Administrators can set certain capabilities by user group using the Capability Assignment
tool.
With the Server Explorer open, right-click a server then click Capability
Assignments.
By default all assignments are blank. The blank settings have different implications for each
capability. Changes made to most assignments take effect after you log out of TM1® then log back in. The Allow Export as Text
capability is dynamic; when you set it, you do not need to restart the TM1 Server.
The following capabilities can be set per user group:
- Access to Server Explorer
- Use this capability to launch the Server Explorer by default for this user group. You can set
this capability to Deny to prevent the Server Explorer from being used by this user group. By
default, this capability is set to blank, which is the equivalent of Grant.
To block access to the Server Explorer, click the intersection of the user group and the capability
and select Deny.
- Personal Workspace Writeback Mode
- This capability defines how data changes are handled in this user group.
- When this capability is granted, users have the ability to hold data changes in a private
workspace before manually deciding when to commit the changes to the base data. Users can further be
granted the ability to name and manage multiple private scenarios called sandboxes (see the Sandbox
Capability).
- When Personal Workspace Writeback Mode is granted:
- Users operate in a non-direct writeback situation so they can privately adjust data values
before making them available to the rest of the community. The special sandbox used when Personal
Workspace Writeback Mode is granted makes it easy to try out different data changes without the
complexity of named sandboxes.
- Data that is changed displays in a different color to remind the user that this change has not
yet been merged to the base data. Once the data change in a Personal Workspace is committed, the
cell coloring reverts to black to identify it as part of the base data.
- Users must manually commit their data changes to make them available to other users. If users
are not used to working in a sandbox, for example, if they were used to the classic direct writeback
mode of earlier versions of TM1, they may find it challenging
to remember to commit their changes manually by pressing the Commit button.
- Often working in Personal Workspace mode improves performance over working in direct writeback
since changes to the base data occur less frequently than when every data change must be merged to
the base.
- When this capability is set to Deny, the users do not have a Personal
Workspace writeback so they work directly in the base. This is the default behavior for this
capability. The advantage to this capability setting is that data changes happen immediately, but
many users want the flexibility to control when to commit their changes and make them available to
other users.
- By default, user groups do not have the Personal Workspace Writeback mode capability granted. By
default this capability is blank which acts like Deny.
- To enable a user group to use a Personal Workspace, click the intersection of the user group and
this capability and select Grant.
- Note also that user groups may Deny the Personal Workspace Writeback Mode capability but still
use the Sandbox capability. In that case, users work directly in the base but have the option to
save changes to a named sandbox. When they create a named sandbox, then the Commit and reset Data
buttons become available. If they move back to the Base, they return to direct writeback. See Setting capabilities for the possible option
combinations of Personal Workspace Writeback Mode and Sandbox capabilities.
- If the system-wide ability to have sandboxes is turned off using the DisableSandboxing=T in the
server configuration file, the Personal Workspace Writeback Mode and Sandbox capabilities are
ignored. By default DisableSandboxing is not present or is set to F.
- Sandbox
- This capability enables the user group to create named sandboxes that can be used to build
what-if scenarios. With this capability granted, users can create and name more than one set of data
changes which are overlaid on top of the base data. Users can keep their sandboxes private and
decide when to commit the data changes to make them public. Sandboxing is a powerful feature, but
some users will find the complexity of managing multiple scenarios against a common base
challenging.
- By default all users have this capability. The blank setting acts like
Grant.
- To prevent this user group from using named sandboxes, set this capability to
Deny.
- If the ability to have sandboxes is turned off using the DisableSandboxing configuration
parameter in the server's configuration file, the Personal Workspace Writeback Mode and Sandbox
capabilities are ignored. By default this parameter is not present or is set to F. DisableSandboxing
is described in the Planning Analytics Local Installation and Configuration
documentation.
- Data Reservation capabilities
- Data Reservation (DR) is a server-related feature that allows you to configure exclusive
write-access to regions of a cube for individual users. Once reserved, the data in that region can
only be modified by that specific user until the reservation is released.
- DR uses the ManageDataReservation and DataReservationOverride capabilities to
allow members of a user group to acquire, release, and override DRs for themselves and other
users.
- For details, see the "Using Data Reservations" and "Enabling user groups to manage Data
Reservations" sections in the TM1 for Developers documentation.
- Consolidation TypeIn Spreading
- Consolidation TypeIn Spreading grants or denies the ability to perform data spreading by typing
directly in a consolidated cell in the TM1 web-based clients, including TM1 Web and TM1 Application
Web. If this capability is set to Deny, users are prevented from typing in a consolidated cell to
initiate a data spread. However, when Consolidation TypeIn Spreading is set to
Deny, users can still use the right-click menu to perform data spreading on a
consolidated cell.
Note: This capability does not apply to the Cube Viewer in Architect or
Perspectives, as typing directly in a consolidated cell is not allowed in these clients.
- This capability cannot be set to Deny for the ADMIN user group.
- A blank setting is equivalent to Grant.
- Allow Spreading
- Allow Spreading grants or denies access to all data spreading capabilities in any of the TM1
clients.
- A blank setting is equivalent to Grant.
- Allow Export as Text
- Allow Export as Text grants or denies the ability to export cube or view data as text. Exporting
a large cube or view can consume significant resources, so you may want to deny this capability to
some user groups.
-
When this capability is set to Deny, members of the user group cannot
export data as text and the following limitations are enforced:
- The Export as Text Data option is disabled when a user right-clicks on a
cube or view in Server Explorer .
- An attempt to execute a TurboIntegrator process containing either the ASCIIOutput or TextOutput
function results in the process exiting with a permission error. The process message log indicates
Execution was aborted. No security access for ASCIIOutput
or
Execution was aborted. No security access for TextOutput
.
- When this capability is set to Grant, members of the user group can
export data as text.
- A blank setting is equivalent to Grant.