20 Information Access Control
Information Access Control (IAC) provides a flexible and scalable framework for managing user-level access to data within our reporting and analytics systems. IAC enables administrators to define, at both a global and dimension-specific level, which users are permitted to view specific data elements (such as products, legal entities, or custom dimensions), directly supporting fine-grained row-level security.
With IAC, mapping tables define user entitlements for each dimension and dimension member, and enable or disable access centrally. When IAC is enabled for a dimension, users see only the data members they are authorized to view.
Note:
Once IAC is enabled in the application, it cannot be disabled or reverted through the application.- Dimension entities can increase significantly over time due to the concept of Slowly Changing Dimensions (SCD), which maintains multiple historical records for the same dimension member.
- Although Access Rules support configuration across up to 4 dimensions, it is
recommended to use no more than 2 dimensions to prevent performance issues
during configuration and execution.
For example: If Dimension 1, Dimension 2, Dimension 3, and Dimension 4 each have 100 members, the system could generate 100 × 100 × 100 × 100 = 100 million valid combinations. Limiting the configuration to 2 dimensions greatly reduces the number of combinations and helps improve performance.
- It is recommended to select node members rather than individual leaf members during Access Rule configuration to minimize the number of selections and improve the UI performance.
- Use dimension entities with fewer members to simplify Access Rule configuration and improve execution performance. For better scalability and performance, it is recommended to use dimensions with up to 100 members each.