READ ONLY USER PROPERTY 

Have you ever wondered what the ReadOnlyUser field in the }ClientProperties cube actually does?

This is a numeric property that takes Boolean values of either 1 (true) or a 0 (false). ReadOnlyUser acts as an “overlay” to normal TM1 role based security conferred by group membership in the }ClientGroups cube. Any non-admin user with a value of 1 in the ReadOnlyUser property will be limited to read access to cubes even if they would otherwise be conferred write or higher via group membership.

In certain scenarios this is actually very useful functionality as it allows groups that have write access to cubes to be re-used for read only users as opposed to requiring an entire 2nd set of groups with otherwise identical privileges but read on cubes not write. For some models this can be a quite a time and effort saver. Another potential use might be to selectively lock certain users from data access or lock all users on completion of a planning cycle or during a “changes lock out” period.

If ReadOnlyUser is used then it can simplify checking licensing compliance for read only user types as opposed to checking the cumulative effect of all group memberships per user on all cubes to determine the effective read user vs. write user status. This is probably the reason the feature was created.

Scenario

What if you being an admin give yourself ReadOnlyUser security.

Now if you try input in any cells, an error message displays as shown below.

This can cause a moment of panic, but hold on, you can write a TI to put back ‘0’

And there you are, back to being an Admin.

This is just something to be aware of and save you pulling some hair out when you come across this.