The TM1 Application Server enforces various business rules that determine whether or not a user is permitted to view or edit data. These rules determine the Rights set on the Application; whether or not a given user has Ownership of the node or Application; and whether or not a node has been Submitted.
The following table describes some right enforcement scenarios.
Concept | TM1 Server | Explanation |
---|---|---|
Rights | Element and/or Cell Security | When the administrator sets Rights for an Approval or Responsibility Application along the Approval Hierarchy and Control Dimension, these Rights are translated into either Element or Cell Security. Element or Cell Security is determined by the Application's configuration. |
Ownership | Data Reservation | When a cube is used in an Approval or Responsibility application, the REQUIREDSHARED mode of Data Reservation is applied to the cube. This mode of Data Reservation requires that a user must have a Data Reservation before they can write to the cube. The TM1 Application Server grants a Data Reservation to a user who takes Ownership of an Approval Hierarchy node or set of Nodes. A Data Reservation is specific to a particular User, not a Group. Only one user can have Ownership of a leaf node at any time. The Data Reservation granted by the TM1 Application Server is scoped to the relevant Approval Hierarchy nodes. If a Control Dimension is used, the Data Reservation is scoped to the writeable Control Dimension slices for the Application. Remember: The Data Reservation method is set by the
TM1 Application Server with an entry in the
}CubeProperties control cube that
applies to the whole cube. Because the Data Reservation mode
applies to the entire cube, even if a TM1 Application is
scoped to only one slice of a cube with the Control
Dimension, a Data Reservation is required in order to write
to any region of the cube.
For Central applications, the ALLOWED mode of Data Reservation is used. This mode permits you to optionally take Ownership if you want to have exclusive write access to all the cells in the scope of the Application. Users in a Central application are able to write by default without taking Ownership subject to normal TM1 security. |
Submit | Security Overlay | The action of Submitting a node applies only to Approval applications. When a node is submitted, the slice of data that is identified by the Approval Hierarchy node and Control Dimension, if used, is locked, preventing any further data entry. This locking is done with a Security Overlay cube. |