Drill through security issue

anz.fin.all.mailbox · February 6, 2018, 3:28am

Dear Canvas experts,

We get the following error message when a user tries to perform a drill through from Canvas:

When I give the user ADMIN access, he/she can perform the drill through from Canvas.

Also, when the user tries to perform the same drill through from Architect, it works normally.

Is there something I need to do in order to give them access to the drill through functionality in Canvas without giving them the ADMIN rights?

Thank you very much in advance,

Chanthy
Veolia BI Team

plim · February 6, 2018, 4:28am

Hi @anz.fin.all.mailbox,

TM1 Security rights is all being managed within TM1. Canvas does not maintain this.

Check the access rights of the group that the user belongs to. Usually there is a }Drill_< drill TI process name > behind it.

Please ensure that the user has access to this TI. Afterwards, check also the Source being used by the drill process if the user has access to it. For example, if the drill is towards a Cube, ensure that the user belongs to a group that has a READ access into that cube as a minimum.

–
Paul

anz.fin.all.mailbox · February 6, 2018, 6:10am

Hi Paul,

Thank you for the feedback. I checked the process security and the cube security. The user has both access to the proper cube and processes. Where I am confused is that it is possible for the user to drill through via Architect but not from Canvas.

Do you have any ideas what might be the issue?

KR,
Chanthy

plim · February 6, 2018, 11:04pm

Hi @anz.fin.all.mailbox,

That seems be a TM1 REST API bug. The error that the user has seen is definitely from TM1 about security rights.

We will send this to IBM for further action on their end.

Thanks for reporting this!

–
Paul

jliando · February 6, 2018, 11:56pm

Hi @anz.fin.all.mailbox

Please review the TM1 security settings of the user in accessing the drill through:

Cube Security: }CubeSecurity. If the drill is from Cube A to Cube B so set both cubes as READ. Also check the drill assignment }CubeDrill_ cube security.
Dimension Security: }DimensionSecurity. Check if the user has access to all dimensions in Cube A and B as per example above.
Also chek the drill assignment }CubeDrillString dimension security.
Element Security:}ElementSecurity[element name]. If somehow there is an element security set up. Cell Security of the cube if necessary.
Process Security: }ProcessSecurity. For any Drill process related to the drill-through. }Drill_[drill process name].

I think that’s all. However, if the user is ADMIN everything is ok.

anz.fin.all.mailbox · February 7, 2018, 5:59am

Dear jliando,

Thank you for your feedback. I rechecked all the security cubes and the user has proper access. I forgot to mention that the drill is from Cube A to a SQL Table.

Again, what is weird is that the drill through works via Architect/Perspective and not via Canvas.

Kind regards,
Chanthy

plim · February 14, 2018, 6:47am

Hi @anz.fin.all.mailbox,

We had just received an update from IBM regarding this issue that this is already fixed in the TM1 11.1, with the latest fix pack to date.

Cheers!

–
Paul