Local

User Types and Security

22 Minutes to read

Print
Dark
Light
PDF

User Types and Security

22 Minutes to read

Print
Dark
Light
PDF

Article summary

Did you find this summary helpful?

Thank you for your feedback

User Types

User Types define whether users belong to your business internally or externally. Internal users are referred to as Business users, while external users are referred to as External users.

Business User	External User
Internal to your organization.	External to your organization.
Access is limited to your organization's application or application group.	Access to your and other organizations' applications.
Counts toward your organization's license count.	Does not count toward your organization's license count.
Business admin users can modify other Business user accounts.	External users, often Admins, can modify any user account.

User Roles

There are three user roles available in Dynamic Planning. The tables below provide information on the tasks and subtasks available to each user role:

Power Users

Dynamic Planning Functionality	SpotlightXL (Excel Add-In)	Spotlight (Web front end)
Analyze	X	X
Data	X	X
Design View	X	X
Design Report	X
Design Excel Report	X
Design Word Report	X
Design PowerPoint Report	X
Report	X	X
Run	X	X
Design	X
Excel Report	X
Model + All Subtasks	X	X
Manage + All Subtasks	X

Contributor Users

Dynamic Planning Functionality	SpotlightXL (Excel Add-In)	Spotlight (Web front end)
Analyze	X	X
Data	X	X
Design View	X	X
Design Report	X
Design Excel Report	X
Design Word Report	X
Design PowerPoint Report	X
Report	X	X
Run	X	X
Design	X
Excel Report	X
Model + All Subtasks	X	X
Manage + All Subtasks

Reviewer Users

Dynamic Planning Functionality	SpotlightXL (Excel Add-In)	Spotlight (Web front end)
Analyze	X	X
Data	X	X
Design View	X	X
Design Report
Design Excel Report
Design Word Report
Design PowerPoint Report
Report	X	X
Run	X	X
Design
Excel Report	X
Model + All Subtasks
Manage + All Subtasks

When logged in, user information, such as role and group assignments, the currently used application, and the product version, is accessible from the Info menu item.

User Role Permission, Access, and Security

Permissions and Security	Power	Contributor	Reviewer
Model Access	Access to all models shared views, and reports	Access to assigned models shared views, and shared reports	Access to assigned models shared views, and shared reports
Group Security	Group security is not applicable. Power User does not have to belong to a group to assign a group to any artifact. However, the group must belong to the model.	Group security is applicable. Contributors can assign or revoke groups on any artifact. Note: Contributor must belong to the Group in order to assign or revoke Group access, and the Group must belong to the Model.	Group security is applicable. Reviewers cannot assign or revoke groups on any artifact.
View Access and Security	Has access to the default view for all models Can create a view and share it by assigning it to any group Can create a personal view Can modify any shared or personal view, and assign or revoke any group Can modify any personal view Can delete any personal or shared view Will see a list of all groups in the Property mode	Has access to the default view of all assigned models Can create a view and share it by assigning to any group the user belongs to Can create a personal view Can assign or revoke any group the user belongs to Can modify any personal view Can delete any personal or shared view that the user belongs to Will see only the list of groups the user belongs to in the Property mode	Has access to the default view of all assigned models Cannot create a view and share it by assigning to any group the user belongs to Can create a personal view Can modify personal views(those that belong to the Reviewer user only) Can delete a personal view Will not see any groups in the Property mode(Reviewers will not see their Group in Property mode)
View Dimension Security	Dimension Security is not applicable.	Dimension Security is applicable. If multiple subtrees are specified as filters, the user will see the root of the first subtree in the default view. Users will see multiple subtrees in the Dimension Member Tree drop-down. If the user tries to access a view that contains members filtered by dimension security, the Contributor user will see only those members to which he or she has access. If a user creates a view, and then dimension security is applied, the user will be able to access the view and see the members he or she has access.	Dimension Security is applicable. If multiple subtrees are specified as filters, the user will see the root of the first subtree in the default view. Users will see multiple subtrees in the Dimension Member Tree drop-down. If the user tries to access a view that contains members filtered by dimension security, the Reviewer user will see only those members to which he or she has access. If a user creates a view, and then dimension security is applied, the user will be able to access the view and see the members he or she has access.
Report Access and Security	Has access to all reports Can create a report and share it by assigning it to any group Can create a personal report Can modify any shared or personal report and assign or revoke any group Can modify any personal report Can delete any personal or shared report Will see a list of all groups in the Property mode	Has access to all shared or personal reports Can create a report and share it by assigning to any group the user belongs to Can create a personal report Can modify any shared or personal report and assign or revoke any group the user belongs to Can modify any personal report Can delete any personal or shared report Will see only the list of groups, the user belongs to in the Property mode	Has access to all shared reports Cannot create modify or delete a report
Report Dimension Security	Dimension Security is not applicable.	Dimension Security is applied.	Dimension Security is applied.

