Selective User Access During Planning Process

[jv_oz]

Hi,

During the end of our Planning process (ie the end of Forecasting or Budgeting), we want the finance team to have access, but to restrict general user access.

One solution is to have multiple rights files per model, one for general use and one for finance only use and load them as required.  This seems like a messy solution.  Does anyone have any better ideas?

Thanks!

[mrobby]

This may not be the best idea but isnt there a way to set a group of users for offline access?  Technically, you could set the model offline and users of the offline group should be able to go in.  Im not exactly sure how this would work but I remember reading about it in the manual.

[mrobby]

Also, when you say restrict access, do you mean no access to the model at all or simply to go from write/edit to read?

[jv_oz]

I'll check the offline idea.  What I meant was that the general user has read access only when the finance guys are controlling the model and then reverts to write access for the general user when we reopen for the next forecast.

[overflow.au]

Have you considered having two identical models, with different security rights.  All data from the "general" model could be funnelled to the "finance" model at the point of transition, via admin links, and then the general model be taken off line, replacing it with the finance model online.  Once the finance model is completed, and reversion to the general model is required, the same process could be enabled.

The benefit is that the process each time is to run an admin link, and take the relevant application off line.  The drawback would be to maintain the synchronisation of both applications, although this could be included in a macro fairly easily.

This saves too much alteration to individual security structures, and is simple to implement.  If this is only an occasional occurence this would also be a simple set of processes to enact.

HTH

JC

[mrobby]

You could potentially export the rights file, run a script to update specific items within the exported file to read, then reimport the rights and GTP.

Once you have all the user classes imported you should have some options.  You could for instance keep the rights in a SQL or Access table and run an update query, then export the table to a flat file and import into Contrib.

Same Idea with the SQL table or Access table but use two columns, one for the rights during entry, and one for the rights during review.

Depends on where you want to keep your security settings but there is also the possibility of using an analyst cube to store your rights data and use a dimension that has Rights for Data Entry, Rights for Review.

[SomeClown]

Haven't played around with it much, but if you are on 8.3/8.4, you might be able to get away with pulling the regular users from the Planning Contributor Users role?

So, two AD groups/Cognos groups -   PowerUsers, Webpeople.  Add both groups to Planning Contributor Users, then pull Webpeople when it's time?  That way, you may not have to goof around with the rights file.

Not sure if it will work, but might be worth investigating.

[adityashah27]

this is general req... we simply flip rights to READ for all and have one group that has review rights

[jv_oz]

Thanks everyone. 

The rough method of maintaining two separate rights files and importing them seems to be the way to go and automating it via Access or Excel would make sense.  Has anyone done this in the past and if so, do you have any tips or templates we could use? 

Thanks again, John