Set Discoverability & Custom Access Requests

In 6.3.4, Discoverability was expanded to include all Metric Insight Elements in addition to External Reports

The Discoverability feature allows Users to see those tiles on the Homepage that they do not have Permission to view and (optionally) submit an Access Request.  Admins and privileged Power Users can then grant access via the Access Request screen.  

Metric Insights supports three Processing options:  

  • Distributed Access Request processing entirely within Metric Insights 
  •  Centralized Access Request processing (via a tool like SAP's GRC), 
  • Access Requests sent to a Webpage

This article explains:

  1. Selecting an Option to Process Access Requests
  2. Checking for User Access to Tableau
  3. Settting Elements to be Discoverable
  4. Optional Settings
  5. How to Process Access Requests within Metric Insights

The system will default to standard error messaging if no customization has been set up, see  Provide Tile Information on Access Denied Popup

Example of Standard Access Request popup in Metricinsights

Popup Message on Homepage:

Access Security Requests | Controlling Access within Metric Insights | TOC | [6.3.2] Provide Tile Information on Access Denied Popup | Help & Documentation | ScreenSteps - Google Chrome

1. Select the Flow that is Followed when Access Request Button is Activated

1.1. Access Request Flow 1: Managed Within Metric Insights

The following System Variables must be set via Admin > System > System Variables for this Flow

  1. Select "Access Requests & Discoverabilty" in the Search field to narrow your options
  2. Set 'ACCESS_REQUEST_VIA_WEBPAGE' to 'N'
  3. Set 'NEW_CONTENT_IS_DISCOVERABLE' to 'Y'
  4. Commit your changes
1.2. Access Request Flow 2: Manage via Access Request API (such as SAP's GRC tool)

The following System Variables must be set via Admin > System > System Variables for this Flow

  1. Select "Access Requests & Discoverability" in the Search field to narrow your options
  2. Set 'ACCESS_REQUEST_URL' to the <URL> set to process your company's Access Requests
  3. (Optional) Set 'ACCESS_REQUEST_URL_PASSWORD' if required
  4. (Optional) Set 'ACCESS_REQUEST_URL_USERNAME' if required
  5. Set 'ACCESS_REQUEST_VIA_WEBPAGE' to 'N'
  6. Set 'NEW_CONTENT_IS_DISCOVERABLE' to 'Y'
  7. Commit your changes

When the "Request Access" button is clicked on Homepage Tile, a request will be sent to the endpoint set via "ACCESS_REQUEST_URL", passing Access Request Group set on the Element Editors.

1.3. Access Request Flow 3: Manage via External Form/Webpage

The following System Variables must be set via Admin > System > System Variables for this Flow

  1. Select "Access Requests & Discoverability" in the Search field to narrow your options
  2. Set 'ACCESS_REQUEST_URL' to the <webpage> set to process your company's Access Requests
  3. (Optional) Set 'ACCESS_REQUEST_URL_PASSWORD' if required
  4. (Optional) Set 'ACCESS_REQUEST_URL_USERNAME' if required
  5. Set 'ACCESS_REQUEST_VIA_WEBPAGE' to 'Y'
  6. Set 'NEW_CONTENT_IS_DISCOVERABLE' to 'Y'
  7. Commit your changes

NOTE: Any Custom Access Request messages or email recipients that are set on either the Element Editor or Category Editor will be ignored in this flow. When [Request Access] is selected  the Request is sent directly to the Webpage (Request URL).

2. Special Check for User Access to Tableau Dashboard

This is a special check only available for Tableau External Reports that User has Permission to View in Metric Insights. It will verify that User has access to view Tableau Workbooks and Dashboards in the Tableau environment. This validation is only available when Username is passed through SAML

2.1. Check That Report Type is Set for Pre-verification

Open External Report Editor

  1. Click on edit gear to open <element> Type Editor to open the External Report Types editor
  2. Scroll to bottom of Editor
  3. Verify that Pre-verify User Access through Tableau API is set to 'Y'  (Note: this option must be set up the systems engineer; you should not modify this option. Please contact [email protected] for assistance. )
2.2. This check is executed when User clicks on Preview image of External Report

3. Set Elements to be Discoverable

Access existing Elements from the Homepage via the edit icon (gear)and open the Advanced tab. Discoverability can also be set via Bulk Edit from element lists.

