To perform an action on an object, a user must have the privilege to perform the action, and the object must permit the action to be performed. Metrics Management performs a check on user privileges first, and then on object security. For example, if the CFO user attempts to edit the Financial measure, Metrics Management confirms that the CFO has the privilege to edit measures. Then, Metrics Management confirms that the Financial measure permits editing. If both conditions are met, Metrics Management permits the CFO to edit the Financial measure.