Applied Dimensionality

Rewrote Application Maintenance scripts for SSO

Posted at — Sep 1, 2017
Rewrote Application Maintenance scripts for SSO

I’ve recently updated the script that runs application maintenance utility for TM1 when you got CAM Security with Single SignOn enabled on Cognos BI. See this post for the description of the issue, I’m publishing a better take on a solution.

So why am I kicking the dust on this one?

I was using the ‘old’ VBS scripts on one of the current projects and was really struggling to get everyone to play nicely when a whole bunch of applications is refreshed at the same time. For example if a few applications are built on the same dimension, it’s just nice to be able to call ‘refresh application’ multiple times in the epilog.

Application maintenance utility (or rights management user interface for this matter) doesn’t queue up jobs, if you try doing refreshing an application when something else is running, you’d get a knee-jerk ‘Another job is running for this application or server’ error. So after a number of tries to make a nice ordered queue in VBS (using the good old file as ‘shared lock’ approach) and having some small but annoying hiccups, I decided to see if there’s a simpler way to get a proper mutex (mutually exclusive lock) in scripts and it seemed very straight-forward to do in PowerShell.

So with a bit of shameless copy-pasting from knowledgeable TM1 colleague I cobbled together a powershell script that does the same thing as my old VBS, with the following big differences:

  1. It uses a mutex to ‘serialise’ execution of application refreshes (you start the scripts for 5 applications and they will be updated sequentially), so you don’t have to worry about adding pauses, scheduling and all the other workarounds
  2. This script handles all the different kinds of operations you can run with app_maintenance.bat (VBS was tailored to Refresh / Import rights only)
  3. It’s a lot cleaner & simpler than VBS, where I had to deal with issues with VBS & Internet Explorer interaction, especially this — powershell is less than 150 lines of code
  4. It is finally possible to avoid having passwords in plaintext! I haven’t implemented it so far (nobody asked yet, people seem to be ok with c:! format in cubes), but with powershell it’s possible to create an encrypted password file that will be accessible only to the admin user. Pretty much exactly the same way as TM1Crypt works for tm1runti. Let me know if you’re interested.

I’ve published this script on GitHub, head over there to grab the code.

I’ll start releasing the source code for some other utilities that I have over there as well (all those Java based Excel functions), stay tuned.

comments powered by Disqus