Administrative groups and authority

IBM® Planning Analytics with Watson™ supports the separation of administrative duties and roles in Planning Analytics by dividing administrative users into the following predefined administrator groups:

ADMIN group
Members of the ADMIN group have access to all areas of TM1® and represent super-users with all privileges.
SecurityAdmin group
The SecurityAdmin group can perform only security operations in TM1. These operations include creating, editing, and deleting TM1 users and groups. This group can manage the access permissions of other users to TM1 objects, such as cubes, dimensions, and rules, but this group cannot view the data in those same TM1 objects.
DataAdmin group
The DataAdmin group has ADMIN privileges to everything that is not related to security. This group can view, edit, and save TM1 objects, such as cubes, dimensions, rules, and processes. Members in this group can view security settings in read-only mode but are not allowed to modify security settings.
OperationsAdmin group
The OperationsAdmin group can perform only maintenance operations in TM1. This group can perform TM1 server maintenance and operational work, for example, disconnect users or cancel threads. Members in the OperationsAdmin group have no access to any TM1 metadata, cube data, or any other data.

The security assignments for these administrator groups are hardcoded and cannot be modified.

You can use these predefined administrator groups to control and separate TM1 administrative roles among different users to satisfy internal or external security requirements and rules.

Note: Replication and synchronization operations in TM1 should be performed only by members of the ADMIN group. Members of the DataAdmin, SecurityAdmin, and OperationsAdmin groups do not have all the access privileges to perform these operations.