Definition of Security Levels
  • 6 Minutes to read
  • Dark
    Light
  • PDF

Definition of Security Levels

  • Dark
    Light
  • PDF

Article summary

  • User – Role-based security, which drives navigation access.

  • Group/User Group – Specify a group of users who have access to a model, view, or report. You can name groups and user groups to best suit your needs.

  • Dimension – Secure specific members of a dimension in a model, view, or report.

  • Type – Defines business vs. external users, which defines how they can each create or modify other user accounts.

Step 1 – Familiarize Yourself with User Roles and User Role Access

User Roles

There are three user roles available in Dynamic Planning: Power, Contributor, and Reviewer. The tables below provide information on the task and subtask available to each user role:

Tasks/Subtasks
Power
Contributor
Reviewer

Analyze

X

X

X

Data

X

X

X

Design View

X

X

X

Design Report

X

X

 

Design Excel Report

X

X

 

Design Word Report

X

X

 

Design PowerPoint Report

X

X

 

Report

X

X

X

Run

X

X

X

Design

X

X

 

Model + All Subtasks

X

X

 

Manage + All Subtasks

X

 

 

User Role Access

Permissions / SecurityPowerContributorReviewer
Model AccessAccess to all models, shared views, and reportsAccess to assigned models, shared views, and shared reportsAccess to assigned models, shared views, and shared reports
Group Security

Group security is not applicable. Power users do not have to belong to a group to assign a group to any artifact. However, the group must belong to the model.

 

Group security is applicable. Contributors can assign or revoke groups on any artifact

Note:
Contributors must belong the Group in order to assign or revoke Group access, and the Group must belong to the Model.
Group security is applicable. Reviewer cannot assign or revoke groups on any artifact
View Access / Security
  • Has access to the default view for all models

  • Can create a view and share it by assigning to any group

  • Can create a personal view

  • Can modify any shared or personal view, and assign or revoke any group

  • Can modify any personal view

  • Can delete any personal or shared view

  • Will see a list of all groups in the Property mode

  • Has access to the default view of all assigned models

  • Can create a view and share it by assigning to any group the user belongs to

  • Can create a personal view

  • Can assign or revoke any group the user belongs to

  • Can modify any personal view

  • Can delete any personal or shared view that the user belongs to

  • Will see only the list of groups the user belongs to in the Property mode

  • Has access to the default view of all assigned models

  • Cannot create a view and share it by assigning to any group the user belongs to

  • Can create a personal view

  • Can modify personal views(those that belong to the Reviewer user only)

  • Can delete a personal view

  • Will not see any groups in the Property mode(Reviewers will not see their own Group in Property mode)

View Dimension SecurityDimension Security is not applicable
  • Dimension Security is applicable.If multiple subtrees are specified as filter, the user will see the root of the first subtree in the default view

  • User will see multiple subtrees in the Dimension Member Tree dropdown

  • If the user tries to access a view that contains members filtered by dimension security, the Contributor user will see only those members in which he or she has access to

  • If a user originally created a view, and then dimension security is applied, the user will be able to access the view and see the members he or she has access to

  • Dimension Security is applicable.If multiple subtrees are specified as filter, the user will see the root of the first subtree in the default view

  • User will see multiple subtrees in the Dimension Member Tree dropdown

  • If the user tries to access a view that contains members filtered by dimension security, the Reviewer user will see only those members in which he or she has access to

  • If a user originally created a view, and then dimension security is applied, the user will be able to access the view and see the members he or she has access to

Report Access / Security
  • Has access to all reports

  • Can create a report and share it by assigning to any group

  • Can create a personal report

  • Can modify any shared or personal report and assign or revoke any group

  • Can modify any personal report

  • Can delete any personal or shared report

  • Will see a list of all groups in the Property mode

  • Has access to all shared or personal reports

  • Can create a report and share it by assigning to any group the user belongs to

  • Can create a personal report

  • Can modify any shared or personal report and assign or revoke any group the user belongs to

  • Can modify any personal report

  • Can delete any personal or shared report

  • Will see only the list of groups, the user belongs to in the Property mode

  • Has access to all shared reports
  • Cannot create/modify/delete a report
Report Dimension SecurityDimension Security is not applicableDimension Security is appliedDimension Security is applied

Step 2 - Define User Security

When you define user security, you are assigning the user to a role (Power, Contributor, or Reviewer). For information on the access and security according to role, see the User Roles and User Role Access tables above.

To define a user, select the Manage task and the User Management subtask.

  1. In the Username cell enter the user's login ID.

  2. In the Role cell, select Power, Contributor or Reviewer. For information on each of these roles, see User Roles.

  3. Enter a temporary password for the new user in the Password field.

  4. Select a User Type: Business or External. For information on these types, see User Types.

  5. Click Save.

Best Practices/Tips

  • You can add a user to another application, however, the user role must remain the same. User roles are globally enforced, which means that if you add an existing user to a new application, the user will automatically have the same role.

  • As a Best Practice, Business users should manage only Business users. For any changes related to External users, contact Planful Support.

    • If you are a Business user, you can add only new Business users. You cannot add a new External user.

    • Only External users can create new External users.

    • However, if you are a Business user, you can add an External user to your application if the External user name already exists.

    • For example, External Partner A has worked with Business Customer P before, and External Partner A has an External username. When Business Customer X starts working with External Partner A, they can add External Partner A to their application because External Partner A already has a username (usernames are global). Business Customer X cannot add a new External Partner B, though, if that is a new username to the Planful system.

    • Business Power users can change the password of a Business user but not an External user. If an External user wants to change their password, they should contact Planful Support.

Step 3 – Define Groups

Define a group of users that have access to specific models, sub-models and views.

  1. Access the Groups page by selecting the Manage task and the Group subtask.

  2. Define groups by entering the name of the group under the Group cell.

Note:
Only Power users can assign and remove a user's access to a group.

Step 4 - Add Users to Defined Groups

Add users to groups defined on the Group page.

  1. Select the Manage task and the User Group subtask.

  2. Enter the user's login ID under the Username cell and enter the group the user belongs to under the Group cell.

Note:
Only Power users can assign and remove users to and from groups.

Group permission does not take effect until you log off and then log in again. For example, if you are a Power user and you assign yourself to a new group, you must log off and then log in again to gain access to the newly defined group.

Step 5 – Define Dimension Security

Dimension security is defined at the User Group level. For example, you can define a group to have access to Company Division 1 and 2, but not 3.

To define dimension security:

  1. Select the Manage task and Model Administration, Model Permissions subtask. The permissions subtask allows you to provide access to specific dimensions for a user group.

  2. Select the model and the group you want to assign security to.

  3. Select the dimension you want to secure. When using a single dimension, use filters to assign access to specific dimension members (values). In the image below, the SUSER group has access to the North America member of the Company dimension.

    ModelingImages451to500image917.png

  4. Design a report with these dimensions.


Was this article helpful?