cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Permission member access profile

Go to solution
Former Member

on ‎09-27-2013 4:27 PM

0 Kudos

Hi BPC Friends

In the member access profile I have for the member

Q1FCST    read only

If I try to send the data using an input schedule, the lock works

But if I run a script logic, the data are written

Why?

thanks

Michele

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎10-02-2013 8:39 AM
0 Kudos

Hi,

Is there only one member access profile assigned to your ID?

Are you assigned to any team and any member access profile assigned to the team?

Show replies
Show replies
Former Member
‎10-02-2013 9:45 AM
0 Kudos

Hi

My user is assigned to a team and the team is assigned to the member access profile where there is

category Q1FCST   ready only

Also the user has another member access profile just to give the permission for its country for example

entity ITALY read and write

Former Member
‎10-02-2013 10:16 AM
0 Kudos

Hi Michele,

If you have multiple member access profiles, then final result is the combined effect.

In the second profile, you might have write access to all the categories. So, this overwrites the read only access from the first profile.

If you deactivate the second profile, then it will work fine. But you need to evaluate whether you need the second profile or not.

Hope this helps.

Former Member
‎10-02-2013 10:23 AM
0 Kudos

Hi

The first member access profile is

dimension  member .....................

category     Q1FCST   ready only

entity          all            ready only

The second member access profile is only one row

entity       Italy              ready and write

Where is the problem?

Former Member
‎10-02-2013 10:36 AM
0 Kudos

In the second profile, there is no authorization for category? If not, then it is not correct. You need to specify the authorization for all the secured dimensions in the model.

former_member186498
Active Contributor
‎10-02-2013 10:40 AM
0 Kudos

Hi Michele,

better mantain "atomic" m.a.p. not combinations and add these atomic m.a.p. to the team, i.e. one m.ap. for Q1FCST ready only and one for entity all ready only, etc.

This is clearer and you understand quickly if there is a lack in the security.

To to maintain your m.a.p. I think you have to add in the second

entity       Italy              ready and write

category     Q1FCST   denied

so you're able to write on Italy in all categories except Q1FCST

Regards

     Roberto

Former Member
‎10-02-2013 10:42 AM
0 Kudos

Hi

In the second profile there isn't any specification about category

I have one member access profile assigned to the team and I have many others member access profiles with the only specification about the entity and these are assigned directly to the users

Former Member
‎10-02-2013 10:52 AM
0 Kudos

Hi Michele,

If that is the case, then it is wrong. You must maintain authorization to all the secured dimensions in a model. This is by rule. I would suggest you to rectify this, first.

Answers (2)

Answers (2)

Former Member
‎10-02-2013 4:04 PM
0 Kudos

So Robert which solution do you suggest?

Do you suggest me to avoid the MAP at the team level and to maintain directly the MAP at the user level?

thanks

Michele

Show replies
Show replies
former_member186498
Active Contributor
‎10-02-2013 4:35 PM
0 Kudos

Hi Michele,

normally several users have the same security and bpf and also if there is a turnover some user will deleted and some others take the previous place.

As I said when you start creating security you have an effort but if you have worked good after it's simply to maintain.

  • The best choise normally is to create all the necessary teams, some teams could have only one user but they are ready for adding a new one user that automatically receive the same security and bpf when you add it.
  • The MAP should be assigned to the teams.
  • THE MAP should be atomic, every MAP should contain only one value (exception for ALL and/or denied),
    e.g.
    category  read & write ALL
    category denied Q1FCST
    (if you want that the team could write on all category except Q1FCST that for this team is invisible)
  • add all the MAP you need in the teams (also if the team has only one user, see above)

Regards

     Roberto

Former Member
‎10-03-2013 10:10 AM
0 Kudos

Thanks Robert for your nice explanation, I appreciated it

I have about 200 users in BPC with about 80 different member for one dimension, so it could be heavy to maintain many MAP

The solution that was implemented before that I started to work here it looks ok

The issue is this:

if I try to send data to dimension member Q1FCST when it is read only from input schedule it works correctly and the same if I try to send data when I change Q1FCST read and write

The problem is that one step of the BPF is to run a package that copy the actual data to Q1FCST and this create the data doesn't matter if the M AP is Q1FCST read only or read & write

Former Member
‎10-14-2013 11:15 AM
0 Kudos

Do you have any idea about this problem?

thanks

Michele

Former Member
‎10-02-2013 12:02 PM
0 Kudos

thanks Nilajan and Roberto

My situation is a little bit different

I need to have a general member access profile assigned to the team Country where for example at the moment I need to have

entity       read only       all

category  read & write  Q1FCST

category   read only     Q2FCST

in three months I am going to change in this way

category  read only       Q1FCST

category  reand & write  Q2FCST

and also I need many others M.A.P. assigned directly to the users so they can only write for their country

entity   Italy   reand & write

Show replies
Show replies
former_member186498
Active Contributor
‎10-02-2013 1:04 PM
0 Kudos

Hi Michele,

so it's better maintain "atomic" m.a.p. and assigned all the m.a.p. the user need.,

e.g. for 1 user

entity       read only       all

entity   Italy   read & write

category  read only       Q1FCST

category  read & write  Q2FCST

Regards

     Roberto

Former Member
‎10-02-2013 2:09 PM
0 Kudos

Hi Robert

If I do in this way you have to maintain many member access profile while if I have one MAP for the team and many for the users I have to maIntain only one MAP

former_member186498
Active Contributor
‎10-02-2013 2:21 PM
0 Kudos

Hi Michele,

normally you should have in the same team users with same security (MAP, bpf...) and you give the MAP to the team (remember you have also the possibility to use denied if you want to exclude some specific value).

Your right this means a big effort at the beginning but it's clearer and you see immediately if there is a lack because you have forgot something, otherwise you can also give some generic MAP to the team, e.g.

entity       read only       all

category  read only       Q1FCST

category  read & write  Q2FCST

and add to a single user

entity   Italy   read & write

but it's dangerous, you might have lack on security as per you.

Regards

     Roberto

Ask a Question