Dataset/User Map Security Overview
Effective in Release 6.2.3, the constraint that required Category access in order to View or Edit an individual Dataset/User Map has been removed.
This article covers both Dataset and User Map Security although references may only mention Datasets.
In 5.2.1 and 5.3, changes to the Security Model affected Datasets. Security and descriptions included in this article reflect these changes.
- Admin Users: are automatically granted unlimited viewing and editing access to all Datasets, Dataset Views and Metrics, and Reports created from them.
- Power Users: may have either View or Edit Access to a Dataset
- Regular Users: only receive View Access to a Dataset
In 5.5, the Create Content Privilege for Datasets Names and Descriptions were updated to clarify the difference between the three. These changes are reflected below.
Prior to Version 5.5, Admin Users had unlimited access to all elements in Metric Insights. New in Version 5.5, when User maps are applied to Datasets the User map will control view access for All Users including Admin Users!
New Settings on the Dataset Viewer and Dataset Report Editor allow the User Map data filter to be applied OFF by Users with Edit Access. Toggling the Apply User Map off will not prevent the User Map from being applied in the Report Viewer or any Notifications (such as Digests and Burst) sent to Users.
For Dataset/User Map Security for an earlier release, see Dataset Security Overview (prior to 5.2.1 security updates).
Dataset Permissions and Privileges are not granted to Power Users (PU's) automatically. To work with Datasets, a PU must inherit from user's assigned Group(s) or be explicitly granted:
- Dataset Privileges via the Group or User Editor
- Permissions to individual Datasets are granted on the Group or User Editor or Dataset
- Automatic Dataset access via Category Permissions granted on the Group, User or Category Editor
- Includes basic View or Edit Access to each Dataset included in a Category and depends on the PU's Access to the Category itself
- Does not include access to Data Sources associated with Datasets assigned to the Category
Full Dataset Edit Access for a PU's requires additional Permissions:
- Privilege: "Create Datasets"
- Use or Edit Access to the Dataset's configurable Data Source (if any)
- Edit Access to Dataset's Category
- View or Edit Access to Source Dataset View (if any)
- Create Content using CSV if file upload is used to populate the Dataset
- With Edit Access to a Dataset, a PU:
- Sees all data even if the Dataset has a User Map
- Can access all public views of the Dataset
- With Privilege "Create Content Using Datasets":
- Create Stats Models and other content from the Dataset Viewer > Action Viewer
Exclusions that require associated manual granting of Permissions:
- Access to content created from a Dataset is NOT granted automatically to Groups or Users with access to the source Dataset
- All Access Groups do not receive View Access to any Datasets
Dataset Privileges in the User Editor or Group Editor
Privileges to review, use and create Datasets are not automatically granted in conjunction with other Permissions; for example, Edit Access to a specific Dataset.
Dataset Privileges that can be assigned to a Group or to a User:
- (Child) Create Public View: Dataset Views can be Private or Public. Content can only be created from a Dataset's Public View. If the child is selected, the Parent is automatically selected.
Create content .... provides the ability to create Metrics, Reports, Dimensions and Stats Models from Public Views of either or both types of Datasets
- ... using Datasets
- ... by joining Datasets (SQL)
Allow Power Users to grant Dataset access to any User or Group: For this privilege to come into effect, a Power User should additionally be granted Edit Access to a specific Dataset.
- By default, a Power User without this Privilege can only grant Dataset access to members of Group(s) to which the Power User belongs.
- Assign Category with View Access to Elements/Datasets. NOTE: Effective in Release 6.2.3, the constraint that required Category access in order to View or Edit an individual Dataset/User Map has been removed.
- Create Public View
Dataset Access Permissions
Permissions grant View or Edit Access to a Dataset to a Power User or Group. Regular User may only receive View access.
Groups or Users with only View Access to a Dataset AND Edit Access to the Category, there is no access to the Dataset's Editor
- Exception: If the Group or Power User has the Privilege Assign Category with View Access to Elements/Datasets, only View Access to the assigned Category.
Group Members and individual Admins or Power Users with View Access to a Dataset with access controlled by a User Map may only view the Dataset if the user is also included in the User Map.
- To create a Stats Model, follow path > Dataset Viewer > Actions menu
- Click Build Stats Model
Power Users can only create Stats Models if they have full Edit Access to the Dataset, as well as the Privilege to "Create Datasets" and the Privilege to "Create content using Datasets".
If a Power User has the Privilege "Create Public Views":
- Make a change to the content of a Dataset view
- Click "Save as View" button
- On the pop-up, select Visibility = Public
The View will become visible to users that have at least View Access to the Dataset and its source Dataset
Regular User Dataset Security
- None of the Dataset Privileges are available to Regular Users.
- Regular Users (RU's) may only be granted View Access to a Dataset.
- No option for Edit Access appear when a Regular User is selected
- If access to a Dataset is controlled via a User Map, the Regular User must be included in the User Map in order to open the Viewer.
- They are not able to create any Public Views or content from a View.
- If the Dataset is sourced from a Dataset, the RU must also have View Access to the source Dataset.