For users with Participant permission, data access enables you to specify which actions they can take and which properties they can view or edit for specific data chain objects.
You can specify access to data in two ways:
- Allowed Actions: You can specify the actions that can be performed on a data chain object in a request.
- Property Access: You can specify which properties are displayed or hidden, and which properties are able to be edited for a data chain object.
By default, when you assign the Participant permission to a user or group, their data access is set to Read. This means that their allowed actions on the data chain object are set to None, and their property access is set to Display only. If you grant the participant any allowed action or Edit access on at least one property, their data access changes to Write for that data chain object.
The following table lists the data access for allowed actions and property access that you can set on each data chain object for users with Participant permission.
Table 20-2 Data Access on Data Chain Objects
|Data Chain Object||Allowed Actions||Property Access|
Note:You cannot set access to properties at the hierarchy set level. Use one of the other data chain objects, such as node type, to control access to properties.
- Data access can be configured for users with Participant permission only. Users with Owner or Data Manager permission on a data chain object are automatically granted All access to all actions and properties on that data chain object. For example, Owners and Data Managers are always able to see properties that are set to Hidden.
- For applications and dimensions, you can specify only All or None for the
allowed actions and Display All or Edit All for the property access. If you want
to specify more granular actions or property access, such as allowing only adds
and deletes or displaying only certain properties, you must specify those at the
hierarchy set or node type level.
Note:This means, for example, that a property cannot be hidden at the application or dimension level. You hide properties at the node type level only.
- You cannot assign Edit access to properties that are never editable (for
example, those in the Core namespace other than
Core.Description, or any properties in the CoreStats namespace). You also can't set the
Core.Nameproperty to Hide.
Data Access Cascading
Just as with permissions, data access cascades from higher to lower level data chain objects (for example, if a user has an allowed action of Add in a dimension, they can add in the hierarchy sets and node types in that dimension.) See Permission Inclusion and Cascading.
For allowed actions and editable properties, the least restrictive setting is used. For example, if a user has no allowed actions at the dimension level but an allowed action of Add at the node type level, that user can perform add actions for that node type.
For hidden properties, the most restrictive setting is used. If a property is hidden on a node type, that setting overrides any other permission. For example, if a user with Participant permission has Display All on an application's properties but the Cost Center property is hidden at the node type, that user is unable to see that property in a viewpoint.
Configuring Data Access
- Inspect the data chain object that you want to configure data access for:
- On the Permissions tab, click Edit.
- Perform an action:
- To edit a permission:
- For the permission that you want to modify, perform either one
of these actions to display the data access panel:
- In the Data Access column, click the permission level (Read or Write)
- In the Actions column, click and select Edit Actions.
- In the Data Access for Participants panel, select the Allowed Actions and Displayed Properties settings for the user or group. See the Table 20-2 table, above, for details on what settings can be applied for each data chain object.
- Click Apply, and then click Save.
- For the permission that you want to modify, perform either one of these actions to display the data access panel:
- To remove a permission: In the Actions column, click , and then select Remove.
- To edit a permission:
As an example, the following screenshot shows a Participant permission configured
with Add as an allowed action, the
Core.Description properties set to Display, the
PLN.Alias:Default property set to Hide, and the
PLN.Data Storage set to Edit.