Manage Data Security

Introduction

The Administrator module allows administrators and system administrators to control what users and groups can view and interact with in a Dashboard App. Through permissions, admins can control how users see and interact with the data, by individual Dimensions and Models. They can also control what Dimension Members can be written to in a Dashboard App using Write Restrictions. These security measures allow admins increased flexibility so they can have one Dashboard App but several uses for the app.

 

This article will discuss how to create Dimension Permissions, Models Permissions and Write Restrictions.

 

 

Dimension Permissions

If you are going to be working with Dimension and Models, please read the beginning of this section.

 

Go to the Permission section.

 

 

 

Select the user or group that you wish to add permissions for using the Configure drop-down menu. For this example, we will select the user named Kepion. Click OK.

 

 

If a user or group has configurations, the table will have information regarding what they have access to. If not, the table will be empty.

After turning on Dimension Security, you will be able to add Dimension Permissions. If there are no Dimensions selected, that means the user has access to all Dimensions. If there are Dimensions selected, the user will only have access to the selected Dimensions.

 

To add Dimension permissions, click the Dimension button.

 

 

Using the drop-down menu, select the Dimension and Member List that you would like to configure. For this example, Department.Department will be used.

 

 

For this example, Kepion is a Finance department employee. Therefore, Kepion will need write access to the Finance Department. To start, switch the tabs from Read to Write.

 

 

Select the Dimension Member's checkbox, and then choose Single, All, Children, or Leaves.

 

 

Tip: For a detailed explanation of these four options, please refer to the Modeler tutorial.

 

Select as many options as you would like for the user or group's read/write access. Click OK.

 

 

Note: By giving a user write access to a Dimension Member, you are implicitly giving them read access as well. 

 

This will lead back to the Permission screen which will show the choices selected in the table.

 

To delete the Dimension permission, select the Dimension button once again. Click the checkbox next to the Member Label on the right-side of the screen, then click Remove . Once all the selected items are deleted, click OK.

 

 

Check the Dashboard App under the account with the updated changes. Below is an example where there is a Dimension restriction that only allows the user to read/write to the United States.

 

 

 

Model Permission

Model Permissions allows administrators to give users read or write access to Models. You will need to explicitly define what Models a user or group has access to. 

 

To add Model permissions, click the Model button.

 

 

If you want to select individual Models, select the checkbox for the appropriate permission. If you want the user or group to have access to all models, select the checkbox near Read or Write (depending on the user's need). Click OK.

 

 

This will lead back to the Permission screen which will show the choices selected in the table.

 

 

To delete the Module permissions, click the Model button once again. Select the checked-boxes as needed. Click OK.

 

 

If you do not give users access to the appropriate Models, they will get the following error message:

 

 

 

Write Restriction

Write restrictions allow us to constrain users to only write to particular members within the app. This differs from the Dimension permissions which are applied to the entire scope of the application To find and use the Write Restriction sections:

 

Select the Dashboard App that needs Write Restrictions within the Administrator Module. 

 

 

Once you have selected the Dashboard App, click on the Write Restriction tab.

 

 

Click the Add  button.

 

 

Use the drop-down menu to select which [Dimension].[Hierarchy], the user needs input access to. For this example, we are choosing Department.Department.

 

 

Select all members that the user or group needs write access to. For this example, Kepion only needs write access to Finance. Select the checkbox near the Member Label of choice and then click OK.

 

 

To delete the Write Restriction, select the checkbox near the Member Label of choice and then click Remove .

 

 

The example below shows that there is a Write Restriction that only allows users to write to the United States Entity. If any other entity is selected in this app, the user will not be able to make any changes to the data.