Security: Question - Control access to a Scenario
Hi all, I'm hoping someone can see what I'm doing wrong here. First a question: Is Scenario access cube specific? Let's say I have 4 cubes. Currently all 4 cubes give a user access to all Scenarios. If I restrict access to a specific scenario for that user in one cube, does that restriction apply across all cubes? I would assume No - am I wrong? I've been trying to set up restricted scenario access to a group of users in a certain cube. I don't want to touch overall security for the Scenario because there are multiple regions that need access. I've tried to set this up via Slice security (Data Access directly on the Cube) by using a Where clause in the Scenario definition for every group identified in the Data Access (i.e. Planning.Base.Where(Name DoesNotContain X). This doesn't appear to be working. The User themself, has access to multiple cubes and there is no restriction to that scenario in those other cubes. So is it all or nothing? Like do I have to go into the slice security for EVERY cube and restrict access to that scenario in order for this to work? Can't think of another way to resolve this but to modify the Scenario access for every Data Access group in every cube will be a lot of work. Hopefully my question makes sense and thanks in advance for any guidance here.
Hybrid Scenario – Pre-Aggregated Member Setup for Entity Summarization (V8.4)
Hi Team, I’m working on a Hybrid Scenario setup where the goal is to copy data from a source scenario to a management (MGT) scenario. This allows the MGT team to work with the data independently, using their own workflow with high-level access. So far, the base data copy works well. However, I want to summarize entity data in the target scenario so that users only see Entity parent nodes, while maintaining visibility of all other 17 dimension members (Account, UD1-UD8, etc.). To achieve this, I tried creating a dummy parent member (Entity X) in a new Entity dimension that mimics the top-level parent from the legal entity hierarchy (Entity Y). My intention was to use this structure in the Pre-Aggregated Members field in the Hybrid Scenario configuration, effectively copying: Entity X = Entity Y Unfortunately, this method worked successfully in Version 7.4, but does not appear to function as expected in Version 8.4. Maybe in version 9.0 +, we can successfully configure pre-aggregated entity mappings for Hybrid Scenarios? Can we customize this to version 8.0 and above? Would appreciate any advice or examples from the community if you’ve made this work in your applications. Thanks in advance! ChrisLocal User Access when SSO turned on or need to set WF for local user when you can't access user.
in our initial design we have a local Admin user - OS_Admin that runs all our DM and Scheduler jobs. This was a local Admin user that pwd never changed (IT requires all AD users to change pwd's and we have too many embedded scripts with pwd for this to work). When we migrated to V8 and the new SSO security structure was applied, we found that keeping the option for manual user sign-in created more issues for our SSO users than we could justify so we have stopped being able to sign in as this user. Issue: We have logic that is pointing to the Global and this user's settings that drive most of our activity. In the short-term I have changed the User based settings to point to my user but I need to get away from that. Need: I need to be able to sign-in as the local user to set the POV for WF (Scenario, Time, WF) OR is there a way I can change that from my Admin user. Don't care either way, just need the result to be that the OS_Admin user's POV is updated.Cube | Data Access | Data Cell Access Security/Slice Security by U1#Geography
Data Management Access Security Please share your expertise to set up a Cube's Data Cell Access Security / Slice Security to limit data read access as outlined below: Dimension: U1# - Geography Total_Geography = Child 1 + Child 2 = Total / Top North_America = Child 1 / NA International = Child 2 / Int'l Slice Security: Access Level - Read Data by Geography - in a CV and a QV Total_Geo_Data = Read Total data | Read NA data and Read Intl data NA_Data = Read NA data | no data access = International and Total Intl_Data = Read Int'l data | no data access = North America and Total TY for your practical advice - SMEs.
Setting "Logon Activity Threshold" on cloud environment
Hello, we need to turn on the "Logon Activity Threshold" on our OneStream cloud instance. I have looked at the documentation and I believe the information there regarding this is for on-prem installations (it involves editing configuration files). I do see this on the cloud application: Is this where you set this on cloud? If so, is this enough to prevent the users from accessing the instance if they don't log on in the required interval? (I ask this because of this post: Automated process to disable users based on Inactivity Threshold / Remaining Allowed Inactivity | OneStream Community) Thanks in advance.
Local Server Installation - Login Error
Hi All, Finished the installation of the databases and webserver on the machine, following the installation guide it reached a point where it told me to test the application and login for the first time using preset credentials. I tried inserting the standard credentials but I would get the error message "Unable to log on user 'Administrator'. The password was reset and needs to be changed." and it does not allow me to change the password (see screenshot below). This is a fresh installation and the standard credentials were never used before, did some error occur during the installation or is there something I have to do to make it work correctly? Any help would be greatly appreciated, Alberto
Admin Security Role?
Hi, wondering if anyone has created something like an "Administrator-lite" role that gives the user an ability to do 90% of actions in the tool, but stay away from things like fx, mapping changes, and data loads. I really just want these users to create cube views and reports only without giving them keys to everything else. Would this be solved by adding a new group, or any other recommendations on how to solve? Thank you!
