Permissions Setup¶
Table of Contents
What are Permissions?¶
Permissions are how you grant functionality to users in your instance of Analytics Center. These include several areas like:
Controlling what types of report parts they can create
Setting who they can share their reports with
Determining if they can access and manipulate their tenant’s data model
In a multi-tenant instance you can set permission at both the tenant and role level. In this scenario, the tenant will act like a ceiling for a role’s permissions.
If a tenant object does not have access to a particular permission, then no roles within that tenant can have access to that permission
Tenant permissions will generally be inherited down into the role permissions when you are creating new roles within that tenant
Permissions Overview¶
A permissions object is comprised of several areas
System Configuration
- Scheduled Instances
- This permission determines if a tenant/role has access to a master search dialogue to audit all scheduled/subscribed instances
The search dialogue is located in the Settings > System Configuration > Scheduling tab
Data Setup:
- Data Model
- This permission grants access for the tenant/role to edit and interact with the data model
Note that this permission is all or nothing. There is no way to limit if they can add relationships or not, alias data sources, etc.
- Custom Views
- Create
This permission grants access for the tenant/role to create custom views within their data model
- Edit
This permission grants access for the tenant/role to edit any existing custom views within their data model
- Delete
This permission grants access for the tenant/role to delete any existing custom views within their data model
- Advanced Settings
- Category
- This permission grants access to the Data Model > Advanced Settings > Category tab for the tenant/role
This tab is used to create, edit, or delete any data source categories used in the data model
- Others
- This permission grants access to the Data Model > Advanced Settings > Others tab for the tenant/role
This tab is used to set various behavior for the tenant such as sorting column names, determining common filter criteria for dashboards, etc.
User Setup:
- Actions
- Create
- This permission grants access for the tenant/role to create new users
NOTE: Users cannot be added through the UI in an integrated instance
- Edit
This permission grants access for the tenant/role to edit existing users
- Delete
- This permission grants access for the tenant/role to delete existing users
NOTE: Users cannot be deleted through the UI in an integrated instance
- Configure Password Option
This permission grants acces for the tenant/role to set up/reset passwords for new and existing users
User Role Association
Role Setup:
- Actions
- Create
This permission grants access for the tenant/role to create new roles
- Edit
This permission grants access for the tenant/role to edit existing roles
- Delete
This permission grants access for the tenant/role to delete existing roles
- Data Model Access
This permission grants the tenant/role the ability to interact with a role’s data model access on the Role Setup page
- Permissions
This permission grants the tenant/role the ability to interact with a role’s permission set on the Role Setup page
- Grant Role with Full Report and Dashboard Access
This permission grants the tenant/role the ability to set the ‘Full Report and Dashboard Access’ permission in the Permission tab of the Role Setup page
Reports:
- Can create new report?
This permission allows a tenant/role to create new reports
- Data Sources
- Simple Data Sources
- This setting will prevent a user from seeing and editing joins on the Data Sources tab of the report designer
NOTE: Roles with Simple Data Sources can only choose datasources with relationships between them that are defined in the data model. If a relationship does not exist between these data sources, they cannot choose those to build a report off of.
This setting will also collapse the right-hand properties panel in the designer tab
- Advanced Data Sources
This setting will allow a user to edit and create joins in the Data Sources tab of the report designer
This setting will auto-expand the right-hand properties panel in the designer tab
- Report Part Types
- Chart
This permission will allow a user to build Chart type report parts in the report designer
- Form
This permission will allow a user to build Form type report parts in the report designer
- Gauge
This permission will allow a user to build Gauge type report parts in the report designer
- Maps
This permission will allow a user to build Map type report parts in the report designer
- Report Categories/Subcategories
- Can Create New Category?
This permission will determine if a user is able to type in a new category during the save/copy/move actions on a report
- Filter Properties
- Filter Logic
This permission will determine if a user is able to create their own filter logic in the filter panel of the report designer
- Cross Filtering
This permission will determine if a user is able to set cross filtering behavior in their report
- Field Properties
- Custom URL
This permission will determine if the Custom URL option is visible in the field properties panel of the report designer
- Embedded Javascript
This permission will determine if the Embedded Javascript option is visible in the field properties panel of the report designer
- Subreport
This permission will determine if the Subreport option is visible in the field properties panel of the report designer
- *Actions
- Schedule
This permission will allow a user to create scheduled instances in the Schedule tab of of the report designer
- Register to Alerts
This permission will allow a user to create alerted instances against a report
- Subscribe
This permission will allow a user to create subscribed instances against reports they have access to
- Configure Access Rights
This permission will allow a user to share the report by creating Access Rights in the Access tab of the report designer
This permission will allow a user to email the contents of a report that they have access to
This permission will allow a user to print the contents of a report that they have access to
- Export
This permission will allow a user to export the contents of a report to any file types they have access to
- View Report History
This permission will allow a user to see the version history of a report on their report list
- Unarchive Report Version
This permission will allow a user to unarchive older version of reports into their own report objects
- Delete
This permission will allow a user to delete existing reports that they have sufficient access to
- Overwrite Existing Report
This permission will allow a user to overwrite existing reports that they have been given sufficient access to
Dashboards:
- Can create new dashboard?
