Admin
| Action in CXO Cockpit | Report Builder | Report Admin | Reports Security Admin | Integration Admin | Security Admin |
|---|---|---|---|---|---|
| Create report | x | x | |||
| View any report | x | ||||
| View own reports depending on own menu-item permissions | x | x | |||
| Modify or delete any report | x | ||||
| Modify or delete own reports not yet placed in menu | x | x | |||
| Place reports in the menu | x | ||||
| Give permissions to view reports | x | ||||
Create and modify shared objects like variables, formats, cube calculations and lists | x | ||||
| Create new private objects from scratch or based on a copy of a public object | x | x | |||
| Setup users and user groups | x | ||||
| Connect CXO-Cockpit to a source system | x |
Introduction
In CXO Designer, from under Permissions tab, a user with the Security Admin permission can set the permissions that a user or user group will have. To set the permissions:
- Click Users
- Click User Groups or Users
- Click Edit
- Click Permissions
- Select the access for the user(s) and click Save
CONTENT
| Table of Contents |
|---|
General Permissions
The "Access Mobile Version" Access Menu and Full POV permission indicates whether the user or users belonging to a specific group will be able to access the mobile version.
Comments
This set of permisssions access the reports in the menu with the appurtenant POV. Giving this permission bypasses the Light User. Only Regular Users can access the menu and full POV.
Designer Permissions
The Designer Permission indicates whether the user or users belonging to a specific group will be able to Edit, Lock, Unlock Comments and View Comments Historyaccess the CXO-Designer or Source System manager. Refer Admin for more details.
Draft Data
This These set of permissions indicates whether he the user or users belonging to a specific group will be able to view Draft Data. Refer How to use - Draft Period Data or period data.
- View Draft Period Data - Ability to view, and select in the report's Point of View, data from the period marked as Draft
- View Data Beyond Draft Period - Ability to view, and select in the report's Point of View, data from periods after the Draft Period
Comments
These set of permissions indicates whether the user or users belonging to a specific group will be able to Edit, Lock, Unlock Comments and View Comments History.
- View Comments History - Ability to read comments & narratives (Applies to everyone who is allowed to view the data)
- Edit Comments - Ability to edit comments & narratives
- Lock Comments - Ability to lock comments & narratives (No more editing allowed)
- Unlock Comments - Ability to unlock comments & narratives (Usually only the Administrator or the process owner is allowed to unlock)
Data Warehouse Adapter
This These set of permissions indicates whether he the user or users belonging to a specific group will be able to Edit Data Wharehouse Warehouse Data and Metadata.
Report Builder
The Report Builder can build reports by reusing global (public) objects or creating his own private objects. Report Builders can build new reports or edit the reports they have created themselves.
The User can be created to have Report Buildet Permission or be set as member of User Group that has Report Builder permisiions.
Report Builder Role Specifics
This is how the Design Studio looks for Report Builder:
SCREEN with user: User1
pass: 654321
The following menus, which are present for Administrators, are hidden from Report Builder:
- Users
- Menu items
- Application Settings
The following Shared Objects are available, but the resulting grids are Read-Only:
- Cube Calculations – Only list of avaliable Cube calculations and their details are present
- View Lists - Only a list with Shared lists
- View Formats - List of Formats and their details
- View Variables - List of Variables nad their Details
- View Palettes - List and Details
- View Narrative Templates - List and Details
Report Builder can view already published reports
When Report Builder views the reports, created by other users (published reports), he cannot modify them. Report Settigs tabs are displayed in read-only mode. In the same way he cannot modify the lists and the formats, used for such reports.
Report Builder can build reports using existing lists or creating linked lists
When Report Builder decides to build a report by using the existing (Shared) lists, these lists will appear as read-only in the Content Panel. Repport Settings become available for modifications.
In this Report Content Settings, Report Builder has the possibility to create Report list which will be used for this report only.
