Overview of Security Levels
There are eight areas where security is applied:
- Data Source
- Event Calendar
Administrators have access to everything so the restrictions described below do not apply to them.
For more information, also see Understanding Power Users
1. Group Level
A Group may be granted:
1. All or selected Privileges; see Assigning Privileges for a Group
2. Access Permissions
- View or Edit Access to All Elements in a Category or selected individual Elements
-- View Access to all or selected Dimension Values
-- Edit Access to Power Users to aall of its Dimension Values
-- Regular User Group members receive View Access to all Dimension Values when Group is granted Edit Access
- Event Calendar Event Management
- Data Sources
- Any Regular or Power User may be assigned as a Member of one or more Group(s) through the Group Editor.
- All Privileges and Permissions set at a Group Level are automatically inherited by all members of the Group, with the exception of the following Permissions that only apply to Power Users:
-- Target Edit Access
-- Data Source Use
-- Category Edit Access
-- Dimension Edit Access
2. User Level
Each User has a User Type that determines the scope of system usage. For more information, see Create a New User.
Privileges and Permissions granted to a User apply only to that User.
Any Regular or Power User may be granted the following:
- All or selected Privileges
- View access Permissions to all elements in a Category, selected individual Elements and all or selected Dimension Values
- Ability to add Events to selected Event Calendars
- Membership in none, one or more Groups
- All Privileges and Permissions granted to the Group(s) in which the user is a member are inherited by the User.
- Those Privileges and Permissions inherited from a Group cannot be removed on the User Editor.
- If a User is removed from a Group, all rights inherited from that Group are removed from this user
In addition, Power Users may be granted the following:
- Edit Access to an Element also receives automatic element-only access to all of its Dimension Values.
- As Creator and/or Technical Owner of an Element also receives Edit Access to the Element
- Edit Access to a Dimension and all of its Dimension Values
- Edit Access to a Category and all of its Elements, including use of all Data Sources and element-only view access to all Dimensions/Values used by the Category's elements
- Use of selected Data Sources to create new Elements
- Ability to view and edit selected Target editors
3. Category Level
- Category Level security allows a Group or User to access all Elements that have been assigned to the selected Category.
- Elements assigned to a Category may be un-Dimensioned or Dimensioned.
- Access to each Dimensioned Element's Dimension Values is determined by Dimension Access, without which a user will be unable to view those Elements.
- Category Level View Access may be granted in the Group Editor, User Editor, or on the Category Editor itself.
- When assigned, Edit Access may be granted to a Category's elements to a Group or to a Power User
- Any Power User may create a Category and automatically receives Edit Access
- Power Users with Edit Access to a Category may grant other users View or Edit Access to the Category
4. Element Level
- Element Level security allows you to control view and edit access to specific Element(s).
- When assigned, Edit Access may be granted to an Element to a Group or to a Power User directly
- Power Users who are the designated Technical Owner also receive Edit Access
- An Element's designated Business Owner receives NO access Permissions
5. Dimension Level
Dimension Level security allows a Group or User to be limited to specific or all Dimension Values
- Scope of access for a Dimension is set to one of the following:
- "All Dimension Values"
- "Specific Dimension Values"
- "Inherited from Parent" (if a Child Dimension; gives access only to the Parent Dimension's Dimension Values to which the user already has access)
- A user must be granted access to both the Element AND the Dimension and "all" or specific Dimension Values to be able to view that Element.
- Power Users may receive Edit Access to a Dimension and be able to manage all of the Dimension's settings and have View Access to all Dimension Values of associated elements
- Any Power User may create a new Dimension and receive automatic Edit Access to it
- Power Users with Edit Access to a Dimension may assign View or Edit Access to other users
Dimension Level access may be granted in the Group Editor, User Editor, or on the Dimension Editor itself.
6. Data Source Level
- Data Sources specify the database and access method used to automatically fetch data.
- Power Users can create Elements using:
- Manual Data Entry
- Upload from CSV files
- Any Data Source to which they have specifically been granted permission to use in the User Editor or the Data Source Editor
- With directly assigned Edit Access to an Element or a Category, a Power User automatically receives Permission to use the related Data Source(s)
- Power Users who are members of a Group with Edit Access to an Element or a Category, must be explicitly granted Permission to use the related Data Source(s)
7. Target Level
Managing a Target; including add/collecting Target data:
- Any Power User may create a Target and maintain it
- A Power User to whom access to a Target has been granted access to it via the User Editor or the Target Editor can also maintain its settings
Viewing a Target
- A Regular or Power User can access the Target View in the Metric Viewer if they have been granted the Privilege: "Access Target View"; for more information, see Controlling Who Can View Targets (NOTE: Power Users automatically receive "Access Target View" Privilege but it may be removed by an Admin)
8. Event Calendar Level
- Using the Event Calendar editor or the User/Group Editors) , any user may be granted the ability to maintain Events associated with an Event Calendar A Power User who creates an Event Calendar or is designated as the Event Owner may also change the Event Calendar's settings as well as maintain its Event on the Event Editor or from the Viewer of associated elements
- A Regular or Power User can display Events in the Metric Viewer if they have been granted the Privilege: "Overlay Context on Charts"; for more information, See Add Event Security
9. Data Source Level
All Power Users receive automatic Permission to use non-configurable Data Sources:
- Manual/CSV Data
- External Process
- Existing Reports - SQL
- Single Existing Report (using Reports to which Power User has at least View Access)
- Existing Metrics (using Metrics to which Power User has at least View Access)
- Aggregate a Metric (using Metrics to which Power User has at least View Access)
Only Power Users can receive Permission to use a selected configurable Data Source as a fetch method for elements he/she creates. This Permission is granted to a Power User in one of the following manners:
- Assigned by an Admin on the User Editor
- Automatically when directly assigned Edit Access to a Category or an individual Element that uses the Data Source
- Inherited from a Group of which the Power User is a member