Restricting Data Loads Outside Workflow Time Period – Excel Quick View / XFset
Hey Team, I’ve observed that users are currently able to load data via Excel/Spreadsheet tools (Quick View / XFset) beyond the defined Workflow Time Period range for any scenario. This behavior persists even after setting the following Application General Properties to False: Allow Loads Before Workflow View Year Allow Loads After Workflow View Year Despite these settings, the restriction does not seem to be enforced, and users can still submit data outside the intended time range. Could you please advise if there are additional configurations or security settings required to fully restrict data loads outside the Workflow Time Period—especially when using Excel-based tools? Any guidance or best practices would be greatly appreciated. Best regards, Yogesh Kumar Goyal
Looking for a security report
Hi all, Does anyone know if the standard OS security audit or application dashboard reports present a way to determine all of the objects within a OneStream application where a particular Security group is used? For example - let's say I have a grp called "E_WF_specialUsers" and I want to better understand where this group is used within my application (i.e. is it attached to the display group of certain user dimensions, or account members, or workflows, cube views, etc.). I can't seem to find anything that does this within OS but want to make sure I'm not missing something here. Thanks in advance, K.
Spreadsheet tool in v8.5 - does it work?
Trying to confirm if the spreadsheet tool in v8.5 is working for anyone in the following manner... Created dashboard with the spreadsheet tool. The page renders fine... However, when doing something as simple as Save As, the following message is generated. Excel file is defined in the configuration. One client mentioned this, so I tested this on another client with the same results. Heard this is fixed in v9.0. Is this correct or am I missing something? Thanks for any input! Ed PuenteSecurity: Question - Control access to a Scenario
Hi all, I'm hoping someone can see what I'm doing wrong here. First a question: Is Scenario access cube specific? Let's say I have 4 cubes. Currently all 4 cubes give a user access to all Scenarios. If I restrict access to a specific scenario for that user in one cube, does that restriction apply across all cubes? I would assume No - am I wrong? I've been trying to set up restricted scenario access to a group of users in a certain cube. I don't want to touch overall security for the Scenario because there are multiple regions that need access. I've tried to set this up via Slice security (Data Access directly on the Cube) by using a Where clause in the Scenario definition for every group identified in the Data Access (i.e. Planning.Base.Where(Name DoesNotContain X). This doesn't appear to be working. The User themself, has access to multiple cubes and there is no restriction to that scenario in those other cubes. So is it all or nothing? Like do I have to go into the slice security for EVERY cube and restrict access to that scenario in order for this to work? Can't think of another way to resolve this but to modify the Scenario access for every Data Access group in every cube will be a lot of work. Hopefully my question makes sense and thanks in advance for any guidance here.
Hybrid Scenario – Pre-Aggregated Member Setup for Entity Summarization (V8.4)
Hi Team, I’m working on a Hybrid Scenario setup where the goal is to copy data from a source scenario to a management (MGT) scenario. This allows the MGT team to work with the data independently, using their own workflow with high-level access. So far, the base data copy works well. However, I want to summarize entity data in the target scenario so that users only see Entity parent nodes, while maintaining visibility of all other 17 dimension members (Account, UD1-UD8, etc.). To achieve this, I tried creating a dummy parent member (Entity X) in a new Entity dimension that mimics the top-level parent from the legal entity hierarchy (Entity Y). My intention was to use this structure in the Pre-Aggregated Members field in the Hybrid Scenario configuration, effectively copying: Entity X = Entity Y Unfortunately, this method worked successfully in Version 7.4, but does not appear to function as expected in Version 8.4. Maybe in version 9.0 +, we can successfully configure pre-aggregated entity mappings for Hybrid Scenarios? Can we customize this to version 8.0 and above? Would appreciate any advice or examples from the community if you’ve made this work in your applications. Thanks in advance! ChrisLocal User Access when SSO turned on or need to set WF for local user when you can't access user.
in our initial design we have a local Admin user - OS_Admin that runs all our DM and Scheduler jobs. This was a local Admin user that pwd never changed (IT requires all AD users to change pwd's and we have too many embedded scripts with pwd for this to work). When we migrated to V8 and the new SSO security structure was applied, we found that keeping the option for manual user sign-in created more issues for our SSO users than we could justify so we have stopped being able to sign in as this user. Issue: We have logic that is pointing to the Global and this user's settings that drive most of our activity. In the short-term I have changed the User based settings to point to my user but I need to get away from that. Need: I need to be able to sign-in as the local user to set the POV for WF (Scenario, Time, WF) OR is there a way I can change that from my Admin user. Don't care either way, just need the result to be that the OS_Admin user's POV is updated.Cube | Data Access | Data Cell Access Security/Slice Security by U1#Geography
Data Management Access Security Please share your expertise to set up a Cube's Data Cell Access Security / Slice Security to limit data read access as outlined below: Dimension: U1# - Geography Total_Geography = Child 1 + Child 2 = Total / Top North_America = Child 1 / NA International = Child 2 / Int'l Slice Security: Access Level - Read Data by Geography - in a CV and a QV Total_Geo_Data = Read Total data | Read NA data and Read Intl data NA_Data = Read NA data | no data access = International and Total Intl_Data = Read Int'l data | no data access = North America and Total TY for your practical advice - SMEs.
Setting "Logon Activity Threshold" on cloud environment
Hello, we need to turn on the "Logon Activity Threshold" on our OneStream cloud instance. I have looked at the documentation and I believe the information there regarding this is for on-prem installations (it involves editing configuration files). I do see this on the cloud application: Is this where you set this on cloud? If so, is this enough to prevent the users from accessing the instance if they don't log on in the required interval? (I ask this because of this post: Automated process to disable users based on Inactivity Threshold / Remaining Allowed Inactivity | OneStream Community) Thanks in advance.
