Security in On-Demand Mode

In On-Demand mode, TM1Connect leverages TM1 security to determine what dimensional and cube data the user has access to when retrieving information from the system. However, depending on your application needs, you can adjust how TM1Connect authenticates to TM1 in three different ways:

 

Pre-defined

Integrated

Prompted

 

Care must be taken when using pre-defined authentication to prevent the user from viewing unauthorized information.

 

hmtoggle_arrow1        Pre-Defined Authentication

Pre-Defined Authentication means that the author of the application supplies a specific username and password to connect to TM1 with and the connection settings are stored with the application. In this mode, any requests of information from TM1 will follow the data security of the supplied user and TM1Connect will ignore the actual user's credentials. This is good for situations where the application controls access to the connection settings and the information is public.

 

TM1 must be configured (in the tm1s.cfg file) to allow for username and password authentication (whether using TM1 or CAM).

 

hmtoggle_arrow1        Integrated Authentication

Integrated Authentication uses the windows credentials of the current user to connect with TM1 (whether using TM1 or CAM). In this mode, any requests for information will follow the TM1 security configuration, whether it is at the cube, dimension, element or even cell level. If a user is not authorized to view a specific member that resides on a column of a view, a data values will be return as 0 (blank for string members), even though the column is visible to the user. This prevents issues occurring with the application due to structural changes if the column were removed from the results.

 

hmtoggle_arrow1        Prompted Authentication

Prompted Authentication will request credentials from the user upon first connecting to TM1Connect. These credentials will be passed to TM1 and, if successful, the user will be authenticated such that any data requests will use the security configuration for the supplied user.

 

 

 

Warning Red Button_200pix

(QlikView Users Only)
 
Failure to perform a reload of the TM1 data when the QlikView document is first opened will result in cached data being held in the QlikView document; this is the same content as when document was originally authored. Perform a reload or partial reload upon document open in order to clear and populate data from TM1 that the user is authorized to see.