Data Collection Trigger Security (new in v5.3)
-
All of the Security discussed below applies to Power Users (PU's)
- Admins have no restrictions as to Data Collection Trigger (Trigger) functionality
- Regular Users have NO access of any kind to Triggers
Prior to Version 5.4, a PU could use any Trigger when creating an object.
Overview
Data Collection Trigger Security can be applied to:
- Groups
- Individual Power Users
Security is designed to have both Privileges for Triggers and Permissions to a specific Trigger. It allows a customer to limit the Triggers that a given PU can use to create elements and other objects that fetch data, including:
- Elements
- Data Dependencies
- Dimensions
- Event Calendars
- Datasets and User Maps
- My Favorites
Privileges are granted via Info Tab > Privileges section on the Group Editor or the User Editor.
Permissions arre granted via the Permission button on Group Editor, Trigger Editor, or on the User Editor > Power Users tab > Data Collection Triggers section,
There are two Trigger Privileges that can only be assigned to Power Users or inherited from the Group(s) to which a Power User belongs.
- "Create Data Collection Triggers" (Parent)
- "Allow Power Users to grant Data Collection Trigger access to any User or Group" (Extended Security Privilege)
A PU cannot be granted the second Privilege unless he is first granted the "Create Data Collection Triggers" Privilege
If a PU:
-
Has neither Trigger Privilege:
-
Cannot:
-
Select a Trigger when creating a new element or object but one will be assigned by the system when the object is saved
- Trigger setting on Object Editors is greyed-out and may not be changed until or if the PU has been granted Use Access to at least one Trigger
- Create a new Trigger
-
Select a Trigger when creating a new element or object but one will be assigned by the system when the object is saved
-
Can:
- Be granted Use Access Permission to one or more specific Triggers via the Group, User or Trigger Editor
-
Cannot:
-
Has only "Create Data Collection Triggers" Privilege, PU can:
- Create a new Trigger
-
Assign Use or Edit access to Triggers that the PU creates or has been given/inherited Edit Access to:
- Groups of which PU is a member
- Groups to which PU has Edit Access
- Other PU members of those Groups
-
Has both Privileges, PU can:
- Create a new Trigger
- PU can assign Use or Edit access to Triggers that user creates or has been given/inherited Edit Access to any Groups or other PU's
There are two types of Trigger Security Permissions that may be granted to a PU:
-
Use Access:
- May be granted to PU without any Trigger-related Privileges
- PU can see and assign the Trigger when creating an element or other object
-
Edit Access:
- Restricted to Users with the Create Triggers Privilege
- PU can:
- See the Trigger in object Trigger drop-down lists
- Open the Trigger Editor
- Make changes to Trigger
- Delete the Trigger
- Assign Access
1.1. Data Collection Triggers List
- The grid only shows Triggers to which the PU has Edit Access
- Trigger Name has active link that opens the Trigger Editor
- The “Enabled” filter contains options: "All, Yes, No" and can be used to limit the Triggers displayed
- PU's can use the active Enable or Disable buttons to change the Status of selected Triggers
- If User has Privilege to "Create Triggers", they can [Add a new Data Collection trigger]
PU must have Edit access to at least one trigger for the Data Collection Triggers option to display in his Admin menu
1.2. Trigger Editor
PU's with Edit Access can access a specific Trigger's Editor from:
- Admin menu > Data Collection Triggers > click on a Trigger name in the list box
- Object Editor > Edit icon to right of Trigger text box
From the Editor, a PU can:
- Make changes to the settings
- Use the Permissions button to grant Trigger Access
- Delete the Trigger
- Add another Trigger
PU's are restricted as described below.
