- 6 Minutes to read
- Print
- DarkLight
- PDF
Definition of Security Levels
- 6 Minutes to read
- Print
- DarkLight
- PDF
User – Role-based security, which drives navigation access.
Group/User Group – Specify a group of users who have access to a model, view, or report. You can name groups and user groups to best suit your needs.
Dimension – Secure specific members of a dimension in a model, view, or report.
Type – Defines business vs. external users, which defines how they can each create or modify other user accounts.
Step 1 – Familiarize Yourself with User Roles and User Role Access
User Roles
There are three user roles available in Dynamic Planning: Power, Contributor, and Reviewer. The tables below provide information on the task and subtask available to each user role:
Tasks/Subtasks | Power | Contributor | Reviewer |
---|---|---|---|
Analyze | X | X | X |
Data | X | X | X |
Design View | X | X | X |
Design Report | X | X |
|
Design Excel Report | X | X |
|
Design Word Report | X | X |
|
Design PowerPoint Report | X | X |
|
Report | X | X | X |
Run | X | X | X |
Design | X | X |
|
Model + All Subtasks | X | X |
|
Manage + All Subtasks | X |
|
|
User Role Access
Permissions / Security | Power | Contributor | Reviewer |
---|---|---|---|
Model Access | Access to all models, shared views, and reports | Access to assigned models, shared views, and shared reports | Access to assigned models, shared views, and shared reports |
Group Security | Group security is not applicable. Power users do not have to belong to a group to assign a group to any artifact. However, the group must belong to the model.
| Group security is applicable. Contributors can assign or revoke groups on any artifact Note: Contributors must belong the Group in order to assign or revoke Group access, and the Group must belong to the Model. | Group security is applicable. Reviewer cannot assign or revoke groups on any artifact |
View Access / Security |
|
|
|
View Dimension Security | Dimension Security is not applicable |
|
|
Report Access / Security |
|
|
|
Report Dimension Security | Dimension Security is not applicable | Dimension Security is applied | Dimension Security is applied |
Step 2 - Define User Security
When you define user security, you are assigning the user to a role (Power, Contributor, or Reviewer). For information on the access and security according to role, see the User Roles and User Role Access tables above.
To define a user, select the Manage task and the User Management subtask.
In the Username cell enter the user's login ID.
In the Role cell, select Power, Contributor or Reviewer. For information on each of these roles, see User Roles.
Enter a temporary password for the new user in the Password field.
Select a User Type: Business or External. For information on these types, see User Types.
Click Save.
Best Practices/Tips
You can add a user to another application, however, the user role must remain the same. User roles are globally enforced, which means that if you add an existing user to a new application, the user will automatically have the same role.
As a Best Practice, Business users should manage only Business users. For any changes related to External users, contact Planful Support.
If you are a Business user, you can add only new Business users. You cannot add a new External user.
Only External users can create new External users.
However, if you are a Business user, you can add an External user to your application if the External user name already exists.
For example, External Partner A has worked with Business Customer P before, and External Partner A has an External username. When Business Customer X starts working with External Partner A, they can add External Partner A to their application because External Partner A already has a username (usernames are global). Business Customer X cannot add a new External Partner B, though, if that is a new username to the Planful system.
Business Power users can change the password of a Business user but not an External user. If an External user wants to change their password, they should contact Planful Support.
Step 3 – Define Groups
Define a group of users that have access to specific models, sub-models and views.
Access the Groups page by selecting the Manage task and the Group subtask.
Define groups by entering the name of the group under the Group cell.
Step 4 - Add Users to Defined Groups
Add users to groups defined on the Group page.
Select the Manage task and the User Group subtask.
Enter the user's login ID under the Username cell and enter the group the user belongs to under the Group cell.
Group permission does not take effect until you log off and then log in again. For example, if you are a Power user and you assign yourself to a new group, you must log off and then log in again to gain access to the newly defined group.
Step 5 – Define Dimension Security
Dimension security is defined at the User Group level. For example, you can define a group to have access to Company Division 1 and 2, but not 3.
To define dimension security:
Select the Manage task and Model Administration, Model Permissions subtask. The permissions subtask allows you to provide access to specific dimensions for a user group.
Select the model and the group you want to assign security to.
Select the dimension you want to secure. When using a single dimension, use filters to assign access to specific dimension members (values). In the image below, the SUSER group has access to the North America member of the Company dimension.
Design a report with these dimensions.