Local User Access when SSO turned on or need to set WF for local user when you can't access user.
in our initial design we have a local Admin user - OS_Admin that runs all our DM and Scheduler jobs. This was a local Admin user that pwd never changed (IT requires all AD users to change pwd's and we have too many embedded scripts with pwd for this to work). When we migrated to V8 and the new SSO security structure was applied, we found that keeping the option for manual user sign-in created more issues for our SSO users than we could justify so we have stopped being able to sign in as this user. Issue: We have logic that is pointing to the Global and this user's settings that drive most of our activity. In the short-term I have changed the User based settings to point to my user but I need to get away from that. Need: I need to be able to sign-in as the local user to set the POV for WF (Scenario, Time, WF) OR is there a way I can change that from my Admin user. Don't care either way, just need the result to be that the OS_Admin user's POV is updated.Cube | Data Access | Data Cell Access Security/Slice Security by U1#Geography
Data Management Access Security Please share your expertise to set up a Cube's Data Cell Access Security / Slice Security to limit data read access as outlined below: Dimension: U1# - Geography Total_Geography = Child 1 + Child 2 = Total / Top North_America = Child 1 / NA International = Child 2 / Int'l Slice Security: Access Level - Read Data by Geography - in a CV and a QV Total_Geo_Data = Read Total data | Read NA data and Read Intl data NA_Data = Read NA data | no data access = International and Total Intl_Data = Read Int'l data | no data access = North America and Total TY for your practical advice - SMEs.
Setting "Logon Activity Threshold" on cloud environment
Hello, we need to turn on the "Logon Activity Threshold" on our OneStream cloud instance. I have looked at the documentation and I believe the information there regarding this is for on-prem installations (it involves editing configuration files). I do see this on the cloud application: Is this where you set this on cloud? If so, is this enough to prevent the users from accessing the instance if they don't log on in the required interval? (I ask this because of this post: Automated process to disable users based on Inactivity Threshold / Remaining Allowed Inactivity | OneStream Community) Thanks in advance.
Local Server Installation - Login Error
Hi All, Finished the installation of the databases and webserver on the machine, following the installation guide it reached a point where it told me to test the application and login for the first time using preset credentials. I tried inserting the standard credentials but I would get the error message "Unable to log on user 'Administrator'. The password was reset and needs to be changed." and it does not allow me to change the password (see screenshot below). This is a fresh installation and the standard credentials were never used before, did some error occur during the installation or is there something I have to do to make it work correctly? Any help would be greatly appreciated, Alberto
Admin Security Role?
Hi, wondering if anyone has created something like an "Administrator-lite" role that gives the user an ability to do 90% of actions in the tool, but stay away from things like fx, mapping changes, and data loads. I really just want these users to create cube views and reports only without giving them keys to everything else. Would this be solved by adding a new group, or any other recommendations on how to solve? Thank you!
All entity security settings set to "Nobody", yet non-admin user stills sees data for entity
Hi, I have set all security settings on an entity to "Nobody" and yet when I see a dashboard using a non-admin user I still see data. The same when using a spreadsheet. This does not make sense to me. What am I missing?Cube Data Access Security Troubleshoot
If a user is part of a security group with the below "Data Cell Access Security" filters, does that mean they would only have access to "Ent_3200"? For some reason this user is still able to see all base entities however they are still restricted from TOP? Why would the "E#TOP" filter be correctly restricted, but E#top.base not be restricted?
