Configurable Data Source Security (5.2.1 and beyond)

  • All of the Security discussed below applies to Power Users (PU's)
    • Admins have no restrictions as to Data Source (Data Source) functionality
    • Regular Users have NO access of any kind to Data Sources

Overview

Prior to Release 5.2.1, Power Users could use Data Sources to which they had at least Use Access Privilege and create content using those Data Sources.  In 5.2.1,  expanded Data Source Security was applied to  PU's.  With the new "Create Data Sources" Privilege, a PU with Edit Access to a Data Source can assign Data Source access to Groups and other PU's in his related Groups.  An Expanded Security Privilege allows the PU to assign access to any Group or PU.

Data Source Security can be applied to:

  1. Individual PU's
  2. Groups for inheritance by PU members

Security is designed to have both Privileges for Data Sources and Permissions to a specific Data Source.  It allows a customer to limit the Data Sources to which a given PU can assign Access to, or use to create elements and other objects..  These include:

  • Elements
  • Datasets and User Maps
  • Dimensions
  • Event Calendars

 

Privileges are granted via Info Tab > Privileges section on the Group Editor or the User Editor.

Permissions are granted via the Permission button on Group Editor, Data Source Editor, or on the User Editor.

Granting Privileges - from Group or User Editor (Info tab > Privileges section)

There are two Data Source Privileges that can only be assigned to Power Users or inherited from the Group(s) to which a Power User belongs.  

  1. "Create Data Sources" (Parent)
  2. "Allow Power Users to grant Data Source access to any User or Group"  (Extended Security Privilege)

A PU cannot be granted the second Privilege unless he is first granted the "Create Data Sources" Privilege

If a PU:

  1. Has neither Data Source Privilege:
    1. Cannot:
      1. Create a new Data Source
    2. Can:
      1. Be granted Use Access Permission to one or more specific Data Sources via the Group, User or Data Source Editor 
      2. Use a Data Source to which PU has Use Access to create a new object that fetches data    
  2. Has only "Create Data Sources" Privilege, PU can:
    1. Create a new Data Source
    2. Assign Use or Edit access to Data Sources that the PU creates or has been given/inherited Edit Access to:
      • Groups of which this PU is a member
      • Groups to which this PU has Edit Access
      • Other PU members of those Groups
  3. Has both Privileges, PU can:
    1. Create a new Data Source
    2. PU can assign Use or Edit access to Data Sources that user creates or has been given/inherited Edit Access to any Groups or other PU's
Granting Permissions - (Admin > Data Sources > select a Data Source > Permissions button)

There are two types of Data Source Security Permissions that may be granted to or by a PU:

  1. Use Access:  
    1. May be granted to PU without other Data Source-related Privileges
    2. PU can select the Data Source when creating an element or other object
  2. Edit Access:  
    1. Restricted to Users with the Create Data Sources Privilege
    2. PU can:
      1. Select the Data Source from Data Source drop-down lists
      2. Open and Edit the Data Source
1. Data Source Editor (Admin > Data Sources)

1.1. Data Sources List

  1. The grid only shows Data Sources to which the PU has Edit Access
  2. If User has Privilege  "Create Data Sources", they can [Add New Data Source]

1.2. Data Source Editor

PU's with Edit Access can access a specific Data Source's Editor from:

  • Admin menu  > Data Sources click on a Data Source name in the list box
  • Object Editors > Edit icon to the right of Data Source text box

From the Editors, a PU can:

  • Make changes to the settings
  • Use the Permissions button to grant Data Source Access
  • Delete the Data Source
  • Add another Data Source

1.2.1. Data Source Permissions

  1. On the Data Source Editor, click the Permissions button to open the Data Sources Permissions pop-up
  2. On the Permissions pop-up, PU with Edit Access can grant Use or Edit Access to:
    1. Groups and PU members of Groups to which PU belongs or that the PU can edit
    2. With the Extended Security Privilege, to any Group or PU

Impact on Other Editors:

2. Group Editor (Admin menu > Groups > Power Users tab)

PU's with the Privilege to Create Groups or Permission to edit a specific Group can grant access to a Data Source on the Group Editor > Power Users tab:

  1. Select  the [+Data Source to Group] to open the Add Data Source to Group pop-up
  2. Select a Data Source from drop-down -  the PU will only see Data Sources to which he has Edit Access
  3. Grant Use or Edit Access to be inherited by the Group's members

Save

3. Metric, Report, Dataset, User Map, Dimension, and Event Calendar Editors

PU can create a new object or open any of these Editors. On the Data tab,

  1. Data Source drop-down list contains:
    • The currently assigned Data Source 
    • Other Data Sources for which the PU has Use or Edit Access

in order to access the Metric and Report Editors, PU must have edit access to the element, its Category (new in 5.3 version) and Use Access to its Data Source.