International = Child 2 / Int'l Slice Security: Access Level - Read Data by Geography - in a CV and a QV Total_Geo_Data = Read Total data | Read NA data and Read Intl data NA_Data = Read NA data | no data access = International and Total Intl_Data = Read Int'l data | no data access = North America and Total TY for your practical advice - SMEs.
Data Cell Access Security (Slice Security) has stopped working after we upgraded to OS v8.5
Hi, After we recently upgraded to V8.5 , it seems the slice security has stopped working. Can anyone suggest what would have gone wrong? Cube Data Access Security for Entity is True The parameters are set as User is in group and Data cell in the Filter -> Apply access and stop (Read Only) User is in group and Data cell is not in the Filter -> Apply access and continue (No access) User is NOT in group and Data cell is not in the Filter -> Apply access and continue (No access) In the Account filter , am passing 1 account say Sales but when am checking the access , user is able to access all the accounts. There is no other security available in this particular base cube other than this
Restricting Data Loads Outside Workflow Time Period – Excel Quick View / XFset
Hey Team, I’ve observed that users are currently able to load data via Excel/Spreadsheet tools (Quick View / XFset) beyond the defined Workflow Time Period range for any scenario. This behavior persists even after setting the following Application General Properties to False: Allow Loads Before Workflow View Year Allow Loads After Workflow View Year Despite these settings, the restriction does not seem to be enforced, and users can still submit data outside the intended time range. Could you please advise if there are additional configurations or security settings required to fully restrict data loads outside the Workflow Time Period—especially when using Excel-based tools? Any guidance or best practices would be greatly appreciated. Best regards, Yogesh Kumar Goyal
Looking for a security report
Hi all, Does anyone know if the standard OS security audit or application dashboard reports present a way to determine all of the objects within a OneStream application where a particular Security group is used? For example - let's say I have a grp called "E_WF_specialUsers" and I want to better understand where this group is used within my application (i.e. is it attached to the display group of certain user dimensions, or account members, or workflows, cube views, etc.). I can't seem to find anything that does this within OS but want to make sure I'm not missing something here. Thanks in advance, K.
