Element Security 5.3.0 changes
The Security discussed below applies primarily to Power Users (PU's) because:
- Admins have no restrictions as to Element functionality
- Regular Users have no ability to Edit elements, only receive View Access given restrictions on Dimensions and source element View Access.
Power Users have the implicit Privilege to Create any type of element. When they create an Element, they automatically receive Edit Access to that Element and become the default Technical Owner.
In Release 5.3.0, Expanded Security Functionality is applied to element Edit Access for PU's. In order for a PU to open an element's Editor, the PU must have either:
- Edit access to its Category (new in 5.3 version)
- At least View Access to one Dimension Value
- At least View Access to any component element or source Dataset
- At least Use Access of the element's Configurable Data Source
- If sourced from a Dataset or Non-Configurable Data Source, the Privilege to Create Content using the source and at least View Access to any source element or Dataset
PU can open an element's Editor even without access to the currently assigned Data Collection Trigger (or to any other Trigger). The PU is limited to changing the Trigger to one to which the PU has Use or Edit Access.
Element Security Permissions can be applied to:
- Individual RU's and PU's
- Groups for inheritance by members of the Group
- If Edit Access to an Element is granted to the Group, the Group also receives Use Access to the element's Configurable Data Source, if any.
For Power Users, element Security is designed to have both an Expanded Security Privilege for Elements and Permissions to a specific element.
Every Power User has the implicit Privilege to Create Elements, and the Privilege cannot be manually added or deleted.
There is one Element Privilege for Expanded Security.
- "Allow Power Users to grant Element access to any User or Group" (Extended Security Privilege) allows PU to grant element View or Edit Access to any Group or User (for RU's, limited to View Access)
In addition, there are numerous Create Content Privileges that can only be directly assigned to Power Users or inherited from the Group(s) to which a Power User belongs.
- These Privileges govern the Data Sources that can be used to fetch data for elements.
- If the Data Source fetches from another element or a Dataset, the PU must have at least View Access as well as the related Create Content using .... Privilege
There are two types of Element Security Permissions that may be granted to a Group, RU (View Access Only) and PU:
View Access: ("no" option)
- May be granted to a PU or RU
Edit Access: ("yes" option)
- PU can:
- Open the Element Editor
- Make changes to element
- Delete the element
- Assign Access to Groups of which the PU is a member and to other Members of those Group
- With Extended Security Privilege, grant access to any Group or Regular/Power User
- Open the Element Editor
- PU can:
Permissions may be granted via the element's Editor, Group Editor or individual User Editor (by Admin only).
1.1. Elements List (Content > Elements)
- The grid only shows Elements to which the PU has Edit Access
- Name has active link that opens the Element Editor
- The PU can [+ New Element] to add a new element
1.2. Element Editor
PU's with Edit Access can access a specific Element's Editor from:
- Element menu > Element List page > click on a element's name in the grid
- Edit icon on tiles and Previews
PU's are restricted as described below.
1.2.1. Element Permissions (Element Editor > Advanced tab)
- Click the Permissions button to open the Element Permissions pop-up
- On the Permissions pop-up, PU can grant View or Edit Access to:
- Groups and PU members of Groups to which PU belongs and Groups which PU can edit
- With the Extended Security Privilege, any Group or other PU
1.2.2. Element Editing
On the Info or Data tabs on the element Editor's, PU can add or change the element's settings, including the following:
- Dimensions to one for which the PU has Edit Access, if any
- Category to one to which the PU has Edit Access
- Data Source to one to which the PU has at least Use Access using a source element or Dataset to which the PU has at least View Access
- Data Collection Trigger to one for which PU has Use or Edit Access
Impact on Other Editors:
PU's with the Privilege to Create Groups and Permission to edit a specific Group may grant access to elements on the Group Editor > Elements tab:
- Select the [+ Element access to Group] to open the Give Element Access to Group pop-up
- Grant View or Edit Access to be inherited by the PU members of the Group (RU's will only inherit View Access)
3.1. Dataset Viewer (Content > Datasets > Views > Action)
PU can create a Metric or Report from a Dataset Viewer if they have the following Privileges and Permissions.
- Permission View Access to the Dataset
- Privilege "Create Content from Dataset"
On the Dataset Viewer:
- Select a Dataset View
- Open the Action menu > Build Metrics or Reports to generate an element from the selected View's data
NOTE: The generated element inherits the Dataset's:
- Data Collection Trigger