Siebel Business Analytics Applications Installation and Administration Guide > Integrated Security for Analytics Applications >

Metadata Object-Level Security in Analytics Applications

Object-level security controls access to various Analytics objects, primarily metadata and Web Catalog objects.

Metadata Object-Level Security (Repository Groups)

Repository groups control access to metadata objects such as subject areas, tables and columns.

Metadata object security is configured in the Analytics repository (SiebelAnalytics.rpd) using the Server Administration Tool. The User Group Everyone is denied access to each of the subject areas. Each subject area is configured to give explicit read access to selected related responsibilities. This access can be extended to table and column level.

For more information on object level security, see Siebel Analytics Server Administration Guide.

NOTE:  In the shipped product, only permissions at the subject area level have been configured.

Metadata Object-Level Security (Web Catalog Groups)

Web Catalog groups control access to dashboards, pages, folders and reports.

Web Catalog groups have the same name as the Siebel responsibilities. The access to dashboards and pages are controlled using the Web Catalog groups. If you log on as a user who belongs to the Web Catalog group Field Sales Representative Analytics, then you see only the Overview, Forecasting, and Details pages within the Pipeline Dashboard. In a similar fashion, you see only dashboards that allow you access to at least one page within that dashboard.

For more information on Web Catalog security, see Siebel Analytics Web Administration Guide.

Where is Repository Groups Security Configured?

Metadata object security is configured in the Analytics repository (SiebelAnalytics.rpd) using the Server Administration Tool. The User Group Everyone is denied access to each of the subject areas. Each subject area is configured to give explicit read access to selected related responsibilities. This access can be extended to table and column level.

NOTE:  In the shipped product, only permissions at the subject area level have been configured.

The exceptions to the explicit configuration rule are the Communications and Financial Analytics industry applications, where there are tables and columns specific to these two industries scattered throughout the general Siebel operational application subject areas. These industry-specific metadata objects are hidden from other groups.

Siebel Business Analytics supports hierarchies within the groups in the repository. In the Analytics repository there are certain groups that are parent groups, which define the behavior of all the child groups. Inheritance is used to let permissions ripple through to child groups. The parent groups and their purpose are shown in Table 76.

Metadata Object-Level (Web Catalog) Security in Analytics Applications

Web Catalog objects, such as dashboards and pages, are controlled using Web Catalog groups, which have the same name as the Siebel responsibilities. The access to dashboards and pages are controlled using the Web Catalog groups. If you log on as a user who belongs to the Web Catalog group Field Sales Representative Analytics, then you see only the Overview, Forecasting, and Details pages within the Pipeline Dashboard. In a similar fashion, you see only dashboards that allow you access to at least one page within that dashboard. These groups are customized in the Analytics Web interface.

For Siebel Business Analytics integrated with Siebel operational applications, Web Catalog security makes use of the following principles:

• Security in the Web Catalog has been preconfigured for the groups listed in Table 76 for each application.
• Permissions to each dashboard in the Analytics Web Catalog are matched with the permissions of each related Siebel operational application view. In the Siebel operational application, views are controlled through responsibilities. However, in Siebel Business Analytics Web Catalog, access to dashboards for each group is controlled through Web Administration. If the two access setups do not match, both of the following situations can occur:
  • If users have access to a view in the Siebel operational application, but do not have access to the corresponding dashboard, then they receive an error message indicating that they do not have access to the dashboard.
  • If users try to access a dashboard containing reports based on a subject area to which they do not have access, they see a dashboard with no reports.