Setting Data Access Permissions on Dimensions

You can restrict access to data in stories by setting read and write permissions for individual members. You can activate this security feature for any dimension in the model from the dimension Preferences.

Context

You can enable data access restrictions by selecting the Enable Data Access Control check box in the Dimension Preferences dialog. Once this has been activated, two additional columns (Read and Write) are added to the grid of the dimension so that individual settings can be applied to each row. For the Version dimension, a Delete column is added as well as Read and Write columns to control which users can delete each public version.

You can select one or more users (or simply all users) who will have access to the data.

Note

When Data Access Control (DAC) is used with hierarchical data, you may want to use the Hide hierarchy nodes for users without authorization setting.

Using this setting, you can restrict which dimension members can be seen in the Modeler. If this option is enabled, users will see only the members that they have at least Read access to.

User Role Expected Behavior
SystemOwner Will be able to see all the members.
Admin Will be able to see all the members.
BI Admin Will be able to see all the members.
BI Content Creator Will be able to see all the members.
BI Content Viewer Will be able to see only the members that they have at least Read access to.
Modeler Will be able to see all the members.
Planner Reporter Will be able to see only the members that they have at least Read access to.
Viewer Will be able to see only the members that they have at least Read access to.

Consider this example hierarchy:

Canada                  $110
     British Columbia   $50 (Read access)
          Vancouver     $40
          Kelowna       $10
     Alberta            $60
          Calgary       $20 (Read access)
          Edmonton      $10 (Read access)
          Lethbridge    $30

DAC is used to restrict access to the members Alberta and Lethbridge.

If you select the Hide hierarchy nodes for users without authorization setting, Alberta and Lethbridge are not shown, and Calgary and Edmonton are moved up to the top hierarchy level:

Canada                  $50
     British Columbia   $50
          Vancouver     $40
          Kelowna       $10
Calgary                 $20
Edmonton                $10

If you clear the Hide hierarchy nodes for users without authorization setting, Calgary and Edmonton are displayed below their parent member Alberta:

Canada                  $80
     British Columbia   $50
          Vancouver     $40
          Kelowna       $10
     Alberta            $30
          Calgary       $20
          Edmonton      $10

Depending on which dimension members users are authorized to see, the aggregated value for Alberta can be different for different users, which could be misleading. For example, if User A has read access to Lethbridge, but User B does not, then User A would see an aggregated value of $60 for Alberta, while User B would see $30.

Procedure

  1. Select the dimension that you want to modify and choose Start of the navigation path (Options) Next navigation step Dimension PreferencesEnd of the navigation path on the toolbar.
  2. Select the Enable Data Access Control check box.
  3. Select the Hide hierarchy nodes for users without authorization check box if desired (see above note).
  4. Select OK.
    The Read and Write columns are added to the dimension grid.
  5. You can now use the two new columns Read and Write to control access to all rows of the grid by selecting one or more users in either or both of the columns.

    Each user who is granted Write access for a member automatically receives permission to read the data as well. Likewise, a user who receives the Delete permission for a member of the Version dimension also receives Read and Write permissions for it.

    To see a summary of all data access settings for all dimensions in the model, select Start of the navigation path Next navigation step Data AccessEnd of the navigation path. Note that the displayed list is read-only; the data access setting can be changed only in the Dimension Preferences dialog.