Dynamic Planning Model Manager Security

Quick Summary of How to Assign or Restrict Access

The following table summarizes different ways to assign or restrict access to all aspects of models. Sometimes, there is more than one way to accomplish the same task, but one way may be more efficient than another. The table lists the more efficient methods above the less efficient methods. For example, you can assign access to a model for a group of users either with Model Permissions or Group Access. Model Permissions is a faster method.

Reminder :

• Roles : the predefined Dynamic Planning Roles are Power, Contributor, and Reviewer. Power users can see which user is assigned to which role with Manage, User Management or Manage, Navigation Access. The roles have defaults associated with their access to models, views, reports, and other artifacts. See those defaults in Manage, Navigation Access.

• Groups : groups are user-defined lists of users in your organization. They are defined with Manage, Group Management, User Group.

• Types : the predefined User Types are Business and External. User Types define whether someone can create or modify other user accounts. The Business user type is for all users within your organization that use Dynamic Planning. The External user type is for users outside of your organization who need to access your application for diagnostics, development, or debugging work, such as Planful Support or Partner Consultants.

Contributor Access in Model Manager

In Dynamic Planning, Contributors have always had access to the Model menu in Excel and they now have access to the Model Manager on the Web.

• Contributors can only see the models they have access to. On the models for which they have access, they can see all the artifacts.

• In Model Relationship layout, Contributors can see the models they have access to and also the source and target models regardless of whether they have access to the source and target models.

  • For example, if the Contributor has access to Model A which is being sourced by Model S and loading the data to Model T and the Contributor only has access to Model A, in the Model Relationship layout, he will still see all three of the models as that gives a clear relationship and dependency view to the Contributor.

• Contributors cannot perform any action on models for which they do not have access but can see them in Model Relationship layout.

• On Dimension hierarchy management, if a Contributor has access to all dimension members for a given dimension in a given model, then he will have the option to update, add, delete, or modify properties for that dimension. If the Contributor does not have access to all dimension members for a given dimension in a given model then he cannot make any changes to the dimension hierarchy.

  • For example, if a Contributor has access only to Q1 2015 on Time dimension in Model A, then he cannot make any changes to Time dimension on Model A. However, he can see all dimension members for the Time dimension. If a Power user wants to enable Contributors to make changes to the dimension, then Contributors should not be assigned with any dimension security on the dimensions in the Model Permissions setup.

• If Manage, Navigation Access says Yes for Contributor access to Model Dimension:

  • Contributors can use the Dimension Browser to view, edit, delete, and save dimension members they have access to within the Model.

• If Manage, Navigation Access says Yes for Contributor access to Model Attribute:

  • Contributors can use the Dimension Browser to view, edit, delete, map and save attributes with dimension members they have access to within the Model.

• If Manage, Navigation Access says Yes for Contributor access to Model Setup:

  • Contributors can use the More menu to view model activity, model statistics, and model artifacts on models the Contributor has access to.

  • Contributors can edit models they have access to.

  • Contributors can add new models.

Reviewer Access in Model Manager

In Dynamic Planning, Reviewers have not traditionally had access to the Model menu. Now they have limited access to see models in the Model Manager.

• Reviewers can only see the models they have access to.

• Reviewers cannot perform any model activities (such as clear model, lock model, generate model, update the hierarchy, see model statistics, or see model activity).

• Reviewers can see the models and the views and reports associated with them so long as the Reviewer has been granted access to those models, views, and reports.

• Reviewers do not have access to the Data Relationship view.

Model Permissions

Any user having the User Role set to Power User will have a Model Permissions tab to map User Groups and define security permissions.

From the Model Permissions tab, you can associate other users or user groups to different models and their related dimensions and members if you are a Power User. The Model Permissions page lists all the Dynamic Planning related models. There are three types of models which are as follows:

• Analytical Models and Direct Access to PCR (DAP) models are indicated with a Cube icon.

• External Source Models (ESM) are indicated with the Rows and Columns icon.

You can only associate user groups with any models. The user groups that appear on the Model Permissions page are the same as those available in Dynamic Planning.

To define the user permissions related to any model, click the Edit option available on the required model.

The Edit Model Permissions screen appears, and you can do the following from here:

1. In the User Groups section, click Map. The Map User Groups page is displayed.

2. Select the required user groups. If the list is extensive, you can use the search option to find the user group you need. Once the user group is added to the model, all the related users within the user groups are associated with the model.

3. When a user group is mapped with the model, you can do the following from the contextual menu:

   • Copy Permissions: Use this option to copy the permissions set of the respective user group to other user groups. Suppose you copy the permissions to a new user group that is not mapped with the model. In that case, the new user group will be automatically mapped to the model, and the permissions will be applied simultaneously.

   • If you copy the permissions to any group which already has a set of defined permissions, then these copied permissions will override the old permissions.

   • Remove Permissions: Use this option to un-map the related user group.

4. Click Save. At this stage, the selected user groups will have full permissions of all the dimensions related to the model.

5. Once you click Save , the Configure Security section is displayed.

6. If required, you can select the dimension you need from the Secure a Dimension list, and the related members are displayed below the list.

7. If you select any members here, the user groups added to the model will have access to only those members in the dimension.

8. If you have selected any member, you can also view the member selection option available adjacent to the members selected in the Selected Members section.

9. Select the required Members Selection option for each member.

10. After you are done adding and configuring groups, click Save on the top right corner. The Model Permissions are updated.

    Note:

    For ESM and DAP models, you cannot define member-level security. The user groups added to ESM will have full permissions on all dimensions in the model. The user groups added to the DAP model will honor the dimension security from the financial model defined in Structured Planning.

The following image shows the details you see when you try to define model permissions for the ESM model.

The following image shows the details you see when you try to add security for DAP models.

Preview Permissions

You can use the Preview Permissions option to have a quick overview of the model permissions related to the models that you can access. Click Preview Permissions and choose the required model about which you want to view the permission details from the Select Model list.

When you select a model, the associated user groups are displayed in a list. You can select any user group to view the level of permissions the group has to each dimension available in the model.

There are two levels of permissions:

• Full permissions : The user group has access to all the members of the dimension.

• Secure Permissions : The user group has access to limited members of the dimension. When you select such a dimension, you can view the list of members to which the user group has access in the Members section.