This article explains how to secure your Pulse system. This article starts with the security definition concepts with Pulse. At the end of this article the reader should understand of how the security of Pulse works and how to configure it according to the security requirements in their organization.
About the Security Concepts Definitions
The security structure of the Pulse server is defined in an Instance -> Permission -> Group -> User order. The following definitions are established for the following security components as:
Instance: Each TM1 instance runs as one process (Windows service), it is commonly called a TM1 Server. In version 5.1.x of Pulse the ability to restrict access by instance has been added. Access can be restricted either via exclusion (default) or inclusion, read the Configuring Pulse to Exclude or Include Instance Security article for more information.
Permission: Defines each activity that can be performed within Pulse, these are classified as general and are instance specific, the later defines access to instance specific features.
Group: Will establish a set of permissions for an specific group of users
User: Defines the credentials of a user, a user can be a member of one or many groups.
About the built in Permissions, Groups and Users
Admin Permission: The admin permission is created as part of the installation and gives access to the user all the instances, options and settings.
Public Group: The public group defines the common security for all users, including those who aren't logged into the system. This group can be modified permission wise but cannot deleted. If you want to restrict what the public (anyone who has the Pulse URL) can see you need to modify the Public group.
Admin User: The admin user will be created as part of the installation, and cannot be deleted or modified. The password for the admin user can be reset if it is forgotten, see this article.
As stated in the last section the roles in Pulse define the access to features within the software, the following is a list of all the roles.
General Security Access
|View / Edit Users||Define security access to groups and users|
|View /Edit Configuration||Access to Pulse settings|
|Edit Validations||Modify the validation rules for the Pulse documentation|
|View Workbook Reports||Access To the Excel Workbook open and usage reports|
|View TM1Web Reports||Access to the TM1 Web usage reports|
|Import Migration Package||Import Migration Packages|
TM1 Instance Security
|Edit Settings||Edit the instance settings|
|Start & Stop Services||Grant access to the start and stop buttons in the live monitor|
|View Documentation||Grant access to the documentation reports like the model spotlight and flow diagram reports|
|Edit Documentation||Grant access to edit the documentation|
|View Live Monitor||Access to the live monitor|
|View System Verification||Access to the system verification reports|
|Technical Documentation||Access to generate the technical documentation reports|
|Relationship Diagrams||Access to generate the relationship diagram reports|
|Validation Reports||Access to the results of the Validations|
|View User Reports||Access to the User Usage Reports|
|Performance Reports||Access to the Performance Reports|
|View Source Control||Access To the Source Control Change tracking history|
|Create Migration package||Access to the Create a Migration Package|
|Execute Migration Package||Access To the Execution of Migration Packages|
What to do next?