Security issue in Infor dEpm V12 MultiTenant

Hi, we would need some urgent help concerning security configuration in one customer running ‘Budget and Planning’ in V12 MT (not standard module but customized from scratch)

We have set a security access by the dimension entity where the users only have access to read/write on their own entities. The problem comes for an special casuistic consistent on the sales module prices where some users need to write some prices on an entity outside their scope, that is, on an entity where these users have not access to write nor reading

This issue is already have experimented on the standard consolidation platform in the intercompany reconciliation report where it is necessary to ‘read’ information from other entities in order to match the interco figures and that problem is easily solved by creating a second connection to the OLAP in Application Studio with ‘admin’ permissions to be used in the cells where we have to show information from other companies (with ROC, CELLGET, etc.)

This solution consistent on creating a second connection ‘ad hoc’ for these purposes it is not possible to create it at MT because of security problems as we were informed from support team

We know that we can create a ‘mirror’ cube without the dimension affected to skip the security but probably would have a huge impact on performance and it would be a solution for ‘read’ all companies but not for ‘writing’

Any suggestion to solving this issue?

Many thanks a lot in advance, any helpful information would be appreciated

Kind Regards,

Find more posts tagged with

Infor EPM Discussions

Comments

John Robson

One possible solution. Create a clone of the Company dimension with no DAC applied and use that in the pricing cube.

Llorenç Tomas

Thanks for your answer John, the problem with this solution is this cube would be fully accessible from Self Service for all the users and entities

Appreciate your help,

Kind Regards,

Erik Johnson

Although there may be other considerations if the issue is cube visibility on the self-service side this can be restricted. This restriction would apply across the board though so it would be hidden to everyone there including admins. You can check it out here: https://docs.infor.com/depm/12.0.x/en-us/depmolh_cloud/default.html?helpcontent=self_service_cloud/qti1510174382874.html

Llorenç Tomas

Thanks Erik for your answer, problem is the cubes have to be visible in dashboards as we have trained all the users to be capable to produce their own reports and dashboards.

Kind Regards,

John Robson

My suggestion then would to clone the dimension for the cube where DAC should not apply and then use MDAC on the pricing cube. The only flip side is a bit of learning curve and that whereas DAC hides element from an unauthorized user MDAC blocks access to data values. That means SeSe user could see dimension elements - but not the associated data - if they turn off zero supression.

Llorenç Tomas

Thanks a lot John for your answer. By using a cloned dimension without DAC the problem is solved on the App Studio Report to write prices on another entities, but as the users have to have access to this cube in Self Service due to corporate policy, then although MDAC would have configured for the cube would not solve the problem as the users not allowed could access to all the information of the cube due to the cube would contains the cloned dimension with no DAC applied

Kind Regards,

unknown

Have you considered having the users write to a dummy member and then use a scripted process with admin privileges to copy to the proper entity?

Llorenç Tomas

Thanks Jennifer, yes, we thought to create an Engine script to be launched in the same App Report to move the information from a dummy to the correct but the problem remains the same, this Engine process is under the same security restrictions, as far as we know in V12 MT can not use other OLAP connections with admin privileges
We know that this Engine process could be executed automatically launched every night but the information wouldn't be updated on line and that is out of compliance

Thanks again for your answer

unknown

What about a duplicate dummy entity that the rule can evaluate for price? The feasibility of this would really depend on your design, how pervasive the requirement is, and may introduce redundancy.

Llorenç Tomas

Jennifer, that's a good point, we're going to review the impact on the design and the data volume increase due to the redundancy to determine the feasibility. Very much appreciate your suggestion

Kind Regards,

Copyright © 2025 Infor. All rights reserved.