Data Collection Trigger Security (Release 5.3.0 and beyond)

  • All of the Security discussed below applies to Power Users (PU's)
    • Admins have no restrictions as to Data Collection Trigger (Trigger) functionality
    • Regular Users have NO access of any kind to Triggers

Overview

In Release 5.3.0, expanded Security functionality is applied to  PU's.  Previously, a PU could use any Trigger when creating an object.

Data Collection Trigger Security can be applied to:

  1. Groups
  2. Individual Power Users

Security is designed to have both Privileges for Triggers and Permissions to a specific Trigger.  It allows a customer to limit the Triggers that a given PU can use to create elements and other objects that fetch data, including:

  1. Elements
  2. Data Dependencies
  3. Dimensions
  4. Event Calendars
  5. Datasets and User Maps
  6. My Favorites

Privileges are granted via Info Tab > Privileges section on the Group Editor or the User Editor.

Permissions arre granted  via the Permission button on Group Editor, Trigger Editor, or on the User Editor > Power Users tab > Data Collection Triggers section,

Granting Privileges - from Group or User Editor

There are two Trigger Privileges that can only be assigned to Power Users or inherited from the Group(s) to which a Power User belongs.  

  1. "Create Data Collection Triggers" (Parent)
  2. "Allow Power Users to grant Data Collection Trigger access to any User or Group"  (Extended Security Privilege)

A PU cannot be granted the second Privilege unless he is first granted the "Create Data Collection Triggers" Privilege

If a PU:

  1. Has neither Trigger Privilege:
    1. Cannot:
      1. Select a Trigger when creating a new element or object but one will be assigned by the system when the object is saved
        1. Trigger setting on Object Editors is greyed-out and may not be changed until or if the PU has been granted Use Access to at least one Trigger
      2. Create a new Trigger
    2. Can:
      1. Be granted Use Access Permission to one or more specific Triggers via the Group, User or Trigger Editor     
  2. Has only "Create Data Collection Triggers" Privilege, PU can:
    1. Create a new Trigger
    2. Assign Use or Edit access to Triggers that the PU creates or has been given/inherited Edit Access to:
      • Groups of which PU is a member
      • Groups to which PU has Edit Access
      • Other PU members of those Groups
  3. Has both Privileges, PU can:
    1. Create a new Trigger
    2. PU can assign Use or Edit access to Triggers that user creates or has been given/inherited Edit Access to any Groups or other PU's
Granting Permissions - (Admin > Data Collection Triggers > select a trigger)

There are two types of Trigger Security Permissions that may be granted to a PU:

  1. Use Access:  
    1. May be granted to PU without any Trigger-related Privileges
    2. PU can see and assign the Trigger when creating an element or other object
  2. Edit Access:  
    1. Restricted to Users with the Create Triggers Privilege
    2. PU can:
      1. See the Trigger in object Trigger drop-down lists
      2. Open the Trigger Editor
        1. Make changes to Trigger
        2. Delete the Trigger
        3. Assign Access
1. Trigger Editor (Admin > Data Collection Triggers)

1.1. Data Collection Triggers List

  1. The grid only shows Triggers to which the PU has Edit Access
    • Trigger Name has active link that opens the Trigger Editor
  2. The “Enabled filter contains options: "All, Yes, No"  and can be used to limit the Triggers displayed
  3. PU's can use the active Enable or Disable buttons to change the Status of selected Triggers
  4. If User has Privilege to "Create Triggers", they can [Add a new Data Collection trigger]

PU must have Edit access to at least one trigger for the Data Collection Triggers option to display in his Admin menu

1.2. Trigger Editor

PU's with Edit Access can access a specific Trigger's Editor from:

  • Admin menu > Data Collection Triggers > click on a Trigger name in the list box
  • Object Editor > Edit icon to right of Trigger text box

From the Editor, a PU can:

  • Make changes to the settings
  • Use the Permissions button to grant Trigger Access
  • Delete the Trigger
  • Add another Trigger

PU's are restricted as described below.

1.2.1. Trigger Permissions

  1. On the Trigger Editor, click the Permissions button to open the Data Collection Triggers Permissions pop-up
  2. On the Permissions pop-up, PU with Edit Access can grant Use or Edit Access to:
  3. Groups and PU members of Groups to which PU belongs and Groups which PU can edit
  4. With the Extended Security Privilege, any Group or other PU

1.2.2. Trigger Dependencies

  1. PU can add or edit only those Trigger Dependencies for which he has been granted Edit access. See details Establish dependencies between Data Collection Triggers
  2. PU can add or edit any Data Dependency without requiring any access to them. See details Configure Data Dependencies for a Data Collection Trigger

Impact on Other Editors:

2. Group Editor (Admin menu > Groups)

PU's with the Privilege to Create Groups or Permission to  edit a specific Group may grant access to Triggers on the Group Editor > Power Users tab:

