Application Server & Security Configurations for AI Services

Author: Matthew Lindon, Created: 2024-11-26

When setting up an AIS Environment, there are required configurations needed for AIS Solutions to operate correctly within an environment. Additionally, there are two options for Database Configurations, depending on a stakeholder's preferences. This article outlines the following:

Required Application Server Configurations

The following configurations are necessary for AIS to operate correctly in any environment:

1. Open the OneStream Server Configuration Utility as an Administrator.
2. Navigate to the OneStream Database Server in the Database Server Connections.
3. Apply the following configurations to the database server connection:

• Access Group for Ancillary Tables: Select a group that includes those who will access records.
• Can Create Ancillary Tables: True
• Can Edit Ancillary Table Data: True
• Maintenance Group for Ancillary Tables: Select a group who will edit and maintain tables.
• Table Creation Group for Ancillary Tables: Select a group who can create tables.

4. Restart IIS after making configuration changes.

• IIS must be restarted to apply security group updates.
• Confirm that the changes are effective by verifying access post-restart.

Basic Database Configurations

AIS users must be included in the Administrators group to have full access to the available AIS databases.

• If users are not included in the Administrators group:
  • They will not have access to the AIS Data Sources Databases

Ensure that administrators verify user group memberships during the initial setup.

Advanced Database Configurations

For stakeholders requiring more granular security on their AIS databases, the following configurations are recommended:

1. Create Security Groups for each AIS Data Sources Database and AIS Framework Database that exists in the environment. Follow these specifications while setting up the groups:

• Naming Conventions:

  • AIS#DataSourcesDatabase#Access
  • AIS#FrameworkDatabaseAccess

• Examples:

  • AIS1DataSourcesDatabase1Access
  • AIS1DataSourcesDatabase2Access
  • AIS1FrameworkDatabaseAccess

• Child Groups and Users:

  • Administrators (Required)
  • Add in any additional groups or users that should have access to this database.

2. Assign the Security Groups to their respective AIS Database in the OneStream AppServerConfig.

• If Databases are not created yet, reach out to a Platform team member who will provision the number of databases needed.
• In the Database Server Connections, the following specifications should be followed for each AIS Data Sources Database:

  • Naming Conventions:

    • AIS# Data Sources Database 1
    • AIS# Framework Database

  • Examples:

    • AIS1 Data Sources Database 1
    • AIS1 Data Sources Database 2
    • AIS1 Framework Database

  • Security Group Assignment:

    • Applies to:

      • Access Group for Ancillary Tables
      • Maintenance Group for Ancillary Tables
      • Table Creation Group for Ancillary Tables

    • Security Group configured in Step 1 that corresponds to the database

      • Example:
        • AIS1DataSourcesDatabase1Access

  • Is External Database: True

3. Assign File Management Group:

• In order for users to be able to load files into Data Manipulator, they must be designated in the Application Security settings for ManageApplicationDatabaseFilesAccess. Not all users have to be designated to this role, but if a user will be uploading files, then they must.

4. Restart IIS after making configuration changes.

• IIS must be restarted to apply security group updates.
• Confirm that the changes are effective by verifying access post-restart.

info

These configurations provide enhanced control and security but may require more maintenance and oversight.