Manage Data Security

Introduction

The Administrator module allows administrators and system administrators to control what users and groups can view and interact with in a Dashboard App. Through permissions, admins can control how users see and interact with the data, by individual Dimensions and Models. They can also control what Dimension Members can be written to in a Dashboard App using Write Restrictions. These security measures grant admins with the flexibility to create a Dashboard App with several uses. 

 

This article will discuss how to create Dimension Permissions, Models Permissions and Write Restrictions.

 

 

Dimension Permissions

If you are going to be working with Dimension and Models, please read the beginning of this section.

 

1. Go to the Permission section.

 

 

 

2. Select the target user or group from the Configure drop-down. 

 

 

3. Click OK.

 

If a user or group already has permissions, the table will display their access. If not, the table will be empty.

 

After turning on Dimension Security, you will be able to add Dimension Permissions. If there are no Dimensions selected, that means the user has access to all Dimensions. If there are Dimensions selected, the user will have access only to the selected Dimensions.

 

4. Click Dimension to add Dimension permissions. 

 

 

5. Select the Dimension and Member List you would like to configure.

 

 

For this example, Albert Rivers is a Finance department employee. Therefore, he will need write access to the Finance Department.

 

6. Go to Write, select the Dimension Member's checkbox, and then choose Single, All, Children, or Leaves.

 

 

Tip: For a detailed explanation of these four options, please refer to the Modeler tutorial.

 

7. Grant read/write access for all the necessary Members.

8. Click OK.

 

Note: By giving a user write access to a Dimension Member, you are implicitly giving them read access as well. 

 

This will lead back to the Permission screen, which shows the choices selected in the table.

 

 

Tip: To delete Dimension permissions, select Dimension, click the checkbox next to the Member Label in the right pane, then click Remove. Once all the selected items are deleted, click OK.

 

 

Check the Dashboard App under the account with the updated changes. Below is an example where there is a Dimension restriction that only allows the user to read/write to the United States.

 

 

 

Model Permission

Model Permissions allows administrators to give users read or write access to Models. You will need to explicitly define what Models a user or group has access to. 

 

To add Model permissions:

 

1. Click Model. 

 

 

2. If you want to select individual Models, select the checkbox for the appropriate permission. If you want the user or group to have access to all models, select the checkbox near Read or Write (depending on the user's need). 

 

 

3. Click OK.

 

This will lead back to the Permission screen which will show the choices selected in the table.

 

 

Tip: To withdraw the Module permissions, click Model, select the checked boxes as needed. and select OK.

 

 

If you do not give users access to the appropriate Models, they will get the following error message:

 

 

 

Write Restriction

Write Restrictions provide writing permission for specified Dimension and Dimension Members, in an individual App. This differs from Dimension permissions, which apply across the whole Application.

 

To configure a Write Restriction:

 

1. Go to the Administrator module and select the target Dashboard App.

 

 

2. Go to the Write Restriction tab and click Add.

 

 

3. Select the [Dimension].[Hierarchy] from the drop-down. For this example, we want to set Write Restrictions on Department.Department.

 

 

4. Click the checkboxes of all the Members you want to enable writing access. For this example, the user needs write access only to Finance. 

 

 

5. Click OK.

 

Tip: To delete the Write Restriction, select the checkbox of the target permission and click Remove .

 

 

The example below shows that there is a Write Restriction allowing users to write to only the United States Entity. If any other Entity is selected in this app, the user will not be able to make any changes to the data.