Metrics Management supports setting security on objects, and assigning privileges to users. A user’s ability to perform actions on an object depends on the object’s security settings, the user’s privileges, membership in a group, and the user hierarchy.
About object security
Object security defines the actions that users can perform on a specific object. Object security allows or denies the actions that certain users can perform on the object. Object security can apply to individual users, groups of users, or all users. For example, object security settings can allow all users to view a specific book. In Figure 2‑10, the Balanced Metrics Management book’s object security settings allow the Everyone group to open and view the book. Typically, object security defines delete, edit, open, and view actions on an object. Some object types support additional actions.
Figure 2‑10 Object security settings for the Balanced Metrics Management book
About user privileges
A user privilege defines the actions that a specific user can perform on an object type. The system specialist assigns privileges that reflect a user’s role in the organization. Typical actions include create, edit, delete, and view. Other available actions are specific to an object type. User privileges can allow or deny an action on an object type. For example, privileges can allow a user to view books, and deny that user the ability to create or edit books. Figure 2‑11 shows book privileges for the CFO user. The CFO user is allowed to view books, but cannot edit books.
Figure 2‑11 Book privileges for the CFO user
About related actions
A related action is the parent or child of another action. A related action is specified in object security or user privileges. Specifying a parent action affects unspecified child actions. For example, in Setup Location—Security, allowing Edit also allows Edit Links, Edit Measure Links, Edit Measure Owners, Edit Owners, and Edit Submeasure and Formulas, as shown in Figure 2‑12.
Figure 2‑12 Allowing the Edit parent action
Setting a child action overrides the parent action. For example, in Setup User—Privileges, shown in Figure 2‑13, denying the Edit Dashboard privilege overrides allowing Edit for the measure. Selecting deny for any action overrides the allow setting for a related action.
Effective security represents the actions that a user can perform on a specific object after considering the following factors:
Group membership
Object security
Parent or child action settings
Publisher hierarchy
User privileges
Effective security settings appear in Setup—Security for an object, Setup User—Security for a user, or Setup Group—Security for a group.
How to display the effective security settings
1 To view effective security, navigate to Setup—Security for an object or to Setup User—Security for a user. The example in Figure 2‑14 shows the CFO’s effective security settings for the Financing Costs measure.
Figure 2‑14 Viewing security settings
2 To see why an action is allowed or denied, in Actions for selected group or user, choose Explain. For example, Figure 2‑15 shows that the CFO user cannot delete the Financing Costs measure due to user privilege settings.
Figure 2‑15 Viewing an explanation of security settings
Group membership
