Changes to TM1 Security Model, version 9.4 and up
In version 9.4 of TM1 changes were made to the security model which mean that TI processes by default now run with "Data Admin" rights rather than full admin rights as in all previous versions. This means that by default only full Admin or "Security Admin" users can run processes that utilise TurboIntegrator security functions (such as SecurityRefresh, AddClient, AssignClientPassword, etc.).
To enable non Security Admin users who have "Read" access to run a process that contains security functions successfully the "Security Access" option for the process must be enabled. Note this applies not only for processes and chores run manually but also for processes run as part of a scheduled chore.