Cognos BI filler members for TM1 cubes with element-level security

Content

Note that by default this filler member functionality is not enabled in BI 10.2.1 Fix Pack 3 but may be enabled by default in future versions of Cognos BI.

The following procedure will enable filler members for TM1 in BI 10.2.1 Fix Pack 3:

+++++++++++

1. In the c10_install/configuration/ directory of each application tier server in your Cognos BI environment, make a copy of the xqe.config.xml file and rename it to xqe.config.custom.xml.

2. Find the hierarchyUseFillerMember parameter within the <queryExecution> section of each xqe.config.custom.xml file and change the "false" value to "true" as shown:

<hierarchyUseFillerMember value="true"/>

An xqe.config.custom.xml file in which filler members are enabled is attached.

xqe.config.custom.xml

3. Save each modified file and then restart the BI server

+++++++++++

With default behavior, applying element-level security can make the TM1 cube appear as ragged and unbalanced to users who do not have access to all members leading up to the root of a hierarchy. The following behaviors ensue:

• in a level-based hierarchy, if a root member is inaccessible, the entire hierarchy becomes inaccessible in the metadata tree of the authoring interfaces of Cognos BI.
• in a parent-child hierarchy, if a root member is inaccessible, the highest level accessible descendants effectively become root members, with level ordinal 0, and the level ordinals of their descendants are adjusted accordingly. This may result in the hierarchy becoming unbalanced.
• if a member is not accessible, but its parent is accessible, then all of the descendants will effectively become inaccessible.

By enabling the filler member functionality through the above configuration change, TM1 cubes with element-level security defined will appear as unragged and balanced to all users because members with no visible values, a.k.a. filler members, will appear anywhere in a hierarchy where user access has been restricted. This enables a TM1 cube with element-level security to be more accessible for self-service analysis in Cognos BI since previously hierarchies would be completely unavailable to any user without sufficient privileges to traverse all the way up to the root of the hierarchy.

Filler members appear in lieu of members in which access has been denied. No values will appear for filler members. The caption of a filler member is the caption of the parent member with a ^ character appended to the end, or just a ^ as the caption in the case of a root member whose access has not been granted to the user.

The following image highlights filler members in the metadata tree of the insertable objects pane of Cognos Workspace Advanced (note that since access to the root member has been restricted, without the filler members functionality enabled the user would not be able to see any members at all):

For the secured cube depicted above, the following outputs are from the same report, the first with default functionality and the second with filler members enabled:




For the secured cube depicted above, we can ask for the children of Americasˆ and get Argentina, Brazil, Chile, Uruguay. Every function should work normally against their secured member tree.

This secured user cannot ask for the children of the original real member where the filler Americasˆ is now, since the system has no knowledge of this original secured member.

NOTE: When the current user does not have a minimum of Read privileges for a hierarchy's default member, the server scans the hierarchy by level, top to bottom and returns the first member that is accessible. This may cause some reports to return unexpected results.