Creating Cell-Level Security Definitions

To create a cell-level security definition:

  1. Click Application, and then click Cell-Level Security.
  2. Create the definition:
    1. Click Create.
    2. Enter a name and description for the definition.
    3. The Enabled checkbox is selected by default. To disable the definition, clear the Enabled checkbox. You can also enable or disable a definition directly on the Cell-Level Security Definitions page.
    4. To define cube-specific security, click Cubes and select from the list of cubes or select All.
    5. An anchor dimension is required. To select the anchor dimension, click Select Anchor Dimension. For information about anchor and nonanchor dimensions, see Understanding Cell-Level Security
    6. Optional: By default, the anchor dimension members that are not specified in the rule are included in the security definition. To clear this option, click down arrow icon next to the anchor dimension, and then click Apply to Selected Members Only.
    7. To select additional dimensions (called nonanchor dimensions), click Add Dimension.
    8. Optional: By default, nonanchor dimensions are not required. To make a nonanchor dimension required, click down arrow icon next to the nonanchor dimension, and click Required.
  3. Define the cell-level security rule:
    1. Click Add Rule.
    2. In the Users, Groups column, click search icon to find the users and groups to include in the cell-level security rule.
    3. For Restriction, choose Deny Read (default) or Deny Write. Deny Read is the default option because it is the most restrictive. If users are denied read access to a cell, the value displayed in the cell is #noaccess. Users with Deny Write access can see the data value in a cell but the cell is not editable.
    4. Click down arrow icon next to the dimensions in the new rule:
      • Click Edit to open the Select Members page and select the members, substitution variables, and attributes to include in the cell-level security rule.

      • Click Exclude or Exclude All to define the dimension members you want to exclude from the rule:

        • Exclude: Selecting this option excludes members by ID. Only the specified members (base or shared) will be excluded.

        • Exclude All: Selecting this option excludes members by name. If a base member is specified, then the base and all of its shared members will be excluded. If a shared member is specified, then this member, its base member, and all other shared members of this member will be excluded.

      • Click Clear to clear the selection.

      To delete a rule, click remove icon.

  4. Click Save.

The new cell-level security definition is added to the end of the list. Definitions are evaluated in the order they appear in the list. To reorder the definitions list, see Reordering the Cell-Level Security Definitions List.

After a definition is created, you can test it in a form to see how the form will look from a user's perspective. See Testing Cell-Level Security.