Support for Cell-Level Security

Cell-level security, which enables Service Administrators to restrict who can view data in the application by defining rules that remove read or write access to cells that a user would normally have access to due to their regular security, is now supported.

Cell-level security is defined as an exception to the existing member security. For example, a Department Manager requires access to all accounts in their own department, but only a certain account in all other departments. With the usual metadata security, the Manager would have access to all accounts across all departments; using cell-level security enables the Service Administrator to control the intersection of all accounts with the Manager's department and only the specific account in all other departments.

Cell-level security uses rules, similar to valid intersection rules, to deny read or write access to users viewing certain cell intersections anywhere a cell is shown (for example, forms, runtime prompts, Smart View, reports, dashboards, and so on). When cell-level security rules are applied, users with read access can see the data value in a cell but the cell is not editable. If users are denied read access to a cell, the value displayed in the cell is #noaccess.

To create a cell-level security definition, click Application, and then click Cell-Level Security.

Business Benefit: Cell-Level Security provides the ability to restrict or remove user security at the lowest level of dimensional granularity, which provides more flexibility and access control than metadata security alone. This feature allows for cross-dimensional security, which means the same dimension member from one dimension may have different access based on combinations of other dimension members.

Key Resources