Element Security 5.3.0 changes

  • The Security discussed below applies primarily to Power Users (PU's) because:
    • Admins have no restrictions as to Element functionality
    • Regular Users have no ability to Edit elements, only receive View Access given restrictions on Dimensions and source element View Access.

Overview

Power Users have the implicit Privilege to Create any type of element.  When they create an Element, they automatically receive Edit Access to that Element and become the default Technical Owner.

In Release 5.3.0, Expanded Security Functionality is applied to element Edit Access for PU's.  In order for a PU to open an element's Editor, the PU must have either:

  • Edit access to its Category (new in 5.3 version)
  • At least View Access to one Dimension Value
  • At least View Access to any component element or source Dataset
  • At least Use Access of the element's Configurable Data Source
  • If sourced from a Dataset or Non-Configurable Data Source, the Privilege to Create Content using the source and at least View Access to any source element or Dataset

PU can open an element's Editor even without access to the currently assigned Data Collection Trigger (or to any other Trigger).  The PU is limited to changing the Trigger to one to which the PU has Use or Edit Access.

Element Security Permissions can be applied to:

  1. Individual RU's and PU's
  2. Groups for inheritance by members of the Group

For Power Users, element Security is designed to have both an Expanded Security Privilege for Elements and Permissions to a specific element.

Privileges are granted via Info Tab > Privileges section on the Group or the User Editor.

Permissions are granted via the Permission button on Group Editor, or on the User Editor > Elements tab as well as on the element Editor > Advanced tab > Permissions button.

Granting Privileges - from Group or User Editor

Every Power User has the implicit Privilege to Create Elements, and the Privilege cannot be manually added or deleted.

There is one Element Privilege for Expanded Security.  

  • "Allow Power Users to grant Element access to any User or Group"  (Extended Security Privilege) allows PU to grant element View or Edit Access to any Group or User (for RU's, limited to View Access)

In addition, there are numerous Create Content Privileges that can only be directly assigned to Power Users or inherited from the Group(s) to which a Power User belongs.  

  • These Privileges govern the Data Sources that can be used to fetch data for elements.
  • If the Data Source fetches from another element or a Dataset, the PU must have at least View Access as well as the related Create Content using .... Privilege

 

Granting Permissions - (Content > Elements > select an Element > Element Editor > Advanced tab)

There are two types of Element Security Permissions that may be granted to a Group, RU (View Access Only) and PU:

  1. View Access:  ("no" option)
    1. May be granted to a PU or RU
  2. Edit Access:  ("yes" option)
    1. PU can:
      1. Open the Element Editor
        1. Make changes to element
        2. Delete the element
        3. Assign Access to Groups of which the PU is a member and to other Members of those Group
          1. With Extended Security Privilege, grant access to any Group or Regular/Power User

Permissions may be granted via the element's Editor, Group Editor or individual User Editor (by Admin only).

1. PU - Add new element: Elements > Element List Page

1.1. Elements List (Content > Elements)

  1. The grid only shows Elements to which the PU has Edit Access
    • Name has active link that opens the Element Editor
  2. The PU can [+ New Element] to add a new element

1.2. Element Editor

PU's with Edit Access can access a specific Element's Editor from:

  • Element menu > Element List page > click on a element's name in the grid
  • Edit icon on tiles and Previews

PU's are restricted as described below.

1.2.1. Element Permissions (Element Editor > Advanced tab)

  1. Click the Permissions button to open the Element Permissions pop-up
  2. On the Permissions pop-up, PU can grant View or Edit Access to:
    1. Groups and PU members of Groups to which PU belongs and Groups which PU can edit
    2. With the Extended Security Privilege, any Group or other PU

1.2.2. Element Editing

On the Info or Data tabs on the element Editor's, PU can add or change the element's settings, including the following:

  1. Dimensions to one for which the PU has Edit Access, if any
  2. Category to one to which the PU has Edit Access
  3. Data Source to one to which the PU has at least Use Access using a source element or Dataset to which the PU has at least View Access
  4. Data Collection Trigger to one for which PU has Use or Edit Access

Impact on Other Editors:

2. PU: Group Editor (Admin menu > Groups)

PU's with the Privilege to Create Groups and Permission to edit a specific Group may grant access to elements on the Group Editor > Elements tab:

  1. Select  the [+ Element access to Group] to open the Give Element Access to Group pop-up
  2. Grant View or Edit Access to be inherited by the PU members of the Group  (RU's will only inherit View Access)
  3. Save
3. Generate Metrics and Reports from Dataset Viewer

3.1. Dataset Viewer (Content > Datasets > Views > Action)

PU can create a Metric or Report from a Dataset Viewer if they have the following Privileges and Permissions.

  • Permission View Access to the Dataset
  • Privilege "Create Content from Dataset"

 

On the Dataset Viewer:

  1. Select a Dataset View
  2. Open the Action menu > Build Metrics or Reports to generate an element from the selected View's data

NOTE: The generated element inherits the Dataset's:

  1. Category
  2. Data Collection Trigger 

0 Comments

Add your comment

E-Mail me when someone replies to this comment