1. Administering Profitability and Cost Management
  2. Overview of Administration and Security
  3. Granting Access to Data
  4. About Data Grants

About Data Grants

About Managing Access and Data Security summarizes security features for Profitability and Cost Management.

Those with Service Administrator or Power User roles must have access to all data. However, Service Administrators can restrict those with User and Viewer roles to specific data slices, such as regions, departments, and products. This is done by creating and then assigning data grants -- sets of data slices that can be assigned to users or groups to limit their access only to granted data within a dimension.

  • Access groups are of two types:

    • Predefined groups, such as the User and Viewer groups.

    • Native groups, created by Identity Domain Administrators to group certain users for a variety of business purposes. The native groups should have meaningful names related to their purpose.

  • Data grants define data slices that can be assigned to users or groups to enable them to access the data in the defined data slice.

Caution:

Service Administrators now can create and assign data grants to control data access of Users and Viewers to a certain slice of the cube. By default, users in these groups have no data grants and can see no data. With a data grant assigned, they can see the slice of data defined by the data grant. Those with the predefined User role can edit the data in their assigned data slice.

Data grants should include all dimensions where you want to restrict the members for which Users and Viewers can see data. Any dimension not included in the data grant will allow complete access for that dimension. The final view of the data for a User or Viewer is limited based on the dimensions selected in the data grant definition.

Also see Data Grant Group Considerations.

These topics define data grant management tasks: