7 Replies Latest reply: May 14, 2009 11:08 AM by Erich Ranz RSS

    HFM Security - Load Data

      Is there a role for HFM that allows users to Load Data? It appears to me that any user has the ability to Load Data through Workspace. How are others preventing users from doing this?
        • 1. Re: HFM Security - Load Data
          What version Kelly?
          9.3.1, you can set the users as Metadata only.
          • 2. Re: HFM Security - Load Data
            I think the data load access is given only to the administrator.
            • 3. Re: HFM Security - Load Data
              After testing, it appears that everyone can load data. The only way to keep a user from loading data would be to provision them to Default and then create a tasklist that allows them to see all tasks except Load Data.
              • 4. Re: HFM Security - Load Data
                Assuming users use HFM through the web not the client:

                Users can load data through a grid, data form, smartview, and FDM.

                You can grant or limit this in shared services with provisioning:

                Grid - To grant access to load data in a grid give them "Enable write back in Web Grid"

                Smartview - To grant access to load data from Smartview to HFM give them the "Load excel Data" provision

                Data Form - We only allow Admins to create data forms and only create data forms for data we want users to be allowed to load.

                FDM - only grant FDM access to users that you want to load data to HFM

                Users can only load data to accounts and entities they have "ALL" access to the corresponding security class found in the Project area of shared services. If they have Read access they cannot load data to it.

                Edited by: user2609991 on Apr 23, 2009 10:18 AM
                • 5. Re: HFM Security - Load Data
                  We have those 4 methods locked down. It is the "Load Data" task that is still open. This is where users load data from a flat file directly to HFM. Any user that has security to create or approve a journal entry must have ALL access to that entity and could theoretically load data directly.
                  • 6. Re: HFM Security - Load Data
                    By the way: how do I make sure that a user, who has data load rights via SmartView, does not submit data to entities that are already on process level "Submitted"?

                    Currently they are able to load data, even though they have only Review1 level rights and even though the entity is set to "Submitted". That means that they in theory could change previous actual figures, what of course is a security issue.

                    We are using HFM 9.2.

                    Thanks in advance!
                    • 7. Re: HFM Security - Load Data
                      Erich Ranz
                      We have a data load group set up with ALL access to the Scenario in which the users need to load. Everyone else has READ access to the Scenarion which creates an error on the load (if they try).