Category Security: Release 6.2.1 and beyond

Privileges related to Categories can be granted to a Group or User on their Editors > Info Tab or from the Category Editor > Permissions button.  Every Power User has an implied Privilege of "Create a new Category".

In addition, the following Privileges are available for assignment to Power Users:

  1. Allow Power Users to grant Category access to any User or Group
  2. Assign Category with View Access to Elements/Datasets
  3. Sort Category List. (new in Release 6.1.2)
    1. The Sort Categories Privilege revised in Release 6.2.5 allows PU's to sort Categories on the List page as well sort a Category's children (Subcategories) on its Editor.
      1. In addition to this privilege, the PU must also have Edit Access to the Category to perform these functions.
  4. (Effective 6.3.1) Show Categories in the Left Sidebar on the Homepage and turn on/off on My Settings page

All of the above Privileges are standalone and can be granted one by one or all at once.

Permissions to a specific Categories are granted on the Group or User Editors > Elements tab or using the Category Editor > Permissions button. See the related Checklist article for more information.

In 6.2.5, a new System Variable is provided (DISPLAY_CATEGORY_SORT_AZ_BUTTON) is provided for use by customers that want to protect the sorting that one user has completed from being "undone" by another person using the Sort A-Z button on the Categories List Page.

 

As of Rel 6.2.3, the constraint that a Power User requires Category Access to edit an element or Datasets/User Map has been removed.  All Users can view elements/datasets without access to the object's Category as long as they have View Access to the object.  There is no Category Privilege related to this change.

1. Grant Privileges:  Group/User Editors > Info Tab

  1. Click [+Privilege to User (or Group)]
  2. Search on "Categ"
  3. Select any of the listed Privileges
  4. [Save]

2. Associated Configuration Variable:  Admin > System > System Variables to control the ability to sort/not sort the Category List page grid

  1. Set the DISPLAY_CATEGORY_SORT_AZ_BUTTON Variable i to "Y"
  2. On the Content > Categories list page, the [Sort A-Z] button is visible
  3. Change the Variable setting to "N" by clicking on the Variable's Edit icon
  4. The [Sort A=Z] button is not displayed on the Categories List Page.

This feature protects the work of an Admin or PU who has applied a custom sort to the Category List Page.

 

3. Permissions for Subcategories

Homepage > Content > Categories > list page

  1. Parent
  2. Parent > Child > Grandchild hierarchy

The general rules of Category Security when it had one or more vertical levels of parentage; i.e., hierarchy,  are  as follows:

  • Category View Access Permissions may be given to a Group or individual Regular or Power User
  • If Edit Access is granted, it applies only to Power Users
  • Permissions may be granted to any Category within the hierarchy
    • If a User is granted access to a Parent Category at any level within the tree structure, that user  automatically receives corresponding Access to children at all lower levels
      • In the example image above,  a user granted Access to:
        • The Sales & Marketing Category receives it for ALL members of the hierarchy
        • The Sales Ops Category receives it for its children:  Account, Geo and Region
    • Access applies horizontally; i.e., to all children of the selected Parent
    • Access does not apply upward, only downward vertically
    • Data Source Use Access for elements within the parent Category  is granted to an individual PU for the Parent's elements but NOT for elements belonging to the associated Child Categories
      • No element Data Source access is granted to Group member Power Users when Category Access is granted.
    • Neither Groups nor individual users are granted any associated component element or Dimension access
      • These must be granted manually in order to ensure a user can open the elements or Datasets within a Category.
    • No Dataset or UM Data Source access is given to the Group or individual user when they are granted Category Access.

4. Privilege for Display of Categories on Homepage

In 6.3.1, there is the ability to restrict most Regular and Power users from seeing Categories on the Homepage to ensure that users only be able to turn Categories on/off on the My Settings page if they have theis Privilege.

NAME:See Categories on Homepage

DESCRIPTION: Show Categories in the Left Sidebar on the Homepage and turn on/off on My Settings page

HIERARCHY: Standalone

GROUPING: Personal Settings

CAN BE EDITED BY ADMIN ON PRIVILEGE LIST PAGE:  Yes

PROCESSING LOGIC UPON ASSIGNMENT:

  1. If the User does not have this Privilege, sthe Homepage with the Left Sidebar contains NO list of Categories
    1. On the My Settings Editor, the option to Show Categories on Homepage is not shown.  
  2. If the User has this Privilege, show Categories as current behavior pre-6.3.1
    1. On the My Settings Editor,  show the option Show Categories on Homepage

MIGRATION:

  1. At first existing customer upgrade or to any new customer install, this Privilege is added to all Users and Groups, include the Default Group and any All Access Groups.  Customers who do not want this will have to remove manually.
  2. The Privilege is added to all new All Access Groups

MY SETTINGS TAB

User's Name Menu > Settings > Catalog Display > Default Folder setting

RULES FOR DISPLAY OF CATEGORIES:  

  1. If the user has at least View Access to any element, display the elements' Categories as options.
  2. Display the Categories of Elements to which user has either View or Edit Access
  3. Always display Last Active Category option
    1. Change the text from Last Active Category to Last Active Folder to correlate to the settings label
  4. Always display All Categories option?
  5. Always default to Last Active Folder
    1. Always take the user to the last Category or Folder that the user accessed