Dataset/User Map Security Overview (Release 5.2.1 thru 5.4)
For Dataset/User Map Security for earlier release, see Dataset Security Overview (prior to 5.2.1 security updates) For Release 5.5 and beyond, see Apply User Map to Dataset and Dataset Reports (new in 5.5)
This article covers both Dataset and User Map Security although references may only mention Datasets.
In 5.2.1 and 5.3, changes to the Security Model affected Datasets. Security and descriptions included in this article reflect these changes.
- Admin Users: are automatically granted unlimited viewing and editing access to all Datasets, Dataset Views and Metrics, and Reports created from them.
- Power Users: may have either View or Edit Access to a Dataset
- Regular Users: only receive View Access to a Dataset
Dataset Permissions and Privileges are not granted to Power Users (PU's) automatically. To work with Datasets, a PU must inherit from user's assigned Group(s) or be explicitly granted:
- Dataset Privileges via the Group or User Editor
- Permissions to individual Datasets are granted on the Group or User Editor or Dataset
- Automatic Dataset access via Category Permissions granted on the Group, User or Category Editor
- Includes basic View or Edit Access to each Dataset included in a Category and depends on the PU's Access to the Category itself
- Does not include access to Data Sources associated with Datasets assigned to the Category
Full Dataset Edit Access for a PU's requires additional Permissions:
- Privilege: "Create Datasets"
- Use or Edit Access to the Dataset's configurable Data Source (if any)
- Edit Access to Dataset's Category
- View or Edit Access to Source Dataset View (if any)
- Create Content using CSV if file upload is used to populate the Dataset
- With Edit Access to a Dataset, a PU:
- Sees all data even if the Dataset has a User Map
- Can access all public views of the Dataset
- With Privilege "Create Content Using Datasets":
- Create Stats Models and other content from the Dataset Viewer > Action Viewer
Exclusions that require associated manual granting of Permissions:
- Access to content created from a Dataset is NOT granted automatically to Groups or Users with access to the source Dataset
- All Access Groups do not receive View Access to any Datasets
Dataset Privileges in the User Editor or Group Editor
Privileges to review, use and create Datasets are not automatically granted in conjunction with other Permissions; for example, Edit Access to a specific Dataset.
Dataset Privileges that can be assigned to a Group or to a User:
- (Child) Create Public View: Dataset Views can be Private or Public. Content can only be created from a Dataset's Public View. If the child is selected, the Parent is automatically selected.
Create content using <type of dataset> provides the ability to create Metrics, Reports, Dimensions and Stats Models from Public Views of either or both types of Datasets:
- Existing Datasets (SQL)
Allow Power Users to grant Dataset access to any User or Group: For this privilege to come into effect, a Power User should additionally be granted Edit Access to a specific Dataset.
- By default, a Power User without this Privilege can only grant Dataset access to members of Group(s) to which the Power User belongs.
Dataset Access Permissions
Permissions grant View or Edit Access to a Dataset to a Power User or Group. Regular User may only receive View access.
Groups or Users only View Access to a Dataset, there is no access to the Dataset's Editor. Group Members and individual Power Users with View Access to a Dataset with access controlled by a User Map may only view the Dataset if the user is also included in the User Map.
- To create a Stats Model, follow path > Dataset Viewer > Actions menu
- Click Build Stats Model
Power Users can only create Stats Models if they have full Edit Access to the Dataset, as well as the Privilege to "Create Datasets" and the Privilege to "Create content using Datasets".
If a Power User has the Privilege "Create Public Views":
- Make a change to the content of a Dataset view
- Click "Save as View" button
- On the pop-up, select Visibility = Public
The View will become visible to users that have at least View Access to the Dataset and its source Dataset
Regular User Dataset Security
- None of the Dataset Privileges are available to Regular Users.
- Regular Users (RU's) may only be granted View Access to a Dataset.
- No option for Edit Access appear when a Regular User is selected
- If access to a Dataset is controlled via a User Map, the Regular User must be included in the User Map in order to open the Viewer.
- They are not able to create any Public Views or content from a View.
- If the Dataset is sourced from a Dataset, the RU must also have View Access to the source Dataset.