In This Section:
Data Relationship Management controls granular user access to hierarchy nodes and their properties using node access groups. You can assign users to groups that are granted access to specific nodes in a subset of hierarchies within a Data Relationship Management version. Node access groups use inheritance to assign similar access to descendant nodes of a hierarchy node where an access level has been explicitly assigned. This level of access can be overridden at a lower level or can be locked to prevent overrides.
Typically, node access groups represent functional areas of an organization, and a user may require assignment to multiple groups. If assigned access levels conflict, the highest security level is used.
Table 1. Node Access Levels
Level | Description | Example Usage |
|---|---|---|
Read | Enables read-only access – no changes permitted | View and report |
LimitedInsert | Enables insertion of a node for which the user has (at least) global insert privilege. | Insert |
Edit | Enables property values to be edited | Edit |
Insert | Enables nodes to be inserted, moved, or, removed | Edit, insert, copy, move, remove |
Inactivate | Enables nodes to be inactivated and reactivated | Edit, insert, move, remove, inactivate, reactivate |
Add | Enables nodes to be added or deleted | Edit, insert, copy, move, remove, inactivate, reactivate, add, delete |
Keep the following information in mind:
Access levels are cumulative; assignment of the Edit access level implies that the Read Only and LimitedInsert access levels are granted. Assignment of the Add access level implies that all other access levels are granted.
Node access group security is only applied at the hierarchy level. Node access groups do not control access to global lists of nodes such as orphans.
Access levels are assigned separately for limb and leaf nodes which allows you to define a different level of access for each. This capability is useful when a user should be able to maintain the roll-up structure of a hierarchy but not edit any properties of leaf nodes or when a user can insert leaf nodes to an existing roll-up structure but not reorganize the structure itself.
Node access groups are defined only by a user with the Access Manager role.
Node access groups use local inheritance for access assignment to related nodes. A node access group can be defined as global in order to use global inheritance based on the level of access assigned to a controlling hierarchy.
Global node access groups can be created and must have a controlling hierarchy defined for each version. This is done by assigning controlled node access groups to a hierarchy. See the see the Oracle Hyperion Data Relationship Management User Guide for more information.
If a node access group has access to any node in a hierarchy, the entire hierarchy is visible to all users of the node access group. Conversely, if a node access group does not have access to at least one node in a hierarchy, members of the group cannot open the hierarchy.