Granting a Power User Edit Access to a Category: Checklist

A Category may include a mix of associated Elements, Datasets and/or User Maps, each of which requires specific Permissions and Privileges before the Power User can actually edit the objects in the Category. In order to effect an individual Power User's Edit Access to a Category, the Admin must make sure that the user has the related required Privileges and Permissions.

Reference the following sections covering Data Source and Dimensioned Elements requirements:

  1. Permissions that are granted automatically
  2. Privileges and Permissions related to Datasets
  3. Create content Privileges and component Element Permissions related to Elements sourced from Non-Configurable Data Source(s) and/or composite Elements:
    • Privilege to Create Content using a CSV file
    • Privilege to Create Content using Existing Metrics and Single Existing Reports as well as access to the source Element(s)
    • Privilege to Create Content using Existing Reports
  4. Subcategory (nested Category) manually assigned Configurable Data Sources
  5. Access to the Dimension and at least one Dimension Value if any Category Elements are Dimensioned

1. Automatic Permissions

The following Privilege and Permissions are granted to a Power Users by default upon creation:

  • Implicit Privilege to Create Categories and grant View or Edit Access to Group(s) to which the Power User belongs and to individual members of those Group(s)
  • Permissions:
    • Ability to Edit the Category's settings
    • Conditional Edit Access to all Category Elements
      • Use Access of any configurable Data Sources (SQL/Plug-in) used by parent Category Elements
    • Conditional Edit Access to Datasets and Users Maps in the Category

NOTE: If a new Element with different Data Source is added to the Category at some time after the Power User has been granted Category Edit Access, use of the new Data Source will NOT be automatically granted to the Power User. Access to the new Data Source must be granted manually. It is always possible to remove Category Access from the Power User and then re-grant it, thus allowing the Power User to gain use of additional Data Sources.

Another caution, however: If Category Edit Access is removed from a Power User, use of its related configurable Data Sources is NOT taken away from that Power User.

Based on the actual contents of the Category, Power User ALSO must also inherit or be granted the additional Privileges and Permissions as noted in the sections that follow.

If the Category contains Datasets and/or User Maps or Elements sourced from Datasets, additional requirements are described below:

Access User Editor > Info tab:

  1. [+ Privilege to User]
  2. Add the following
    • Create content using Datasets
    • Create/Edit Datasets
  3. [Save]

Since the Power User is granted Conditional Edit Access to Category's Datasets, once the Power User has Permission to Use the Dataset's Configurable Data Source, the Power User can see all of the Dataset's data, so no entry in the User Map is required for this Power User.

If there are Elements in this Category that are sourced from Datasets that are not in this Category, the Admin must grant the Power User at least View Access to the source Dataset before the Power User will be able to Edit the Element.

NOTE: Regular Users also need access to source Datasets in order to View Category Elements sourced from other Datasets.

3. Non-Configurable Data Source Requirements

If Elements, Datasets, or User Maps in the Category are sourced from one or more non-configurable Data Sources, the Power User must be granted the respective Privilege and/or source Element or Dataset access Permissions to make it possible to edit the related object. The related requirements are discussed below.

To learn about the nature of non-configurable Data Sources, refer to: Understanding Data Sources

Privilege granted on the User Editor: Create content using CSV files

Category contents may be sourced from one or more of the following Non-Configurable Data Sources.

If so, associated Privileges and Permissions are required as described below:

Existing Metrics:

  • Privilege granted on the User Editor: Create content using Existing Metrics
  • View access to the source Metric(s) given at User Editor > Elements tab > [+ Element access to User]

Existing Reports:

  • Privilege granted on the User Editor: Create content using Existing Reports
  • Power User are not required to have View access to the source Report(s). This is an exception to the source Element rule.

Single Existing Report:

  • Privilege granted on the User Editor: Create content using Single Reports
  • Power User must have View access to the source Report given at User Editor > Elements tab > [+ Element access to User].

Aggregate Metric:

  • No Privilege is required; this is automatically granted to each Power User.
  • Power User must have View Access to the source Metric from which aggregation is performed.

Multi-Metrics:

  • Cannot be the source for a Dataset or User Map
  • No Privilege is required.
  • The Power User must have Permission to View all source; i.e., "charted" Elements of any Multi-Metrics  in this Category.

4. Subcategory Security Logic

If Edit Access is granted to Power User for a Category that is "nested" (i.e., has one or more child Category), the user does NOT receive automatic Use Access to the configurable Data Sources used by Elements in its child Categories.

SOLUTION: 

  • Access User Editor > Power User tab to manually grant Permission to use Data Sources used by Elements in any related Child Categories.
  • Alternatively, Permission may be granted on the Data Source Editor > Permissions.

5. Dimensioned Elements

If Elements in the Category are dimensioned, each User must be granted access to at least one Dimension Value of the Dimension associated with each Element from the Category or to the whole Dimension in order to View or, for Power Users, edit the Element.

For more details, refer to: Dimension Security.

You are done. Great job!