  1. Select  the [+Data Collection Trigger to Group] to open the Add Data Collection Trigger to Group pop-up
  2. Select a Trigger from drop-down -  the PU will only see Triggers to which he has Edit Access
  3. Grant Use or Edit Access to be inherited by the Group's Power Users
  4. Save
3. Metric, Report, Data Dependencies, and Dimension Editors

in order to access the Metric and Report Editors, PU must have edit access to the Category assigned to the element (new in 5.3 version)

PU can open one of these Editors even without access to the currently assigned Trigger (or to any other Trigger)

  1. Data Collection Trigger drop-down list contains:
    • The currently assigned Trigger, to which the PU may or may not have access, a situation that arises when the PU has been given Edit access to the object without having access to the object’s Trigger
      • If PU changes Trigger away from the original, the user is prevented from changing the trigger BACK to the original unless the PU has subsequently gained access to that Trigger
    • Other Triggers for which the PU has Use or Edit Access, if any
4. External Report Editor

4.1. Creating a new External Report (New > External report)

  1. New External Report pop-up displays
  2. Select any Trigger to which PU has Use or Edit Access from the drop-down list.
    • If PU doesn't have access to any Trigger, the drop-down list is empty
  3. If there is no Trigger to be selected, PU must change  Report Source = Manual Entry because the System will NOT randomly select one of the existing Triggers on  this pop-up
  4. Click definite details to open the External Report Editor > Configuration Tab

Continue with directions in Section 4.2

4.2. Modify an existing External Report (Content > Elements > Type: External Report)

PU must have edit access to the External Report's Category in order to access the Editor (new in 5.3 version)

A PU must be granted Edit Access to a specific External Report    

  1. If the Report Source is set to Automated Collection, select any Trigger to which PU has Use or Edit Access from the drop-down list
    • If PU doesn't have access to any Trigger, the System will automatically display an existing trigger
  2. If the Report Source is set to Manual Entry
    • The Report Image Trigger setting disappears and will only reappear if the Report Source is changed to Automated Collection
5. Datasets

5.1. Dataset Editor (Content > Datasets)

PU must have edit access to the Dataset, its Data Source and at least view access to its Category in order to access the Editor

 

 

PU can access the Dataset or User Map Editor even without access to the currently assigned Trigger or access to any other Trigger

  1. On the , the Data Collection trigger setting shows the currently assigned Trigger, to which the PU may or may not have access, a situation that arises when the PU has been given Edit access to the object without having access to the object’s Trigger
    • If PU changes Trigger away for the original one, the PU is prevented from changing the trigger BACK to the original unless the PU has subsequently gained access to that Trigger
  2. The drop-down list contains Triggers to which the PU has either Edit  or Use Access

 

5.2. Dataset Viewer

  1. When the PU builds Reports, Metrics, Dimensions and Stats Models from a Dataset Viewer:
    • The Dataset’s Trigger is propagated to generated objects
    • The PU receives Edit Access to the generated objects, even without access to the Trigger inherited by default.
6. Events Calendar (Admin > Event Calendars)

6.1. General information

Event Calendars have no Privileges associated with them. PU access to a specific Event Calendar is restricted by Ownership. Power Users may only access those Calendars for which they are owners; either by creating the Calendar or by an Admin User assigning Ownership of an existing Event Calendar to the PU.

Admin Users must ensure that the Power User has the required Security for the Event Source when assigning Ownership; otherwise the PU will receive a Security error when trying to edit the Calendar.  Required Event Source Security is one of the following:

  • Use Access to a Configurable Data Source
  • Privilege to Create Content using a Non-Configurable Data Source; e.g., CSV

There are no Security restrictions on the associated Metrics, Categories or Tags that a PU may assign to an Event Calendar.

6.2. Adding a new Event Calendar

 All Power Users have the ability to Create a new Event Calendar by default.          

 

  1. The Data Collection Trigger drop-down will display all Triggers that the PU can either Edit or View (Use)
    • If PU doesn't have access to any Trigger, the System will automatically default an appropriate existing trigger (as displayed above)

To view all steps required to add a Event calendar, refer to Create / Define an Event Calendar.

6.3. Edit an existing Calendar

  1. PU will only see those Event Calendars of which they are Owners. (The Owners field does not ever display for PUs on the Editor)
  2. PUs can only edit those Calendars for which the PU has the appropriate Security to Event Source; otherwise an error will display when attempting to access (see Event Calendar "General" section above for details)
7. My Favorites Editor (Personal menu > My Favorites)
  1. From the grid, click the Edit icon for a specific Favorite Folder
  2. On the Edit Favorite pop-up, when the Include in Digest on is set to Data Collection Trigger completion
  3. User can select any Data Collection Trigger

There is no Security applied to the list of Triggers