Author: Serena Wang
Kepion supports a powerful, out-of-the-box Security Management System, that both scales and allows for complex security setups – right down to Dimension Member access.
In this article, we walk through the process of configuring security for a typical application. Each step comes with a short description, where to configure, and an example video or article. Unless “Optional” is specified, it's recommended that you complete all the areas for a brand new application. For an initial configuration, we recommend following the steps in order.
Add Users to Kepion
- Add individual AD users
- Add users by adding AD groups
Configuration: ADMINISTRATOR -> Security -> User & Group
Example: Security training video: 0:15 - 0:43
Categorize Users by Role
There are five predefined system roles:
- System Administrator: Has unlimited access to all aspects of the system
- Administrator: Manages both user security and workflow
- Model Designer: Manages the core modeling aspects of an application
- Report Designer: Manages reports and report books for reporting - this is an obsolete feature that only applies to Kepion 2.0
- Advanced Contributor: Is able to use advanced features, such as transactional drill-through, run rules on selected cells, and review user changes on Forms
The System Administrator has the highest level of privilege across all applications. The rest of the system roles are all scoped by application.
For users that only need to access Dashboards or Workbooks, you can create user-defined roles to help manage security. All the user-defined roles can only access the APPS module, unless you add them to one of the system roles.
Below is a summary of accessible modules of each role within Kepion.
Configuration: ADMINISTRATOR -> Security -> Membership
Example: Security training video: 0:43 - 1:29
- By model: Users must be granted access to a Model to be able to view data from Forms and reports that are created off that Model. Users that are not granted this access will receive a connection error when they attempt to view these resources.
- By dimension member (Optional): Dimension Member security is defined in a restrictive manner. Should a user not have any Dimension Member security defined for a particular Dimension, then they will by default have read access to all the members.
Configuration: ADMINISTRATOR -> Security -> Permission
Example: Security training video: 1:29 - 3:54
Manage Workflow Users
You can grant users access to a Workflow (Dashboard or Workbook) by adding roles or individual users.
Configuration: ADMINISTRATOR -> Manage Workflow -> Dashboard/Workbook -> USER
Example: Security training video: 3:54 - 5:23
You can also restrict users access to certain pages or Forms. Instead of managing several Workflows for different users, you can use one Workflow and specify accessible pages/Forms by user or role.
Configuration: ADMINISTRATOR -> Manage Workflow -> Dashboard -> PAGE RESTRICTION, or Workbook -> FORM RESTRICTION
Example: Security training video: 5:23 - 6:35
If you want to limit access to certain regions within the MODELER or ADMINISTRATOR module, you can do so in the Restriction tab.
Configuration: ADMINISTRATOR -> Security -> Restriction
Example: Restrictions article