The Administrator module allows system admins and application admins to control what users and groups can view and interact within a dashboard app. Through permissions, admins can control how users see and interact with the data, by individual dimensions and models. They can also control what dimension members can be written to in a dashboard app using write restrictions. These security measures grant admins the flexibility to create a dashboard app with several uses.
This article will discuss creating dimension permissions, model permissions, and write restrictions.
If you are working with Dimension and Models, please read the beginning of this section.
1. Go to the Permission section.
2. Select the target user or group from the Configure drop-down.
3. Click OK.
If a user or group already has permissions, the table will display their access. If not, the table will be empty.
After turning on Dimension Security, you will be able to add Dimension Permissions. If there are no Dimensions selected, that means the user has access to all Dimensions. If there are Dimensions selected, the user will have access only to the selected Dimensions.
4. Click Dimension to add Dimension permissions.
5. Select the Dimension and Member List you would like to configure.
For this example, Albert Rivers is a Finance department employee. Therefore, he will need write access to the Finance Department.
6. Go to Write, select the Dimension Member's checkbox, and then choose Single, Descendants, Children, or Leaves.
Tip: For a detailed explanation of these four options, please refer to the Modeler tutorial.
7. Grant read/write access to all the necessary Members.
8. Click OK.
Note: By giving a user write access to a Dimension Member, you are implicitly giving them read access.
This will lead back to the Permission screen, which shows the choices selected in the table.
Tip: To delete Dimension permissions, select Dimension, click the checkbox next to the Member Label in the right pane, then click Remove. Once all the selected items are deleted, click OK.
Check the Dashboard App under the account with the updated changes. Below is an example of a Dimension restriction that only allows the user to read/write to the United States.
Model Permissions allows administrators to give users read or write access to Models. You will need to explicitly define what Models a user or group has access to.
To add Model permissions:
1. Click Model.
2. If you want to select individual Models, select the checkbox for the appropriate permission. If you want the user or group to have access to all models, select the checkbox near Read or Write (depending on the user's need).
3. Click OK.
This will lead back to the Permission screen which will show the choices selected in the table.
Tip: To withdraw the Module permissions, click Model, select the checked boxes as needed. and select OK.
If you do not give users access to the appropriate Models, they will get the following error message:
Write Restrictions provide writing permission for specified Dimension and Dimension Members, in an individual App. This differs from Dimension permissions, which apply across the whole Application.
To configure a Write Restriction:
1. Go to the Administrator module and select the target Dashboard App.
2. Go to the Write Restriction tab and click Add.
3. Select the [Dimension].[Hierarchy] from the drop-down. For this example, we want to set Write Restrictions on Department.Department.
4. Click the checkboxes of all the Members you want to enable writing access. For this example, the user needs write access only to Finance.
5. Click OK.
Tip: To delete the Write Restriction, select the checkbox of the target permission and click Remove .
The example below shows that there is a Write Restriction allowing users to write to only the United States Entity. If any other Entity is selected in this app, the user will not be able to make any changes to the data.