Changes to Security in 4.2
1. Privileges to Create Content Using Non-Configurable Data Sources
The four Privileges shown above were added in 4.0 for granting to Groups or Power Users. In 4.2, the following considerations remain applicable in 4.2:
- Without these Privileges, a new Power User has only two Data Source options when creating a new element, Aggregate a Metric and External Content. To aggregate a Metric, the Power User must also be given access to at least one Metric for use in aggregating to a higher Measurement Interval; e.g., Daily to Weekly, Weekly to Monthly
- Unlike Configurable Data Sources, SQL or Plugin, Power User is never given "automatic" access to the any of these Privileges when directly receiving Edit Access to an element, Category, Dimension or Event Calendar. An Admin must take an separate step to grant the required Privilege.
- When an existing customer upgrades to 4.0, there is a script included in the install process that automatically grants these four Privileges to existing Power Users and to the Default Group.
- After the 4.0 upgrade has been completed, when a new Power User is created, the user is not automatically granted these Privileges.
2. New Dimension-related Privilege
Prior to 4.2, a Power User with Edit Access to a Dimension could grant View or Edit Access to any Group or any User. In 4.2:
- By default, any Power User with Edit Access to a Dimension can ONLY grant View or Edit Access to the Group(s) to which the Power User belongs or to any User who is a member of those Groups.
- With the new Privilege, "Allow Power User to grant Dimension Access to any User or Group", the Power User is not limited when granting access to a Dimension to which the Power User has Edit Access.
3. Restriction on Dimensioned Elements Created by Power User
Prior to 4.2, a Power User could create an element dimensioned by any Dimension The Power User was automatically granted element-only Dimension Access to all Dimension Values. In 4.2, the Power User:
- May still create an element dimensioned by any Dimension; however, if the Power User has no Dimension Value access to the Dimension used in the element, the Power User cannot open the element's Viewer and will receive an Access Denied error page.
- Must inherit or be directly granted Dimension access as well as at least one Dimension Value permission in order to open the view of a Dimensioned element that the user creats.
4. Elimination of Automatic Element-Only Access to all Dimension Values
Prior to 4.2, a Power User who was made the Technical Owner of an element created by another user or who received Edit Access to an Element or Category via inheritance or direct assignment, was automatically granted element-only Dimension Access to all Dimension Values . In 4.2, the Power User only receives Edit Access to the associated element when he/she:
- Inherits or is directly granted Dimension access as well as at least one Dimension Value permission
- Has been granted the associated Create Content Privilege or Permission to use the element's Data Source
5. Adjustment to Power User's Category List
6. Removal of Category Editor Permissions Button for Power Users
7. Tiles that open to empty Viewers
A Regular or Power User without access to at least one component element of a Multi-Metric or Composite Element sourced from Existing Metrics or from a Single Existing Report will see a tile on the Homepage. When clicked, a blank viewer opens. An Admin must grant at least View Access to one of the components in order for the User to see the associated Chart.
A Power User with Edit Access to a Multi-Metric or Composite Element wil not be able to see the elements Chart and/or access the Element Editor without:
- At least View Access to one of the components
- The Privilege to Create Content using Existing Metrics or Single Existing Report, whichever is applicable to the element
- Access to any Dimension used in the element and permission to at least one Dimension Value