Administer > Administer ITBA > System Administrator > Users and Roles - Dimension Permissions

Users and Roles - Dimension Permissions

In addition to permissions at the level of a Scorecard or a Page, the administrator can provide permissions at the level of a dimension and its entities (Breakdown and its values). An end-user with such a permission can view data in the Dashboard and Explorer only at the level of the specific Breakdown.

For example: an end-user should be able to view only the results of KPI\Metric Breakdowns for the EMEA location and not from other locations. That end-user should not even have the option to select other locations. In the Dashboard page, after the end-user selects to view the results by Location: EMEA, the entire page is refreshed filtered for the Location:EMEA entity.

ClosedTo access:

Select ADMIN > Users and Roles >Dimension Permissions.

ClosedAdding an entity to a context.

When you add an entity to a context, it is automatically assigned the Everyone permission if you do not use LDAP.

If you are using LDAP, all dimension entities are assigned to the group that is specified while configuring LDAP.

The Everyone permission is customizable. You can change the name of the permission in Admin > Settings > Foundation > Dimension Permission Group for New Entities. For details, see Settings - Foundation.

ClosedControlling Permissions.

By default, all users have permission to view the corresponding KPI or Metric Breakdown in the Studio and Dashboard pages. To control the permission of the Breakdown, any user with the DLP or Administrator permission must click Admin > Users and Roles > Dimension Permission and grant the permission to the dimension:entity (Breakdown value) only for relevant end-users or groups.

After a specific end-user, with a permission for a specific entity, logs into ITBA and opens the permitted Dashboard page, the entire page is filtered with these Breakdown entity results. In addition, if the page includes a Page Filter component, only the dimension:entities (Breakdown values) permitted to the end-user are listed.

The permission is at the level of the dimension:entity, meaning, it doesn’t matter under which KPI or Metric the breakdown was created, every KPI or Metric Breakdown with the permitted value can be viewed by the end-user (as long as, of course, the end-user has permissions to view the KPI under the permitted scorecard).

Term/Abbreviation Description
Dimension Level of breakdown (for example: Service Name, Defect Severity, Defect Status)
Dimension entity

The actual breakdowns available under each dimension (for example: Defect Status : Open, Defect Status : Closed).

Dimension entity and Dimension value are the same.

ClosedSelecting or de-selecting a group.

Note If you select or de-select a group and click Apply, the whole group and its users are assigned or unassigned the selected dimension entity. If you select a group and click Apply, the group is unassigned/assigned the selected dimension:entity. Users in a group inherit the permissions from the parent group.

If you select a group and specific users in the group and click Apply, both the group and the specific users are unassigned/assigned. This means that if one of the users is moved to another group, the user keeps the permission to the dimension:entity.

ClosedDeleting an assignment.

  • Working without LDAP. If you assign a dimension:entity to a specific user or group and then later on remove all the assignments of that dimension:entity, the dimension:entity is automatically assigned to the Administrator group. Users in this group can then assign the dimension:entity to another group or user.
  • Working with LDAP. If you assign a dimension:entity to a specific user or group and then later on remove all the assignments of that dimension:entity, the dimension:entity is automatically assigned to the group you specified while configuring LDAP. Users in this group can then assign the dimension:entity to another group or user.

The Administrators permission is customizable. You can change the name of the permission in Admin > Settings > Foundation > Dimension Permission Group for Unassigned Entities. For details, see Settings - Foundation.

ClosedDeleting user or group in User Management

  • Working without LDAP. If you delete a user or a group in User Management, and the user or group is assigned a dimension:entity,the assignments are deleted. If as a result of the operation, the dimension:entity has no assigned user or group, is automatically assigned to the default Dimension Permission Group for the Unassigned Entities.
  • Working with LDAP. If you delete a user or a group in LDAP, and the user or group is assigned a dimension:entity, the dimension:entity assignments are not removed (since the users and groups are managed in different databases). If as a result of the operation, the dimension:entity has no assigned user or group, it will not be automatically assigned to the default Dimension Permission Group for the Unassigned Entities, and the administrator must make sure to assign the permission manually in ITBA.

ClosedUse Case - Assign a user to view the KPI results by Organization:Name:Software only

  1. Prerequisite: To set the dimension permission for an entity dimension, you must make sure that you have selected both the and in the Context Designer for that entity in the relevant context. enable the creation of a Breakdown and enables to set the dimension permission for the entity dimension. For details, see Semantic Layer - Context Designer
  2. The Scorecard Administrator creates a KPI with a Breakdown by Organization Name, and clicks Save.

    The results of the Breakdown appear as follows: Software, Hardware, Infra, Finance, and HR. All users have permission to see all organizations (Everyone).

