Automatic Group Security Defaults

In Metric Insights, Groups allow an organization to assign certain Privileges and Permissions to a Group and then assign a cohort of Users to the Group.  For example, all Financial Analysts might be assigned to a Group that has the ability to access all Financial information across all Divisions and create objects using certain Data Sources and Data Collection Triggers.

Types of Groups

For all installs of Metric Insights, there is:

  • One and only one Default Group provided with the initial instance
  • At installation or later, the organization may create one or more:
    • All Access Groups
    • Regular Groups

A basic set of Privileges are automatically assigned to the Default Group and, subsequently, to all new All Access Groups:

  1. All of the Personal Settings grouping except "Create Folders"
  2. All of the Collaboration grouping
  3. All of the Viewer Access grouping
  4. Most of the Power User Content Security grouping
    • EXCEPTION:  None of Extended Security "Allow Power User....to any User or Group" Privileges are automatically granted
  5. Be advised that:
    • No Permissions are granted automatically to the Default Group.  
    • Any of the automatic Privileges may be deleted as appropriate for the organization.  
    • All other Privileges and Permissions must be granted manually during configuration.  

1. Impact of Default Group when Adding a New User :  Admin > Users & Groups > User tab > + New User> Add User Popup

When Metric Insights is first installed, the “Default” Group is created during the initial configuration process. Those Privileges and Permissions that the organization want most every user to have are granted to this Group.  

  1. When creating a new Regular or Power User,  the Assign to default Group setting defaults to "Yes"
  2. If the setting is changed to "No", the Admin can select another Group or not assign the User to any Group.

2. Add an All Access Group

Access Admin > Users & Groups > Groups tab > + New Group > Add Group Popup

  1.  Set All access Group to "Yes"

[Save]

2.1. New All Access Group's Automatic Privileges

An "All Access" group allows its members to inherit View Access to all available elements, Dimensions, Dimension Values, and Categories.  

The Assigned Privileges grid includes a set of basic Privileges:

  1. All of the Personal Settings grouping except "Create Folders"
  2. All of the Collaboration grouping
  3. All of the Viewer Access grouping
  4. Most of the Power User Content security grouping but excludes all the "Allow Power User....to any User or Group" Privileges
    • EXCEPTION:  None of Extended Security "Allow Power User....to any User or Group" Privileges are automatically granted
  5. Be advised that:
    • No Permissions are granted automatically to the Default Group.  
    • Any of the automatic Privileges may be deleted as appropriate for the organization.  
    • All other Privileges and Permissions must be granted manually during configuration.  

Although all members of this Group receive universal View Access to Elements, Categories and Dimensions, NONE of these are displayed on the corresponding tabs in the grids on either User or Group Editors.  Edit Access must be explicitly granted to an object and, once granted, the selected objects will appear on their respective tabs in related Grids.

If an All Access group is changed to a Regular Group, none of its Privileges are removed from the Group or its members.  All of its automatic Permissions are removed but any manually added Permissions are retained.

3. Regular Groups

A regular Group is created when “All access Group” is set to “no”.  Regular Groups are essentially “blank” with NO automatic Privileges or  Permissions.  Each "right" must be granted individually.  This allows maximum control of the functions that a Group’s members can perform and elements and other objects that the members can Use or View