When you filter metadata based on security, users see only the elements of the Scenario, Entity, ICP, Account, and Custom dimensions to which they have access. You set up metadata filtering at the application level by setting the EnableMetadataSecurityFiltering property to Y. For elements a user can view in a hierarchy, assign a security class and assign the user metadata access to the security class.

Users have implied access to the parents and ancestors of members to which they have access. With implied access, users see ancestors and parents in a hierarchical tree structure but cannot access them. For example, in the following tree structure, the user has access to only Connecticut even though the parents (UnitedStates and Imbler) and the ancestors (Management and Regional) are displayed in the tree.