This permission allows a tenant/role to create new dashboards
- Dashboard Categories/Subcategories
- Can create new category?
This permission will determine if a user is able to type in a new category during the save/copy/move actions on a dashboard
- *Actions
- Schedule
This permission will allow a user to create scheduled instances in the Schedule tab of of the dashboard designer
- Subscribe
This permission will allow a user to create subscribed instances against dashboards they have access to
- Configure Access Rights
This permission will allow a user to share the dashboard by creating Access Rights in the Access tab of the dashboard designer
This permission will allow a user to email the contents of a dashboard that they have access to
This permission will allow a user to print the contents of a dashboard that they have access to
- Export
This permission will allow a user to export the contents of a dashboard to any file types they have access to
- Delete
This permission will allow a user to delete existing dashboards that they have sufficient access to
- Overwrite Existing Report
This permission will allow a user to overwrite existing dashboards that they have been given sufficient access to
Access:
- Access Limits
- Roles/Users allowed to share with
This dialogue will determine the list of roles and their users that a user can grant report level access to
- Access Defaults
This dialogue will allow you to create default access rights that will get set on every report/dashboard members of this role create
- NOTE: These are only default values applied. If that same user has Configure Access Rights set, they can remove these Defaults
These default values are also limited by what roles and users are set in the Access Limits portion above
Scheduling:
- Scheduling Limits
- Roles/Users allowed to share with
This dialogue will determine the list of roles and their users that can be added as valid recipients when e-mailing or scheduling a report/dashboard
- Scheduling Scope
- System Users
This permission will limit the valid recipients of an e-mail/schedule to only users in the system set in the above Scheduling Limits section
- External Users
This permission will allow a user to manually enter an e-mail address as a valid recipient even if it does not match a user account in the system
Emailing:
- Delivery Method
- Link
This permission will allow a user to send a link to a report in the e-mail body
NOTE: This is a link to the viewer of the report, which means the recipient will have to be authorized by the system in order to access it.
- Embedded HTML
This permission will allow a user to send the report contents embedded within the e-mail body
NOTE: The report content is generated from the account of the user sending the e-mail, not the user receiving the content
- Attachment
This permission will allow a user to send the report contents in a file attached to the e-mail
NOTE: The report content is generated from the account of the user sending the e-mail, not the user receiving the content
- Attachment Type
Word
Excel
CSV
XML
JSON
Exporting:
- Exporting Format
Word
Excel
CSV
XML
JSON
Query Execution
System-wide:
- Can see system messages?
This permission will determine if a tenant/role can see system wide messages that are otherwise only at the system level
Difference Between Tenant Permissions and Role Permissions¶
Permissions can be set in two place: at the tenant level and at the role level. While a majority of the permission objects are the same, there are some difference between them.
- Tenant Level Differences
- Tenant Access Checkboxes
- This column of checkboxes along the right-hand side of the permissions tab determines if these permission are visible during the Role Setup process
If Tenant Access is not set, then you will not see that permission during role setup, but the role will still inherit what is set behind the scenes
If Tenant Access is set, then you will see that permission during role seutp and can choose to remove that permission from that particular role
If this checkbox is set AND the corresponding permission is set, then you will be able to disable or enable this option on a per-role basis during role setup.
- Role Level Differences
- Full Report and Dashboard Access
This permission will make this role a reporting power user. They will be able to access every report and dahsboard regardless of this role’s data access or Access Rights that are set on a report
- Report Category Accessibility
This dialogue will determine the visiblity/access this role has to the corresponding report category
- It is dividied into three containers:
- Available Categories
This container will show all report categories that exist in the tenant
- Visible Categories
This container will show any report categories that users in this role can see reports within
- Categories Allowed for Saving Reports
This container will show any report categories that users in this role can save reports within
NOTE: This dialogue is changed automatically by the Access Rights that get set on certain reports
- Dashboard Category Accessibility
- This dialogue will determine the visiblity/access this role has to the corresponding report category. It is dividied into three containers:
- Available Categories
This container will show all dashboard categories that exist in the tenant
- Visible Categories
This container will show any report dashboard that users in this role can see reports within
- Categories Allowed for Saving Reports
This container will show any report dashboard that users in this role can save reports within
NOTE: This dialogue is changed automatically by the Access Rights that get set on certain reports
Difference Between System Level Roles and Tenant Level Roles¶
Roles can exist at both the system level and the tenant level. While a majority of both roles are the same, roles at the system level have a unique Tenant Setup category of their permissions object.