Metric Editor - Google Chrome
  1. Toggle Make Discoverable to Users Without Access ON to expose optional fields marked in yellow
  2. Additional fields are made available for optional changes

4. Optional Settings

4.1. Remove or Rename the [Access Request] Button

Access > System > System Variables

Variables - Google Chrome
  1. Select "Access Requests & DIscoverablity" from Search Option
  2. Edit the ACCESS_REQUEST_BUTTON_TEXT by activating the Edit icon on that row
  3. Input new Button label or set to blank to deactivate the button
  4. [Save]  
  5. [Commit Changes]
4.2. Optional Settings for Homepage Tile Images & Messages

Access Element Editors >  Advanced tab

Scroll down to Content Access Section

  1. (Optional) Access Request Group is only used in Workflow 3 where processing is done via a company-created webpage.
  2. (Optional) Upload your own Homepage Tile preview image from an image on your system. This image will display on Tiles rather than the default of a blurred image.
  3. (Optional) If you do not upload your image, you can alter the level of Image Blur.  Blurring is only available for the default image.
  4. (Optional) To set Custom Access Denied  Message, set this toggle to "On" and see either:
  5. (Optional) Enter an Email address where this Access Request will be delivered. This overrides the default of sending emails to all System Admins (these Admins are enabled by "Receive Access Notifications" being set to "Y" in the User Editor.n This address can also be set at the Category level.

4.2.1. Customize Access Denied Message on the Element Editor

Note: if you do not specify a Access message at the Element Editor level, the system will check the associated Category for a message.  If message is not specified there, the Standard Message will display.

Report Editor - Google Chrome

 Toggle the 'Use Custom Access Denied Message' to 'ON'

  1. You can control the Message display using the standard formatting options
  2. You can insert the following variables using the dropdown:
    • [Element name] causes the system to  substitute the Element Name in the display
    • [More Info] provides a link to a list of information to assist Users
  3. Option exists to add hyperlink as needed
4.2.2. Customize Access Denied Message on Category Editor

Access Content > Categories > [select a category] > Category Editor > Info tab

If Access Denied Message is NOT set at the Element level, the message set at the associated Category level will be used or all Elements it contains

  1. Toggle the 'Use Custom Access Denied message' to ON to open additional fields and complete as above for Element example
  2. See Example above
  3. Set alternative Access Request email address to be informed of this Access Denial. This field will over-ride the Standard option to send email to your Support Admin(s) for Access.
4.3. (Optional) Restrict Discoverability to Groups by Category

[6.3.4] Since not all groups need to see all Discoverable content as it is not relevant to them, we provide the ability to restrict Discoverability to certain User Groups for an entire Category. See Restrict Discoverability to Certain Groups

4.3.1. Set System Variable for Restriction

Access > Admin > System > System Variables

Variables - Google Chrome
  1. Set Search to "Access Requests & Discoverability" to limit grid display
  2. Find RESTRICT_DISCOVERABLE_CONTENT  
  3. User Edit icon (gear) to open popup and set variable to "Y'
  4. Commit Changes

4.3.2. Select Groups

Access Content > Categories > Select a Category to edit

Category Editor - Google Chrome
  1. Open Discoverability tab (this tab will not display unless System Variable is set per previous step)
  2. System will default to "All Groups"
  3. Activate  "Selected Group"  to open selection icon
  4. [+ Add Groups] to open popup
  5. Select Groups via check boxes and [+ Add Selected]
  6. Example of Group grid

5. Process Access Requests within Metric Insights

Access:

  • From email sent when Access was requested or
  • Via Admin Menu
Example of  "Request Access" email for processing

Example of  "Request Access" email. Request emails will be sent to either the Access Request Email if specified in Category or Element Editor, or will default to your Support Admins' email address(es) are set to "Receive Access Notifications" in their User Record.

User access request - bk@metricinsights.com - Metric Insights Mail - Google Chrome
  1. Activate [Process Request] directly from email
  2. Process Request using Controls:
    • (check mark) to Grant Access  and proceed to next step
    • (x mark) to Reject the Request and remove from list

How to Access User Access Requests via Admin menu

Access via Admin > Users & Groups > Requests > Requests

User Access Requests - Google Chrome
  1. Process Request using Controls:
    • (check mark) to Grant Access  and proceed to next step
    • (x mark) to Reject the Request and remove from list

5.1. Grant Access Request

Select to grant access to single element or entire category and all its elements

  1. Activate toggle to select whether you want to grant Access to the specific Element or to the Element's Category and its all its elements
  2. [Grant Access] to complete request
  3. Open User Editor to verify that requested Element or Category is added to the Elements tab