Automated process to disable users based on Inactivity Threshold / Remaining Allowed Inactivity
We worked with OneStream to set the Inactivity Threshold to 90 days but discovered inactive users are not automatically Disabled after 90 days - only flagged as 0 days of "Remaining Allowed Inactivity". I'm assuming we could create a Business Rule or some other process that could query OneStream security data within the system to confirm users who meet the "Remaining Allowed Inactivity" = "0 Days" criteria. Manual review could work as well but not preferred. Any suggestions on how this could be automated in OneStream? Thanks in advance.
Slice Security Alternatives
Hello Experts, We have requirements on having the access enabled/disabled for system dashboards/forms channelwise (UD2 members). For this multiple slice security rules were placed on the cube which has been a tedious maintenance task and is probably adding performance impact on the dashboards. We are thinking of replacing the slice security rules via a Finance rule which will set conditional input for selected Entity, Scenario, Time, UD1, UD2 members from super user dashboard, Admin can lock/unlock these intersections via a super user dashboard on a button click. Is there a better alternative for achieving this? Any leads would be appreciated.
Environment Management
Hi All, In your OneStream implementation, how many environments do you have? Dev, UAT and Prod? Or do you also have Pre-Prod environment that is common in ERP systems? Also, in the UAT environment do you also have copy of data so that when testing happens or developers need to test the changes - there is enough sample data to test? Would you consider brininging data from Prod, randomize it and load into UAT env so that UAT env data at all intersections as Prod? Thanks!About Security Essentials
This OneStream mini-book offers practical guidance, analogies, and in-depth information to help you design, test, and maintain a robust security model. Whether your company is small, large, public, or private, this book delivers the background and tools to meet your company’s unique security and data requirements. Whether you are a consultant guiding implementations, a developer building solutions, or an administrator managing day-to-day operations, you’ll gain a deep understanding of: What’s possible with OneStream security How to define a Security Model tailored to your company’s needs Extending security with Custom Use Cases (aka Slice Security and more) Reporting off your Security Framework and Application Tables Effective Testing and Maintenance strategies for optimal results From practical advice on security group nesting and naming conventions to detailed information on database tables, API calls, and sample code, this mini-book is your one-stop shop for mastering OneStream security quickly and effectively! To access the complete publication, you must purchase either the PDF or the physical copy of the book. Purchases can be made at onestreampress.com. Table of Contents Chapter 1: Introduction Chapter 2: Framework Chapter 3: Design Chapter 4: Common Roles Chapter 5: Application Security Chapter 6: System Security Chapter 7: Other Security Chapter 8: Security Tools
Security Models
SOURCE: ONESTREAM CHAMPIONS Hi Everyone, Curious to hear others’ experience in the area of Security. At BDO, we currently have: 5k users configured, of which 4.5k are enabled. 3.6k are in our “basic” level security group, which we have automation to create and assign users to this group when they meet certain criteria. We have seen in our first year live about 50% of our enabled users utilizing our Production App at some point during the year. Primarily focus on Data Level Access (Cube Slice Security) to control access, which 1 of our 3 cubes has 137 slices configured in it, which is the most granular of our 3 cubes. For groups we are currently at 312, of which 150 have users directly assigned and the others are for nesting shared access across groups. For security, we do very little control by Entity or Workflows since most access to data is controlled in Cube Slices based on our U2 (Location) and U3 (Department), and outside of our automated loads, few users load data via workflows. Would like to hear other’s experience! How many users and groups do you have? Is your security model granular or more open and simple? Do you use any automation to manage your model? Anything unique about your model and processes for security? Thanks, ZachCube | Data Access | Data Cell Access Security/Slice Security by U1#Geography
Data Management Access Security Please share your expertise to set up a Cube's Data Cell Access Security / Slice Security to limit data read access as outlined below: Dimension: U1# - Geography Total_Geography = Child 1 + Child 2 = Total / Top North_America = Child 1 / NA International = Child 2 / Int'l Slice Security: Access Level - Read Data by Geography - in a CV and a QV Total_Geo_Data = Read Total data | Read NA data and Read Intl data NA_Data = Read NA data | no data access = International and Total Intl_Data = Read Int'l data | no data access = North America and Total TY for your practical advice - SMEs.Security "Reset" When Prod is Copied to Dev
Is it normal for certain security settings to be "reset" when a copy of production is made to dev? Every time we make a copy of production into the development environment certain security fields within Security Roles, Entity dimension, Scenario dimension, Workflow Profiles and Data Management Groups are set to "(Not Found)" instead of the correct security group. Is this normal? If so, what's the easiest way to update this? Thanks!
