Categories Security
Privileges related to Categories can be granted to a Group or User in the Info tab of corresponding Editors or from the Category Editor. Every Power User has an implied Privilege of "Create a new Category". This article describes topics regarding access to Categories.
As of Rel 6.2.3, the constraint that a Power User requires Category Access to edit an Element or Datasets/User Map has been removed. All Users can view Elements/Datasets without access to the object's Category as long as they have View Access to the object. There is no Category Privilege related to this change.
1. General Information
The following Privileges are available for assignment to Power Users:
- Allow Power Users to grant Category access to any User or Group: This Privilege expands Power User's authority to allow granting Category access to any User or Group
- Assign Category with View Access to Elements/Datasets: Allows Power User to assign a Category to which User has View Access to a new Element or Dataset. It also allows to edit an existing Element or Dataset to which the User has Edit Access and that uses the Category
-
Sort Categories: This Privilege allows PU's to sort Categories on the List page as well as sort a Subcategories in its Editor
- The PU must also have Edit Access to the Category to perform these functions
- See Categories on Homepage: This one allows to show Categories in the Left Sidebar on the Homepage and turn on/off on "My Settings" page
-
Certify an Element and reassign its Category via API: It allows a User without Edit Access to an Element to certify it and to move the Element into another Category via API
- The User is required to have View Access to both the Element and the new Category to perform these actions
All of the above Privileges are standalone and can be granted one by one or all at once.
2. Granting Privileges
Access Group or User Editor and open the Info Tab
- [+Privilege to User (or Group)]
- Search on "Categ"
- Select any of the listed Privileges
- [Save]
3. Allowing to Sort the Category List Page Grid
In 6.2.5, a new System Variable (DISPLAY_CATEGORY_SORT_AZ_BUTTON) is provided for use by customers that want to protect the sorting that one user has completed from being "undone" by another person using the Sort A-Z button on the Categories List Page.
Access Admin > System > System Variables
- Set the DISPLAY_CATEGORY_SORT_AZ_BUTTON Variable to "Y"
- On the Categories list page, the [Sort A-Z] button is visible
- Change the Variable setting to "N" by clicking on the Variable's Edit icon
- The [Sort A-Z] button is not displayed on the Categories List Page.
This feature protects the work of an Admin or PU who has applied a custom sorting to the Category List Page.
4. Categories Hierarchy Access Rules
The general rules of Category Security when it had one or more vertical levels of parentage; i.e., hierarchy, are as follows:
- Category View Access Permissions may be given to a Group or individual Regular or Power User
- If Edit Access is granted, it applies only to Power Users
- Permissions may be granted to any Category within the hierarchy
- If a User is granted access to a Parent Category at any level within the tree structure, that user automatically receives corresponding Access to children at all lower levels
- In the example image above, a User was granted Access to:
- The Sales & Marketing Category receives it for ALL members of the hierarchy
- The Sales Ops Category receives it for its children: Account, Geo and Region
- In the example image above, a User was granted Access to:
- Access applies horizontally; i.e., to all children of the selected Parent
- Access does not apply upward, only downward vertically
- Data Source Use Access for Elements within the parent Category is granted to an individual PU for the Parent's Elements but NOT for Elements belonging to the associated Child Categories
- No Element Data Source access is granted to Group member Power Users when Category Access is granted
- Neither Groups nor individual Users are granted any associated component Element or Dimension access
- These must be granted manually in order to ensure a User can open the Elements or Datasets within a Category
- No Dataset or UM Data Source access is given to the Group or individual User when they are granted Category Access
- If a User is granted access to a Parent Category at any level within the tree structure, that user automatically receives corresponding Access to children at all lower levels
5. Privilege for Display of Categories on Homepage
In 6.3.1, there is the ability to restrict most Regular and Power Users from seeing Categories on the Homepage to ensure that Users only be able to turn Categories on/off on the "My Settings" page if they have this Privilege.
Processing logic:
- If the User does not have this Privilege, the Homepage with the Left Sidebar contains NO list of Categories
- On the "My Settings" Editor, the option to Show Categories on Homepage is not shown
Migration rules:
- At first existing customer upgrade or to any new customer install, this Privilege is added to all Users and Groups, include the Default Group and any All Access Groups. Customers who do not want this Privilege will have to remove it manually
- The Privilege is added to all new All Access Groups
Category displaying rules:
- If the User has at least View Access to any Element, the Category to which that Element belongs will be shown
- The "Last Active Category" option is always shown
- The "All Categories" option is always shown