Wednesday, August 12, 2015

Obfuscate - How to scramble the data in your TM1 database, prior to sharing.

Ob-foo-what?

Obfuscation, according to Google:

I often come across customers who are mortified at the thought of sharing their TM1 databases with us.  Of course we have confidentiality agreements in place, but for some reason they provide very little comfort to customers.  The thing that often makes me chuckle is that customers make their TM1 databases so ridiculously complicated that without a cryptographic key no one can make sense of anything in them.  But that's the subject best covered in another post.

So what can we do to entice customers to share their databases with us for development and testing purposes?  What if we could scramble the data values in each cube to render them obscure, unclear, or unintelligible?  What if we could obfuscate their data?

I bet you're thinking, "Yes!  That would be great!"  Well as it turns out, we can do exactly that, and with minimal effort.

TM1 includes a little known Turbo Integrator function called DebugUtility().  This function is officially reserved for the big, bad, TM1 Server developers; the guys who actually write the code that drives the TM1 database itself.

This function works just like any other Turbo Integrator function.  It requires 6 parameters, and can be called in the Prolog, Metadata, Data or Epilog tabs of a TI process.

DebugUtility( nCode, nVar1, nVar2, sVar1, sVar2, sVar3 );

nCode - a number that identifies which debug utility function should be called.  For the obfuscation process, the magic number is 114

nVar1 - 0

nVar2 - 0

sVar1 - the name of the cube you wish to obfuscate

sVar2 - the directory you wish the scrambled cube to be written to

sVar3 - unused in this case, so must be blank ( ' ' )

Example: 
DebugUtility ( 114 , 0 , 0 , 'myCube' , 'C:\data\obfuscate' , '' ) ;


You might be thinking, "Wow, this is great!" And while that is true, we have to do a little more work to apply this to an entire set of cubes, or an entire database.  I'll walk you through writing your own Turbo Integrator process to obfuscate an entire TM1 database.

The first step is to ensure "Display Control Objects" is turned on in Server Explorer:



Then create a new TI process:


Select a dimension subset as your data source type:


The select the All subset of the }Cubes dimension:

 The process's datasource preview pane should now reveal a list of the first ten cubes in your database:


Next, move on to the variables tab of the TI process and change the name of the system generated variable to: vCubeName:



 Now move to the Advanced / Parameters tab and create a new parameter, pDestinationFolder:



Finally, move to the Advanced / Data tab and add the following code:

firstChar = SUBST( vCubeName, 1, 1) ;

  IF ( firstChar @<> '}' );

     DebugUtility( 114, 0, 0, vCubeName, pDestinationFolder, '') ;

  ENDIF;


The variable and the if statement in the code above simply serves to skip control cubes when obfuscating data.  The result of the this process will be a set of new cubes created in the directory you specified:


You then have a number of options for sharing your database structure without sharing your exact data!  The easiest thing to do is to create a fully copy of your database directory, then copy these new cubes over their counterparts in they copied data directory.  You should be left with a fully functional TM1 database with obfuscated data.


4 comments: