The admin who creates a TurboIntegrator process
assigns the security privileges to the TurboIntegrator process.
A TurboIntegrator process can be created only by an administrator,
who has the Admin privileges required to create a process. The administrator
can assign rights to the process. The TurboIntegrator process has
those rights regardless of the rights assigned to any user running
the process.
Non-admin users need to have Read access to a TurboIntegrator processes
in order to see the process in the interface and to execute the process.
But the TurboIntegrator process itself retains the rights assigned
by the administrator.
For example, consider a user and an administrator where:
- User U1 has only Read access to cube_1.
- The administrator creates a TurboIntegrator process that does
a CellPutN into cube_1, which requires Write access to the cube.
- The administrator gives U1 Read access to the TurboIntegrator
process.
- U1 can run this TurboIntegrator process and it will do the CellPutN
even though the user only has Read access to cube_1. The same result
is obtained if U1 has None access to cube_1.
- A user with only Read access to a TurboIntegrator process can
only view and execute the process. The user can't edit the process
to change the value being sent or the location where data is being
put.
- The conditions described above are also true when a user executes
a TurboIntegrator process from within a chore.
To prevent U1 from being able to access this TurboIntegrator process,
the IBM® Cognos® TM1® administrator
should not give U1 Read access to the TurboIntegrator process.