Administer > Administer ITBA > System Administrator > Users and Roles - Dimension Permissions

Users and Roles - Dimension Permissions

In addition to permissions at the level of a Scorecard or a Page, the administrator can provide permissions at the level of a dimension and its entities (Breakdown and its values). An end-user with such a permission can view data in the Dashboard and Explorer only at the level of the specific Breakdown.

For example: an end-user should be able to view only the results of KPI\Metric Breakdowns for the EMEA location and not from other locations. That end-user should not even have the option to select other locations. In the Dashboard page, after the end-user selects to view the results by Location: EMEA, the entire page is refreshed filtered for the Location:EMEA entity.

ClosedTo access:

Select ADMIN > Users and Roles >Dimension Permissions.

ClosedAdding an entity to a context.

When you add an entity to a context, it is automatically assigned the Everyone permission if you do not use LDAP.

If you are using LDAP, all dimension entities are assigned to the group that is specified while configuring LDAP.

The Everyone permission is customizable. You can change the name of the permission in Admin > Settings > Foundation > Dimension Permission Group for New Entities. For details, see Settings - Foundation.

ClosedControlling Permissions.

ClosedSelecting or de-selecting a group.

Note

If you select or de-select a group and click Apply, the whole group and its users are assigned or unassigned the selected dimension entity. If you select a group and click Apply, the group is unassigned/assigned the selected dimension:entity. Users in a group inherit the permissions from the parent group.

If you select a group and specific users in the group and click Apply, both the group and the specific users are unassigned/assigned. This means that if one of the users is moved to another group, the user keeps the permission to the dimension:entity.

ClosedDeleting an assignment.

  • Working without LDAP. If you assign a dimension:entity to a specific user or group and then later on remove all the assignments of that dimension:entity, the dimension:entity is automatically assigned to the Administrator group. Users in this group can then assign the dimension:entity to another group or user.
  • Working with LDAP. If you assign a dimension:entity to a specific user or group and then later on remove all the assignments of that dimension:entity, the dimension:entity is automatically assigned to the group you specified while configuring LDAP. Users in this group can then assign the dimension:entity to another group or user.

The Administrators permission is customizable. You can change the name of the permission in Admin > Settings > Foundation > Dimension Permission Group for Unassigned Entities. For details, see Settings - Foundation.

ClosedDeleting user or group in User Management

  • Working without LDAP. If you delete a user or a group in User Management, and the user or group is assigned a dimension:entity,the assignments are deleted. If as a result of the operation, the dimension:entity has no assigned user or group, is automatically assigned to the default Dimension Permission Group for the Unassigned Entities.
  • Working with LDAP. If you delete a user or a group in LDAP, and the user or group is assigned a dimension:entity, the dimension:entity assignments are not removed (since the users and groups are managed in different databases). If as a result of the operation, the dimension:entity has no assigned user or group, it will not be automatically assigned to the default Dimension Permission Group for the Unassigned Entities, and the administrator must make sure to assign the permission manually in ITBA.

ClosedUse Case - Assign a user to view the KPI results by Organization:Name:Software only

  1. Prerequisite: To set the dimension permission for an entity dimension, you must make sure that you have selected both the and in the Context Designer for that entity in the relevant context. enable the creation of a Breakdown and enables to set the dimension permission for the entity dimension. For details, see Semantic Layer - Context Designer
  2. The Scorecard Administrator creates a KPI with a Breakdown by Organization Name, and clicks Save.

    The results of the Breakdown appear as follows: Software, Hardware, Infra, Finance, and HR. All users have permission to see all organizations (Everyone).

    Specific users must now be able to view only the results of specific organizations. For example, John should only be able to see the results for the Software organization.

  3. The Super Admin clicks Admin > Users and Roles > Dimension Permissions, selects the Organization:Name dimension, clicks Select All box, and clicks the Edit button. In the list of users and groups, the Super Admin deselects the Everyone group (if selected) and clicks Apply. The Super Admin then selects the Software entity only, and clicks the Edit button. In the list of users and groups, the Super Admin selects the relevant user and clicks Apply.
  4. John logs on to ITBA, goes to the Dashboard page, and, views it filtered for Organization: Software. The page displays only the relevant data.

ClosedView results in Explorer only for the permitted entities

  1. John logs on to ITBA, opens Explorer, and clicks the relevant Scorecard.

  2. To view the results of specific KPIs for the Software organization, John expands the tree and the relevant KPIs. Under the Organization breakdown, John sees only Software. John selects the Software entity and the graph on the right pane is updated.

  3. John cannot view other Organizations.

ClosedDimension Permission page