Define User Security

When you define user security, you are assigning the user to a role (Power, Contributor, or Reviewer). For information on the access and security according to role, see the User Roles and User Role Access tables above.

To define a user, select the Manage task and the User Management subtask.

In the Username cell enter the user's login ID.
In the Role cell, select Power, Contributor or Reviewer.
Enter a temporary password for the new user in the Password field.
Select a User Type: Business or External.
Click Save.

Best Practices/Tips

You can add a user to another application, however, the user role must remain the same. User roles are globally enforced, which means that if you add an existing user to a new application, the user will automatically have the same role.
As a Best Practice, Business users should manage only Business users. For any changes related to External users, contact Planful Support.
- If you are a Business user, you can add only new Business users. You cannot add a new External user.
- Only External users can create new External users.
- However, if you are a Business user, you can add an External user to your application if the External user name already exists.
- For example, External Partner A has worked with Business Customer P before, and External Partner A has an External username. When Business Customer X starts working with External Partner A, they can add External Partner A to their application because External Partner A already has a username (usernames are global). Business Customer X cannot add a new External Partner B, though, if that is a new username to the Planful system.
- Business Power users can change the password of a Business user but not an External user. If an External user wants to change their password, they should contact Planful Support.

Step 3 – Define Groups

Define a group of users that have access to specific models, sub-models and views.

Access the Groups page by selecting the Manage task and the Group subtask.
Define groups by entering the name of the group under the Group cell.

Note:

Only Power users can assign and remove a user's access to a group.

Step 4 - Add Users to Defined Groups

Add users to groups defined on the Group page.

Select the Manage task and the User Group subtask.
Enter the user's login ID under the Username cell and enter the group the user belongs to under the Group cell.

Note:

Only Power users can assign and remove users to and from groups.

Group permission does not take effect until you log off and then log in again. For example, if you are a Power user and you assign yourself to a new group, you must log off and then log in again to gain access to the newly defined group.

Step 5 – Define Dimension Security

Dimension security is defined at the User Group level. For example, you can define a group to have access to Company Division 1 and 2, but not 3.

To define dimension security:

Select the Manage task and Model Administration, Model Permissions subtask. The permissions subtask allows you to provide access to specific dimensions for a user group.
Select the model and the group you want to assign security to.
Select the dimension you want to secure. When using a single dimension, use filters to assign access to specific dimension members (values). In the image below, the SUSER group has access to the North America member of the Company dimension.
Design a report with these dimensions.

Set up a Power User with Access to Everything

Power users have access to everything including groups, models, views, and reports. To set up a Power user, complete the following steps.

In Practice: Add a Power User

Select the Manage task and the User Management subtask.
Enter the Power user’s email address in the Username field.
Select Power user in the Role field.
Enter the first and last name of the Power user in the Name field.
Enter a temporary password for the Power user in the Password field. Make sure you let the user know what the temporary password is. The Power user can change it at a later time.
Select a User Type: Business or External.
Click Save.

