13 Granting Access

To control which users can access content within Narrative Reporting, you must grant access to users for the following artifacts:

  • Report Packages

  • Folders

  • Reports

  • Third-party Artifacts, such as MS Office documents, PDFs, and images

  • Dimensions

  • An Application (includes the application artifact, dimensions, and data grants)


Access to models and data is granted through Data Grants Data Grant icon. See Set Up Data Grants. For System audit logs, no access can be granted to other users. Only the Service Administrator and the creator of the System audit log can view them.

Watch this tutorial video, you’ll learn how service administrators grant access to library artifacts in Narrative Reporting. You can grant access to folders; third-party artifacts such as Microsoft Office documents, PDFs, and images; report packages, and applications.

video icon -- Granting Access to Library Artifacts.

The access to artifacts is managed by a combination of the role assigned to the user and the associated permission that is assigned to a user for the artifact. As a general rule, access is managed as follows:

  • The Role (such as Service Administrator, Reports Administrator, Application Administrator, Library Administrator, and User) enables an administrative user to create an artifact. For example, the report package owner creates the report package, or the Library administrator creates a root level folder. See Learn About Security for more information on security roles.

  • Permission is granted to a selected user or group to maintain the specified artifact, based on the assigned permission, such as edit, view, administer, or remove.

You assign permission to access artifacts to individual users or groups. Generally, until access is assigned to an artifact, it is invisible to the user, with the following exceptions:

  • The Administrator who created the artifact can always see it, as long as the administrator’s permission has not been removed.

  • Depending on the artifact, some Administrator roles can see it as part of their role.

  • The Service Administrator can always see everything.

As a best practice, to minimize maintenance, you can group users who have the same access level. Permission is then assigned to the group rather than each individual user.

Types of Permission

The following types of permission may be granted on different artifact types:

Table 13-1 Types of Permission

Permission Type Permission Artifact Type
Administer Users can create and manage the artifact. The Administrator has unrestricted access to the artifact.
  • Report Packages

  • Folders

  • Reports

  • Third-party Content (such as MS Office documents, PDFs and images)

  • Dimensions

Write For folders only, enables users to add content to the folder. Folders
View Users can view the artifact.
  • Report Packages

  • Folders

  • Reports

  • Third-party Content (MS Office documents, PDFs and images)

Use Users can see the Application in the library. The scope of the access to the application is governed by any additional restrictions or permissions for that user, such as:
  • View permissions applied to any artifact

  • Write permissions applied to a folder artifact

  • Additional permissions applied to the model, data, and metadata


Direct and Inherited Permissions

For report packages, folders, and third-party content, you can assign permissions directly or by inheritance from the parent folder:

  • Direct permissions are used to assign access for a single artifact to specified users and groups. Click the check box on the Access tab Access iconof the associated Inspect dialog box to add or remove that permission for the selected user or group. When you hover over the selected permission, it is identified as "Direct Permission."

    When you hover over the selected permission, it is identified as Direct Permission.
  • Inherited permissions are used to assign the permissions granted to a parent level artifact to all its children to avoid having to set individual user permissions for each artifact. The permissions applied to the parent flow down to all child artifacts for that parent. You can adjust the inherited permissions by revoking permission for a particular user or group, for example, if you have confidential data that you do not want everyone to see.

    When you hover over the selected permission, it displays the path to the location of the permission.

You can assign both Administer and View permissions at the folder level and the objects in the folder will inherit those permissions if Inherit permissions from parent folder is turned on.

By default, inheritance is turned on for folders and third-party artifacts. Inheritance is turned off by default for report packages and reports so users are granted appropriate access to the report package and reports during the development of the report.

The inheritance icon Inheritance icon is displayed beside users with inherited permissions. Hovering over a permission displays the path to the location of the permission.

If you add or remove an inherited default permission on the Access tab, a new icon Inheritance Removed icon is displayed beside the modified permission to indicate the change. Click again to revert to the original inherited permission, if required.