Add Security Configurations
Add security configurations to secure the subject areas and data with ready-to-use and custom duty and data type of application roles.
Configure Data Security
As a security administrator, provide users with access to data using the custom-created data type application roles.
You can add filters to data retrieved from logical or presentation objects based on the data roles assigned to users. You can add one customization step for each data role. The elements that you can secure are from the Main branch of the semantic model. Hence, if you need a newly added object to be secured, then you must ensure that the customization branch containing the newly added object is merged with the Main branch before configuring the security. If any of the custom-created role is no longer available, then the security configuration for that role is removed from the "Configure Data Security" step.
Configure Object Permissions
Configure the permissions for objects such as subject areas and its elements with the ready-to-use or the custom-created duty roles.
You secure the subject areas and their elements using the Configure Object Permissions, a ready-to-use single step. You edit this single step to specify the subject areas, their elements, and the duty roles to secure these with. The elements that you can secure are from the Main branch. Hence, if you need a newly added object to be secured, then you must ensure that the branch containing the newly added object is merged with the Main branch before configuring the security. If a custom-created role is no longer available, then the security configuration for that role is automatically updated in the existing Configure Object Permissions step.
For the front-end objects such as KPIs and decks, set the permissions individually for each object by adding the applicable duty role and the corresponding access. See Inspect a KPI and Inspect a Deck.
By default, the list of permissions by duty role displays the explicit permissions set for the subject area or the elements of the selected subject area. If you want to add more permissions, then select the duty role from the list and set the required permission. Permission levels that you can set are:
- Default (inherited from the parent element).
- No Access (deny access to the respective subject area or its elements)
- Read-only (access to read the respective subject area or its elements).
Repeat the operation for all the subject areas or the subject area elements that you need to secure.