Best Practices/Tips

You can add a user to another application, however, the user role must remain the same. User roles are globally enforced, which means that if you add an existing user to a new application, the user will automatically have the same role.
As a Best Practice, Business users should manage only Business users. For any changes related to External users, contact Planful Support.
- If you are a Business user, you can add only new Business users. You cannot add a new External user.
- Only External users can create new External users.
- However, if you are a Business user, you can add an External user to your application if the External user name already exists.
- For example, External Partner A has worked with Business Customer P before, and External Partner A has an External username. When Business Customer X starts working with External Partner A, they can add External Partner A to their application because External Partner A already has a username (usernames are global). Business Customer X cannot add a new External Partner B, though, if that is a new username to the Planful system.
- Business Power users can change the password of a Business user but not an External user. If an External user wants to change their password, they should contact Planful Support.

In Practice: Add a Power User to User Groups

Select the Manage task and the User Group subtask.
Enter the Power user’s email address in the Username field.
Select the group that you defined for Power users in the Group field. *
Click Save.
If you have a Contributor Review user with access to only specific user groups and you make the Contributor or Reviewer user an Power user, you will need to update group access.

* Group names are user-defined. So, you can name groups to best suit your needs.

Power users have access to all models, views, and reports so there is no need to assign access to these artifacts as you would with a Contributor or Reviewer user.

Set up a Contributor User with Access to Specific Models

In Practice: Add a Contributor User

Select the Manage task and the User Management subtask.
Enter the Contributor user’s email address in the Username field.
Select Contributor in the Role field.
Enter the first and last name of the Contributor user in the Name field.
Enter a temporary password for the Contributor user in the Password field. Make sure you let the user know what the temporary password is. The Contributor user can change it at a later time.
Select a User Type: Business or External. If you are a Business user, you can add only Business users. You cannot add an External user.
Click Save.

In Practice: Create a Group for Contributor Users

It is unlikely that you will want Contributor users to be a member of the same group as your Power users. To set up a group for Contributor users, complete the following steps.

Select the Manage task and the Group subtask.
Enter a group name in the Group field.
Click Save.

In Practice: Map the Added Contributor User to the New Group
Now that you added the Contributor user on the User page and created a group for the user on the Group page, you must map the added Contributor user to the group. Complete the following steps:

Select the Manage task and the User Group subtask.
Enter the Contributor user’s email address in the Username field.
Select or enter the group name defined on the Group page.
Click Save.

Next, assign user group access to models, reports and views.

Set up a Reviewer User with Access to Specific Models, Views, Reports, and Dimension Members

In Practice: Add a Reviewer User

Select the Manage task and the User Management subtask.
Enter the Reviewer user’s email address in the Username field.
Select Reviewer in the Role field.
Enter the first and last name of the Reviewer user in the Name field.
Enter a temporary password for the Reviewer user in the Password field. Make sure you let the user know what the temporary password is. The Reviewer user can change it at a later time.
Select a User Type: Business or External. If you are a Business user, you can add only Business users. You cannot add an External user.
Click Save.

In Practice: Set up a Group for Reviewer Users

Select the Manager task and the Group subtask.
Enter a group name in the Group field.
Click Save.

In Practice: Map the Added Reviewer User to the New Group

Now that you added the Reviewer user on the User page and created a group for the user on the Group page, you must map the added Reviewer user to the group. Complete the following steps:

Select the Manage task and the User Group subtask.
Enter the Reviewer user’s email address in the Username field.
Select or enter the group name defined on the Group page.
Click Save.

Next, assign user group access to models, reports and views.

In Practice: Assign Dimension Security to a Reviewer User

In the example, access to multiple dimensions will be given to a Reviewer user. In this case, the Reviewer user will have access to the Company - North America dimension member, the Actual scenario, and the Budget scenario.

Select the Manage task and the Model Administration, Model Permissions subtask.
Enter the user group the Reviewer use has access to in the Groups field (see image below).
Enter the group you entered in the Groups field under Group.
For Dimension, select Company.
Select FixedMember for Filter and enter North America as the member you want the Reviewer user to have access to.
Perform steps 3 – 5 for the Scenario dimension. For Value, enter Actual and Budget as shown below).
Click Save.

Note:

The same steps can be taken to assign dimension security to a Contributor user.

Assign User Group Access to Models, Reports, and Views

As a Power user, you need to provide access to models, reports, and views for Contributor and Reviewer users.

