Defining User Security

When you define user security, you are assigning a role (Power, Contributor, or Reviewer) to the user. For details on access and security based on user roles, refer to the User Roles and User Role Access tables above.

To find details on setting up a user, click here.

Step 1 – Create Users

To create a new user, refer to the User and Role Management article. Please note that the Dynamic Planning user option MUST be checked and a role assigned as shown below: 

Step 2 – Define Groups

Define a group of users that have access to specific models, sub-models, views, and reports.

1. Access the Groups page by selecting Manage > Group Management > Group.

2. Define groups by entering the name of the group under the Group cell.

Step 3 - Add Users to Defined Groups

Add users to groups defined on the Group page.

1. Select the Manage > Group Management > User Group.

2. Enter the user's login id under the Username cell and enter the group the user belongs to under the Group cell.

Group permission does not take effect until you log off and then log in again. For example, if you assign a contributor user to a new group, the user must log off and then log in again to gain access to the newly defined group.

Step 4 – Define Group Access

To assign access to specific artifacts, follow these steps:

1. Go to Manage > Group Management > Group Access.
2. Make the desired selections for Artifact, Group, and Model.
3. In the table below, update the desired intersections where you want the group to have access to Yes.
4. Click Save.

Step 5 – Define Navigation Access

To assign navigation access, follow these steps:

1. Go to Manage > Navigation Access.
2. Choose either Contributor or Reviewer, or select a specific user to assign navigation access.
3. On the Navigation Access page, each field under Analyze, Report, Model, External Source Model, and ModelAdministrationrepresents a subtask.
   1. Select Yes to allow access to a subtask.
   2. Select No to deny access to a subtask.
4. Click Save.

Step 6 – Define Dimension Security

Dimension security is defined at the User Group level. For example, you can define a group to have access to Company Division 1 and 2, but not 3.

To define dimension security:

1. Go to Manage > Application Administration > Model Permissions. The model permissions subtask allows you to provide access to specific dimensions for a user group.

2. Select the model and the group you want to assign security to.

3. Select the dimension you want to secure. When using a single dimension, use filters to assign access to specific dimension members (values).
   
   

4. Click Save.

Power users have access to all models, views, and reports, eliminating the need to assign Group access as you would for Contributor or Reviewer users.

Set up a Contributor/Reviewer User with Access to Specific Models

To create a new user, click here.

Create a Group for Contributor/Reviewer Users

To set up a group for Contributor/Reviewer users, follow these steps:

1. Navigate to Manage > Group Management > Group.
2. Enter a name for the group in the Group field.
3. Click Save.
   
   

Map the Contributor/Reviewer User to the New Group

After creating the user and the group, map the user to the group with these steps:

1. Go to Manage > Group Management > User Group.
2. Enter the Contributor or Reviewer user’s email address in the Username field.
3. Select the group name you created earlier.
4. Click Save.
   
   

Assign Group Access to Models, Reports, and Views

To assign access to specific models, reports, and views, follow these steps:

1. Go to Manage > Group Management > Group Access.
2. Make the desired selections for Artifact, Group, and Model.
3. In the table below, update the desired intersections where you want the group to have access to Yes.
4. Click Save.
   
   

Assign Dimension Security to a Contributor or Reviewer User

A user can assign dimension security to a contributor or reviewer by following these steps:

1. Select Manage > Application Administration > Model Permissions.

2. The groups list will show the current groups that have access to the selected model.

3. Enter the desired Group.

4. Enter the desired Dimension.

5. Select the desired Filter and Value.

6. Click Save.

   
   

Assign Access to Reports and Views

Power users can define views and reports to be shared with Contributors and Reviewers, who can then access these reports or views while maintaining the dimension security.

Example: If a Power user creates a view or report with a Department dimension filter (e.g., Sales) and selects the "All Departments" member, the reviewer will see only Sales data.

To assign group access to a view, complete the following steps:

1. Go to Analyze > Data.
2. Select the view to which you want to assign group access.
3. Select the Design View subtask.
4. Click the Properties action.
5. In the Group column, select the name of the group you want to grant access to.
6. Insert an additional row to ensure there is a blank row after adding the group name.
   
   

To assign group access to a report, complete the following steps:

1. Go to Report > Design 

2. Select the desired report.

3. Click the Properties action.

4. In the Group column, select the name of the group you want to grant access to.

5. Insert an additional row to ensure there is a blank row after adding the group name.
   
   

6. Continue designing the report as needed.

7. Click Save.

Quick Summary of How to Assign or Restrict Access

The following table summarizes different ways to assign or restrict access to all aspects of models. Sometimes, there is more than one way to accomplish the same task, but one way may be more efficient than another. The table lists the more efficient methods above the less efficient methods. For example, you can assign access to a Model for a Group of users using either Model Permissions or Group Access, with Group Access being the more efficient method.

Reminder :

• Roles : the predefined Dynamic Planning Roles are Power, Contributor, and Reviewer. Power users can see which user is assigned to which role with Manage > User & Role Management. The roles have default navigation permissions to areas of the application associated with their access. To see or edit those default permissions, navigate to Manage > Navigation Access.

• Groups : groups are user-defined lists of users in your organization. They are defined within Manage > Group Management > User Group.

• Types : the predefined User Types are Business and External. User Types define whether someone can create or modify other user accounts. The Business user type is for all users within your organization that use Dynamic Planning. The External user type is for users outside of your organization who need to access your application for diagnostics, development, or debugging work, such as Planful Support or Partner Consultants.