TurboIntegrator security is assigned by administrator
The admin who creates a TurboIntegrator process
assigns the security privileges to the TurboIntegrator process.
A TurboIntegrator process can be created only by an administrator, who has the Admin privileges required to create a process. The administrator can assign rights to the process. The TurboIntegrator process has those rights regardless of the rights assigned to any user running the process.
Non-admin users need to have Read access to a TurboIntegrator processes in order to see the process in the interface and to execute the process. But the TurboIntegrator process itself retains the rights assigned by the administrator.
For example, consider a user and an administrator where:
- User U1 has only Read access to cube_1.
- The administrator creates a TurboIntegrator process that does a CellPutN into cube_1, which requires Write access to the cube.
- The administrator gives U1 Read access to the TurboIntegrator process.
- U1 can run this TurboIntegrator process and it will do the CellPutN even though the user only has Read access to cube_1. The same result is obtained if U1 has None access to cube_1.
- A user with only Read access to a TurboIntegrator process can only view and execute the process. The user can't edit the process to change the value being sent or the location where data is being put.
- The conditions described above are also true when a user executes a TurboIntegrator process from within a chore.
To prevent U1 from being able to access this TurboIntegrator process, the IBM® Cognos® TM1® administrator should not give U1 Read access to the TurboIntegrator process.