In Practice: Assign Access to Models

Select the Manage task and the Model Administration, Model Permissions subtask.
Select the Model you want to provide the Reviewer or Contributor user group access to.
In the Groups field, add all the groups you want to access the model. In the image below, 2 groups have access to the DecisionWorks model; the SUSER and RELC groups.
If you want to secure dimensions and allow one or both user groups to only view certain dimension members in the model, you can apply dimension security here. For steps on how to do so, see the Define Dimension Security topic.

In Practice: Assign Access to Reports and Views

Power users can define views and reports to be shared with Reviewers. The Reviewer can open the report or view, and dimension security established by the Power user is maintained.

Example 1 : If a Power user defines a view or report with a Department dimension filter (e.g., Sales), and selects the All Departments member against the filter, the view or report for Sales can be accessed by the reviewer.

Example 2 : Similarly, a reviewer who has access to only two departments (e.g., Sales, Marketing) can use the view or report shared by the Power user.

To assign group access to a view , complete the following steps:

Select the Analyze task and the Data subtask.
Select the view you want to assign group access to.
Select the Design View subtask.
Click the Properties action.
In the Group column, select the name of the group in which you want to provide access.
Click Save.

To assign group access to a report, complete the following steps:

Select the Analyze task and the Data subtask.
Select the model or view you want to base the report off of.
Select the Design Report subtask.
Click the Properties action.
In the Group column, insert a row and select the name of the group in which you want to provide access.
Continue designing the report as needed.
Click Save.

Quick Summary of How to Assign or Restrict Access

The following table summarizes different ways to assign or restrict access to all aspects of models. Sometimes, there is more than one way to accomplish the same task, but one way may be more efficient than another. The table lists the more efficient methods above the less efficient methods. For example, you can assign access to a Model for a Group of users either with Model Permissions or Group Access. Model Permissions is a faster method.

Reminder :

Roles : the predefined Dynamic Planning Roles are Power, Contributor, and Reviewer. Power users can see which user is assigned to which role with Manage, User Management or Manage, Navigation Access. The roles have defaults associated with their access to models, views, reports, and other artifacts. See those defaults in Manage, Navigation Access.
Groups : groups are user-defined lists of users in your organization. They are defined with Manage, Group Management, User Group.
Types : the predefined User Types are Business and External. User Types define whether someone can create or modify other user accounts. The Business user type is for all users within your organization that use Dynamic Planning. The External user type is for users outside of your organization who need to access your application for diagnostics, development, or debugging work, such as Planful Support or Partner Consultants.

Artifact	By Group or Role	Ways to Define Access to this Artifact
Models	By Role or User	Manage, Navigation Access
Models	By Group	Manage, Application Administration, Model Permissions
Models	By Group	Manage, Group Management, Group Access
Dimensions	By Group	Manage, Application Administration, Model Permissions
Views	By Role or User	Manage, Navigation Access
Views	By Group	Analyze, Design View, Properties
Reports	By Role or User	Manage, Navigation Access
Reports	By Group	Report, Design Report, Properties
Calculations	By Role or User	Manage, Navigation Access
Calculations	By Group *	Manage, Group Management, Group Access
Calculations	By Group *	Model, Calculation
Attributes	By Role or User	Manage, Navigation Access
Maps	By Role or User	Manage, Navigation Access
Scopes	By Role or User	Manage, Navigation Access
Formulas	By Role or User	Manage, Navigation Access
Substitution Variables	By Role or User	Manage, Navigation Access
Data Loading	By Role or User	Manage, Navigation Access
Import/Export Data	By Role or User	Manage, Navigation Access
External Source Model Actions	By Role or User	Manage, Navigation Access
Model Validation	By Role or User	Manage, Navigation Access
Model Lookups	By Role or User	Manage, Navigation Access

* You must first enable Calculation Access by Group: Manage, Application Administration, Application Settings, Calculation section, Enable Group Permissions, then logoff and login again.

Unified Tenant

A Unified Tenant enables access to the Web-based application and Spotlight through a single URL. If you are a customer of both applications, the Planful support team will unify your tenant. Subsequently, you will receive an email notification confirming the completion of the tenant unification process. This email will provide a URL to set up your login credentials.