    Specific users must now be able to view only the results of specific organizations. For example, John should only be able to see the results for the Software organization.

  3. The Super Admin clicks Admin > Users and Roles > Dimension Permissions, selects the Organization:Name dimension, clicks Select All box, and clicks the Edit button. In the list of users and groups, the Super Admin deselects the Everyone group (if selected) and clicks Apply. The Super Admin then selects the Software entity only, and clicks the Edit button. In the list of users and groups, the Super Admin selects the relevant user and clicks Apply.
  4. John logs on to ITBA, goes to the Dashboard page, and, views it filtered for Organization: Software. The page displays only the relevant data.

ClosedView results in Explorer only for the permitted entities

  1. John logs on to ITBA, opens Explorer, and clicks the relevant Scorecard.

  2. To view the results of specific KPIs for the Software organization, John expands the tree and the relevant KPIs. Under the Organization breakdown, John sees only Software. John selects the Software entity and the graph on the right pane is updated.

  3. John cannot view other Organizations.

ClosedDimension Permission page

User interface elements are described below (when relevant, unlabeled elements are shown in angle brackets):

UI Element

Description

Enter a string to display the dimensions, users or groups whose name includes the string.
Dimensions | Users and Groups

The Dimensions tab lists the dimensions and the dimension entities currently available and their assigned users and groups, if any.

The Users and Groups tab lists all the available users and group and the dimension entities assigned to them, if any.

  • ClosedDimensions tab

    User interface elements are described below (when relevant, unlabeled elements are shown in angle brackets):

    UI Element

    Description

    <Selection> Lists the currently selected dimensions and entities.
    <Dimensions and Entities>

    Lists the available dimensions and their entities in the Dimensions pane and the assigned groups and users assigned to the selected dimension:entity in the Assigned Users and Groups pane. The dimensions and entities are listed in the following groups:

    • Calculated. Lists the dimensions and entities for which the contexts that have been calculated.
    • Non-Calculated. Lists the dimensions and entities for which the contexts that have not been calculated.

    Click the relevant dimension to list all its entities.

    • Select all. You can select one or more entities or you can click Select all to select all the entities of a dimension, at once.

      Note If you select more than one entity, the users and groups are displayed in the right pane only if all the selected entities have been assigned to the same users or groups. For example, if MONTHLY and DAILY have been assigned to users A, B, and C, you can see these users in the right pane. If MONTHLY has been assigned to users A and B and DAILY to users B and C, the users are not displayed in the right pane.

    • To search for entities with names that include a specific string, enter the string and click the button.

    Note To set the dimension permission for an entity dimension, you must make sure that you have selected both the and in the Context Designer for that entity in the relevant context. enable the creation of a Breakdown and enables to set the dimension permission for the entity dimension.

    For details, see Semantic Layer - Context Designer

    Assigned users and groups Lists the group and the users with permission to view the dimension:entity selected in the left pane.

    Select one or more dimension entities and click Edit to open a dialog box where you can select the users or groups to which you want to assign or from which you want to un-assign the dimension entities.

    You can select more than one entity using the Shift or Ctrl keys.

    To search for users with names that include a specific string, enter the string and click .

    - indicates a group of users or of sub-groups.

    - indicates a single user.

    You can select more than one entity using the Shift or Ctrl keys.

    Click Apply when you're done. The selected users or groups appear in the list of Users and Groups.

  • ClosedUsers and Groups tab

    User interface elements are described below (when relevant, unlabeled elements are shown in angle brackets):

    UI Element

    Description

    Users and Groups

    Lists the available users and groups in the Users and Groups pane and in the Assigned Dimensions and Entities pane, the dimension:entities that were assigned to the selected users or groups.

    To search for the users with names that include a specific string, enter the string and click .

    Assigned dimensions and entities

    The dimensions and entities are listed in the following groups:

    • Editable. Lists the dimensions and entities that were assigned directly to the selected user or to the selected group. You can remove the assignment by clicking Edit.
    • Non-Editable. Lists the dimensions and entities that were assigned to the selected group to which the selected user belongs.

    To search for the dimensions with names that include a specific string, enter the string and click .

    Select one or more dimension entities and click Edit to open a dialog box where you can select or deselect the dimension entities you want to assign or un-assign to the selected users or groups.

    You can select more than one entity using the Shift or Ctrl keys.

    To search for the entities with names that include a specific string, enter the string and click .

    - indicates that the entity was assigned to the parent of the selected user or group. The parent can be a sub-group or a group.

    - indicates that the entity was assigned to the selected user or group at the level of the user or group.

    Select the relevant user or group and click Unassign to un-assign it.