1.2.1. Trigger Permissions
- On the Trigger Editor, click the Permissions button to open the Data Collection Triggers Permissions pop-up
- On the Permissions pop-up, PU with Edit Access can grant Use or Edit Access to:
- Groups and PU members of Groups to which PU belongs and Groups which PU can edit
- With the Extended Security Privilege, any Group or other PU
1.2.2. Trigger Dependencies
- PU can add or edit only those Trigger Dependencies for which he has been granted Edit access. See details Establish dependencies between Data Collection Triggers
- PU can add or edit any Data Dependency without requiring any access to them. See details Configure Data Dependencies for a Data Collection Trigger
Impact on Other Editors:
PU's with the Privilege to Create Groups or Permission to edit a specific Group may grant access to Triggers on the Group Editor > Power Users tab:
- Select the [+Data Collection Trigger to Group] to open the Add Data Collection Trigger to Group pop-up
- Select a Trigger from drop-down - the PU will only see Triggers to which he has Edit Access
- Grant Use or Edit Access to be inherited by the Group's Power Users
- Save
in order to access the Metric and Report Editors, PU must have edit access to the Category assigned to the element (new in 5.3 version)
PU can open one of these Editors even without access to the currently assigned Trigger (or to any other Trigger)
-
Data Collection Trigger drop-down list contains:
- The currently assigned Trigger, to which the PU may or may not have access, a situation that arises when the PU has been given Edit access to the object without having access to the object’s Trigger
- If PU changes Trigger away from the original, the user is prevented from changing the trigger BACK to the original unless the PU has subsequently gained access to that Trigger
- Other Triggers for which the PU has Use or Edit Access, if any
- The currently assigned Trigger, to which the PU may or may not have access, a situation that arises when the PU has been given Edit access to the object without having access to the object’s Trigger
4.1. Creating a new External Report (New > External report)
- New External Report pop-up displays
- Select any Trigger to which PU has Use or Edit Access from the drop-down list.
- If PU doesn't have access to any Trigger, the drop-down list is empty
- If there is no Trigger to be selected, PU must change Report Source = Manual Entry because the System will NOT randomly select one of the existing Triggers on this pop-up
- Click definite details to open the External Report Editor > Configuration Tab
Continue with directions in Section 4.2
4.2. Modify an existing External Report (Content > Elements > Type: External Report)
PU must have edit access to the External Report's Category in order to access the Editor (new in 5.3 version)
A PU must be granted Edit Access to a specific External Report
- If the Report Source is set to Automated Collection, select any Trigger to which PU has Use or Edit Access from the drop-down list
- If PU doesn't have access to any Trigger, the System will automatically display an existing trigger
- If the Report Source is set to Manual Entry
- The Report Image Trigger setting disappears and will only reappear if the Report Source is changed to Automated Collection
5.1. Dataset Editor (Content > Datasets)
PU must have edit access to the Dataset, its Data Source and at least view access to its Category in order to access the Editor
PU can access the Dataset or User Map Editor even without access to the currently assigned Trigger or access to any other Trigger
- On the , the Data Collection trigger setting shows the currently assigned Trigger, to which the PU may or may not have access, a situation that arises when the PU has been given Edit access to the object without having access to the object’s Trigger
- If PU changes Trigger away for the original one, the PU is prevented from changing the trigger BACK to the original unless the PU has subsequently gained access to that Trigger
- The drop-down list contains Triggers to which the PU has either Edit or Use Access
6.1. General information
Event Calendars have no Privileges associated with them. PU access to a specific Event Calendar is restricted by Ownership. Power Users may only access those Calendars for which they are owners; either by creating the Calendar or by an Admin User assigning Ownership of an existing Event Calendar to the PU.
Admin Users must ensure that the Power User has the required Security for the Event Source when assigning Ownership; otherwise the PU will receive a Security error when trying to edit the Calendar. Required Event Source Security is one of the following:
- Use Access to a Configurable Data Source
- Privilege to Create Content using a Non-Configurable Data Source; e.g., CSV
There are no Security restrictions on the associated Metrics, Categories or Tags that a PU may assign to an Event Calendar.
6.2. Adding a new Event Calendar
All Power Users have the ability to Create a new Event Calendar by default.
-
The Data Collection Trigger drop-down will display all Triggers that the PU can either Edit or View (Use)
- If PU doesn't have access to any Trigger, the System will automatically default an appropriate existing trigger (as displayed above)
To view all steps required to add a Event calendar, refer to Create / Define an Event Calendar.
6.3. Edit an existing Calendar
- PU will only see those Event Calendars of which they are Owners. (The Owners field does not ever display for PUs on the Editor)
- PUs can only edit those Calendars for which the PU has the appropriate Security to Event Source; otherwise an error will display when attempting to access (see Event Calendar "General" section above for details)
