on 09-27-2013 4:27 PM
Hi BPC Friends
In the member access profile I have for the member
Q1FCST read only
If I try to send the data using an input schedule, the lock works
But if I run a script logic, the data are written
Why?
thanks
Michele
Hi,
Is there only one member access profile assigned to your ID?
Are you assigned to any team and any member access profile assigned to the team?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Michele,
If you have multiple member access profiles, then final result is the combined effect.
In the second profile, you might have write access to all the categories. So, this overwrites the read only access from the first profile.
If you deactivate the second profile, then it will work fine. But you need to evaluate whether you need the second profile or not.
Hope this helps.
Hi Michele,
better mantain "atomic" m.a.p. not combinations and add these atomic m.a.p. to the team, i.e. one m.ap. for Q1FCST ready only and one for entity all ready only, etc.
This is clearer and you understand quickly if there is a lack in the security.
To to maintain your m.a.p. I think you have to add in the second
entity Italy ready and write
category Q1FCST denied
so you're able to write on Italy in all categories except Q1FCST
Regards
Roberto
So Robert which solution do you suggest?
Do you suggest me to avoid the MAP at the team level and to maintain directly the MAP at the user level?
thanks
Michele
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Michele,
normally several users have the same security and bpf and also if there is a turnover some user will deleted and some others take the previous place.
As I said when you start creating security you have an effort but if you have worked good after it's simply to maintain.
Regards
Roberto
Thanks Robert for your nice explanation, I appreciated it
I have about 200 users in BPC with about 80 different member for one dimension, so it could be heavy to maintain many MAP
The solution that was implemented before that I started to work here it looks ok
The issue is this:
if I try to send data to dimension member Q1FCST when it is read only from input schedule it works correctly and the same if I try to send data when I change Q1FCST read and write
The problem is that one step of the BPF is to run a package that copy the actual data to Q1FCST and this create the data doesn't matter if the M AP is Q1FCST read only or read & write
thanks Nilajan and Roberto
My situation is a little bit different
I need to have a general member access profile assigned to the team Country where for example at the moment I need to have
entity read only all
category read & write Q1FCST
category read only Q2FCST
in three months I am going to change in this way
category read only Q1FCST
category reand & write Q2FCST
and also I need many others M.A.P. assigned directly to the users so they can only write for their country
entity Italy reand & write
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Michele,
normally you should have in the same team users with same security (MAP, bpf...) and you give the MAP to the team (remember you have also the possibility to use denied if you want to exclude some specific value).
Your right this means a big effort at the beginning but it's clearer and you see immediately if there is a lack because you have forgot something, otherwise you can also give some generic MAP to the team, e.g.
entity read only all
category read only Q1FCST
category read & write Q2FCST
and add to a single user
entity Italy read & write
but it's dangerous, you might have lack on security as per you.
Regards
Roberto
User | Count |
---|---|
16 | |
3 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.