Financial Analytics Publisher and IBM Cognos Security

Both Controller users who are designated as IBM TM1 Users and Controller authorization groups are published to TM1®. Authorization groups are assigned prefixes to avoid naming conflicts.

The following security modes are available for Cognos® Controller and Cognos Controller Financial Analytics Publisher in TM1:

  • For TM1 9.5.x, Cognos Controller users and authorization groups are published and can be leveraged if CAM authentication is not used to access the Cognos Controller Financial Analytics Publisher cube (for example from the TM1 Excel plug-in, but not from BI).

    Note: Both Controller users who are designated as IBM TM1 Users and Controller authorization groups are cleared in TM1 during the initial publish operation.
  • For TM1 9.5.2 and later, there is integrated security between Controller and TM1. This means that both Controller users who are designated as IBM TM1 Users and Controller authorization groups are published to TM1. Then for all CAM users present in TM1, the CAM user ID will be connected to the Controller user ID (provided the CAM information has been maintained in Controller) and get the appropriate authorization groups.

  • TM1 Security Mode Settings that are not supported by Controller will result in the initial publish process being aborted and the datamart being set to Error. The following TM1 API security modes are not supported:

    • Distributed

      Implies that the TM1 server is a distributed server that accepts connections without specifying any credentials.

    • Mixed

      Implies that the TM1 server accepts user authenticating either using Basic authentication or Windows Integrated Authentication.

    • WIA

      Implies that the TM1 server accepts connections that can authenticate based on Windows Integrated Authentication.