By default, a unified tenant includes an Admin user, who possesses the authority to create multiple users within the tenant. All users within a unified tenant are referred to as Unified Users. These users can conveniently utilize a single URL to access both applications. To learn more about How to create a Unified User, click here.

Automatic Signout

Automatic sign-out from Dynamic Planning occurs in two scenarios:

Inactive Session: If your session remains inactive for 60 minutes, the system will automatically log you out.
Foreground Process Timing Out: Running extensive processes, such as a Calculation, in the foreground for more than five minutes might lead to a timeout. It's considered a best practice to execute such processes in the cloud (background) to avoid timeouts.

Unique URLs for Artifacts

The following functions in the Dynamic Planning module have unique URLs:

Reports
Plans
Analyze
Models

These links can be shared with other users and utilized within tasks in Task Manager. Additionally, the External Link feature enables the addition of links from any module within Dynamic Planning to tasks in Task Manager.

To learn more about Creating tasks in the Task Manager using External Link, click here.

Guard Rails

Application Area	Limitation	Description
Master Model	Key Combination Limit (1 Trillion)	Represents the combination of members from all Key type dimensions in a Master model. Calculated as the number of members from Key Dimension #1 (such as 1000) multiplied by number of members from the remaining Key Dimensions (such as 50). The result would be a combination of 50,000 combinations which would be acceptable. Key dimensions are identified in Model > Setup.
Master Model	Value Block Limit (1 Million)	Represents the combination of members from all Value type dimensions in a Master model. Calculated as the number of members from Value Dimension #1 (such as 20) multiplied by number of members from the remaining Value Dimensions (such as 10). Value dimensions are identified in Model > Setup.
Analytic Model	Key Combination Limit (1 Trillion)	Represents the combination of members from all Key type dimensions in an Analytic model. Calculated as the number of members from Key Dimension #1 (such as 1000) multiplied by number of members from the remaining Key Dimensions (such as 50). The result would be a combination of 50,000 combinations which would be acceptable. Key dimensions are identified in Model > Setup.
Analytic Model	Value Block Limit (1 Million)	Represents the combination of members from all Value type dimensions in an Analytic model. Calculated as the number of members from Value Dimension #1 (such as 20) multiplied by number of members from the remaining Value Dimensions (such as 10). Value dimensions are identified in Model > Setup.
Dynamic Planning	Number of Models (20)	Represents a combination of all types of models – Master and Analytic– per application.
SpotlightXL View or Report	Total number of cells on an Analyze grid or Report in SpotlightXL (200K)	Represents the number of cells that can be displayed on a single view or report in SpotlightXL, calculated as the number of row members multiplied by the number of column members.
Spotlight Analysis	Number of cells displayed on an Analyze grid (20K)	Represents the number of cells that can be displayed on a single view in Spotlight, calculated as the number of row members multiplied by the number of column members.
Dynamic Planning	Decimal places (4)	Number of decimal places per cell.
Dynamic Planning	50 characters per cell	Maximum number of characters per cell.
Report	4 charts per report	Maximum number of charts per report.

Online Help, Support, Community, and Solution Exchange

The Support Portal, Customer Community (Get Satisfaction), and Solution Exchange (https://solutionexchange.planful.com) are available from Dynamic Planning, and authentication is required. Select the drop-down at the bottom of the Help button to expand a list box with links to navigate to Support, Customer, or Solutions.

Support Portal

When a user is created in Dynamic Planning, a login, and password is automatically created to access the Support Portal if the user does not already have a Support Portal account.

Note:

Users with Support Portal accounts created in Dynamic Planning without an existing Support Portal account cannot access the Support Portal directly. These users must login to Dynamic Planning and access the Support Portal using the link.

Customer Community

When a user is created in Dynamic Planning, a login, and password is automatically created to access the Customer Community if the user does not already have a Customer Community account.

Note:

Users with Customer Community accounts created in Dynamic Planning without an existing Customer Community account cannot access the Customer Community directly. These users must log in to Dynamic Planning and access the Customer Community using the link.