- Tenant Setup
- Actions
- Create
This permission grants access for the role to create new tenants
- Edit
This permission grants access for the role to edit existing tenants
- Delete
This permission grants access for the role to delete existing tenants
- Permissions
This permission will determine if this role has access to the Tenant Setup tab of the Settings page
Permission Settings that Impact UI Elements¶
Some of the permissions, when not granted to a tenant/role, will cause some of Analytics Center’s UI elements to not render on certain pages. Below are a list of the elements, by page, that can be configured by certain permissions
Report List:
- Report Tab +
This is controlled by the Report > Can Create New Report? permission
- Print Button
This is controlled by the Report > Actions > Print permission
- Export Dropdown
- This is controlled by the Report > Actions > Export permission
Note that the dropdown options are controlled in the Exporting section of permissions
- Email Button
This is controlled by the Report > Actions > Email permission
- Subscribe Button
This is controlled by the Report > Actions > Subscribe permission
- Version Dialogue
This is controlled by the Report > Actions > View Report History permission
Report Viewer:
- Subscribe Button
This is controlled by the Report > Actions > Subscribe permission
- Print Button
This is controlled by the Report > Actions > Print permission
- Email Button
- This is controlled by the Report > Actions > Email permission
Note that the email dialogue is controlled in the Emailing section of permissions
- Export Button
- This is controlled by the Report > Actions > Export permission
Note that the dropdown options are controlled in the Exporting section of permissions
- Edit Dropdown > View History Dialogue
This is controlled by the Report > Actions > View Report History permission
Report Designer:
- Report Part Selection
The list of report parts a user can build is controlled by the Report > Report Part Types permissions
- Filter Logic
This is controlled by the Reports > Filter Properties > Filter Logic permission
- Cross Filtering
This is controlled by the Reports > Filter Properties > Cross Filtering permission
- Custom URL
This is controlled by the Reports > Field Properties > Custom URL permission
- Embedded Javascript
This is controlled by the Reports > Field Properties > Embedded Javascript permission
- Subreports
This is controlled by the Reports > Field Properties > Subreport permission
- Scheduling Tab
This is controlled by the Report > Actions > Schedule permission
- Access Tab
This is controlled by the Report > Actions > Configure Access Rights permission
Dashboard List:
- Dashboard Tab +
This is controlled by the Report > Can Create New Dashboard? permission
- Print Button
This is controlled by the Report > Actions > Print permission
- Export Button
This is controlled by the Report > Actions > Export permission
- Email Button
This is controlled by the Report > Actions > Email permission
- Subscribe Button
This is controlled by the Report > Actions > Subscribe permission
Dashboard Viewer/Designer:
- Access Button
This is controlled by the Report > Actions > Configure Access Rights permission
- Schedule Button
This is controlled by the Report > Actions > Schedule permission
- Print Button
This is controlled by the Report > Actions > Print permission
- Export Button
- This is controlled by the Report > Actions > Export permission
Note that the dropdown options are controlled in the Exporting section of permissions
- Email button
- This is controlled by the Report > Actions > Email permission
Note that the email dialogue is controlled in the Emailing section of permissions
Settings Page:
Data Setup:
- Data Model Tab
This is controlled by the Data Setup > Data Model permission
- Advanced Settings Tab
- 2a. Category Tab
This is controlled by the Data Setup > Advanced Settings > Category permission
- 2b. Others Tab
This is controlled by the Data Setup > Advanced Settings > Others permissions
Role Setup:
- Data Model Access Tab
This is controlled by the Role Setup > Data Model Access permission
- Permissions Tab
This is controlled by the Role Setup > Permissions permission
- 2a. Grant Full Report and Dashboard Access Permission
This is controlled by the Role Setup > Grant Role with Full Report and Dashboard Access permission
User Setup:
- Configure Password Button
This is controlled by the User Setup > Actions > Configure Password Options permission
- User Role Association Dialogue
This is controlled by the User Setup > User Role Association Permission