Report Builder can create Drill-lists and Formats
For each Report List, linked to his Report, Report Builder can create specific Linked List (created for the drill-down from a member of that list) and Formats.
Create a Linked List
Maintain List Formats
Report Builder can reuse his own previously created lists
Report Builder can reuse his own previously created lists
When Report Builder creates a copy of his own report lists (but not drill lists), this list will be copied together with all drill lists linked to it. To make the drill list be used in several reports Report Builder should create it on report level first and then copy it in any report he wants.How Administrator can promote reports
On the Open Report Panel, Administrator has 4 tabs: Unpublished Reports, Reports by Menu, Reports by Template and Recent Reports. Unpublished Reports section includes the reports, which were created but not published yet. These reports are sorted by the user names, who created the reports. To publish a report Administrator needs to place it in the menu by selecting the report and clicking on the gaer that will appear.
Once the report is published by the Admninistrator, the Report Builder cannot edit it anymore. If after publishing the report the Administrator decides whether Report Builder will be able to see the report.
- Edit Data Warehouse Data - Ability to edit data, save them and process it towards the OLAP cube
- Edit Data Warehouse Metadata - Ability to maintain and create Metadata and process it towards the OLAP cube
Workflows
These following set of permissions decide whether the user or users belonging to a specific group will be able to:
- Access workflows: Only if a user has this permission enabled will they be able access workflow tab
- Create workflows: When this option is enabled for a user, the +New tab to create a new workflow becomes available for the user
- Edit workflows: When this option is enabled, the user can edit the template or the instance of the workflow. Edit workflow permission allows the user to make changes to the owner and/or due date for a step of the workflow.
- Full control over all instances: Admin with this option enabled has full control over the workflow functionality. It also allows the user to mark a step as done even if the step is not assigned to them.
Other Permissions
The Access Mobile Version permission indicates whether the user or users belonging to a specific group will be able to login in through the CXO mobile app.
The Edit MDX permission indicates whether the user having Report Builder rights will be able to write MDX statements via linked cube calcs or linked MDX lists.
Permissions inheritance
Each user or user group can be member of one or more user groups. This can be set through the Main Tab inside Create New User / New User Group or Edit User / Edit User Group popup.
- When a user or user group is member of a user group, they will inherit all permissions from it (Permissions, Point of View Security Filters or Report Permissions).
- When a user or user group is member of more user group, they will get the sum of all permissions from all the user groups are a member of.
- In addition to the permissions inherited from the user group a user or user group are a member of, additional permissions can be set for the specific user / user group.
- The inheritance hierarchy can be as deep as needed, that is, it is possible to create basic user groups with permissions to be applied to most users (e.g. 'basic group') and then have additional user groups with more advanced permissions (e.g. 'group 1') who are member of the 'basic group', and then more complex user groups (e.g. 'group 2') who are member of 'group 1' and so on. User members of 'group 2' will inherit permission both set for 'basic group' and for 'group 1'.
Permissions inheritance allows to optimize the maintenance of users and user groups.
Inherited permissions cannot be removed. When creating or editing a user or user group, inherited permissions will appear in the popup as selected and disabled, while permission set for the single user or user group will appear selected but enabled.
Unselecting the option Show inherited permissions, only permissions set for the specific user or user group will appear.
Duplicated Permission
When a permission is both inherited and set for the current user or user group a symbol will appear close to the permission. It is suggested to remove duplicated permission to avoid potential problems for a scenario like:
- A user is given Report Admin permission
- In future, when more Admin users are needed, a user group Report Admin is created (with Report Admin permission) and the user is set as member of the group.
- After a period for any reason, the Admin wants to remove the Report Admin permission from the user. The user loses the permissions that were part of that group but retains the permissions assigned directly to the user.
To remove duplicated permissions:
- Unselect Show inherited permissions option to view permission set for the current user or user group
- Unselect the duplicated permission
- Select Show inherited permissions option, the duplicated symbol will not appear anymore
- Click Save