For information on the browsers that are compatible with SpotlightXL and Spotlight, refer to the Client Requirement.

Global Settings for View and Report Properties

Admin users can set default values for key properties available in Views and Reports. This enhancement provides flexibility for Admin users to define the default behavior from a centralized application page for key properties available in Views and Reports. Admin users can also either allow or restrict Contributor and Reviewer users from updating the key properties.

Select the Manage task and the Application Administration, Application Settings subtask.

Defining Default Behavior for View and Report Properties

Under the View and Reports sections, there is a field called Default Value where you can set default property values for Views and Reports.

For Views, an Admin user can set the default value for Display, Indent Row Members, Show Hidden Members, and Enable Save properties. Default values for Dimension Number Format and Lock properties are not applicable.

For Reports, an Admin user can set the default value for Display, Hide Gridlines, and Hide Headers properties. Default Value for Save on Model and Calculation on Save properties are not applicable.

In the example below, under View, Code is selected for Display Label. That means that for all new Views created from the date and time the setting was saved, all Views will display Code for Display Label. And, under Reports, the Admin user selected No for gridlines and headers, which means that any reports created from the date and time the setting was saved will not show gridlines and headers.

Note:

Selecting a default value is optional.

Restricting Contributor and Reviewer Users From Updating View and Report Properties

The “Allow Contributors to Update Properties” and “Allow Reviewers to Update Properties” fields are located under the View and Reports sections located on the Manage > Application Settings page.

Select properties for Views and Reports that you want to allow or disallow Contributor and Reviewer users to update the Display Code for Views. For Reports, Contributor users might be able to update the Display Code as well as hide or unhide gridlines and headers.

Quick Summary of How to Assign or Restrict Access

Reminder :

Roles : the predefined Dynamic Planning Roles are Power, Contributor, and Reviewer. Power users can see which user is assigned to which role with Manage, User Management or Manage, Navigation Access. The roles have defaults associated with their access to models, views, reports, and other artifacts. See those defaults in Manage, Navigation Access.
Groups : groups are user-defined lists of users in your organization. They are defined with Manage, Group Management, User Group.
Types : the predefined User Types are Business and External. User Types define whether someone can create or modify other user accounts. The Business user type is for all users within your organization that use Dynamic Planning. The External user type is for users outside of your organization who need to access your application for diagnostics, development, or debugging work, such as Planful Support or Partner Consultants.

Artifact	By Group or Role	Ways to Define Access to this Artifact
Models	By Role or User	Manage, Navigation Access
Models	By Group	Manage, Application Administration, Model Permissions
Models	By Group	Manage, Group Management, Group Access
Dimensions	By Group	Manage, Application Administration, Model Permissions
Views	By Role or User	Manage, Navigation Access
Views	By Group	Analyze, Design View, Properties
Reports	By Role or User	Manage, Navigation Access
Reports	By Group	Report, Design Report, Properties
Calculations	By Role or User	Manage, Navigation Access
Calculations	By Group *	Manage, Group Management, Group Access
Calculations	By Group *	Model, Calculation
Attributes	By Role or User	Manage, Navigation Access
Maps	By Role or User	Manage, Navigation Access
Scopes	By Role or User	Manage, Navigation Access
Formulas	By Role or User	Manage, Navigation Access
Substitution Variables	By Role or User	Manage, Navigation Access
Data Loading	By Role or User	Manage, Navigation Access
Import/Export Data	By Role or User	Manage, Navigation Access
External Source Model Actions	By Role or User	Manage, Navigation Access
Model Validation	By Role or User	Manage, Navigation Access
Model Lookups	By Role or User	Manage, Navigation Access

* You must first enable Calculation Access by Group: Manage, Application Administration, Application Settings, Calculation section, Enable Group Permissions, then logoff and login again.

Was this article helpful?

What's Next

Download and Installation

Table of contents

User Types
User Roles
User Role Permission, Access, and Security
Unified Tenant
Automatic Signout
Unique URLs for Artifacts
Guard Rails
Online Help, Support, Community, and Solution Exchange
Global Settings for View and Report Properties