Versions Compared

Version Old Version 13 New Version Current
Changes made by

Nadica Gaber

Rachel Thomas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Admin
Action in CXO CockpitReport BuilderReport AdminReports Security AdminIntegration AdminSecurity Admin
Create report xx   
View any report x   
View own reports depending on own menu-item permissionsxx   
Modify or delete any report x   
Modify or delete own reports not yet placed in menu xx   
Place reports in the menu x   
Give permissions to view reports  x  

Create and modify shared objects like variables, formats, cube calculations and lists  

 x   
Create new private objects from scratch or based on a copy of a public objectxx   
Setup users and user groups    x
Connect CXO-Cockpit to a source system   x 

CONTENT

Table of Contents

General Permissions

The "Access Mobile Version" permission

Introduction

In CXO Designer, from under Permissions tab, a user with the Security Admin permission can set the permissions that a user or user group will have. To set the permissions:

  1. Click Users
  2. Click User Groups or Users
  3. Click Edit
  4. Click Permissions
  5. Select the access for the user(s) and click Save

Image Added


CONTENT

Table of Contents

General Permissions

The Access Menu and Full POV permission indicates whether the user or users belonging to a specific group will be able to access the reports in the menu with the appurtenant POV. Giving this permission bypasses the Light User. Only Regular Users can access the menu and full POV.

Designer Permissions

The Designer Permission indicates whether the user or users belonging to a specific group will be able access the CXO-Designer or Source System manager. Refer Admin for more details.

Draft Data

These set of permissions indicates whether the user or users belonging to a specific group will be able to access the mobile version.

 Comments

This to view Draft Data. Refer How to use - Draft period data.

  • View Draft Period Data - Ability to view, and select in the report's Point of View, data from the period marked as Draft
  • View Data Beyond Draft Period - Ability to view, and select in the report's Point of View, data from periods after the Draft Period

Comments

These set of permissions indicates whether the user or users belonging to a specific group will be able to Edit, Lock, Unlock Comments and View Comments History.

User Roles Regarding Comments

Each user can have the following roles Regarding Comments:

  • Reader - Able View Comments History - Ability to read comments & narratives (Applies to everyone who is allowed to view the data)
  • Editor Edit Comments - Able to Ability to edit comments & narratives
  • Locker Lock Comments - Able to Ability to lock comments & narratives (No more editing allowed)
  • Unlocker Unlock Comments - Able to Ability to unlock comments & narratives (Usually only the Administrator or the process owner is allowed to unlock)
Draft

Data Warehouse Adapter

This These set of permissions indicates indicates whether he the user or users belonging to a specific group will be able to view Draft Period Data or View Data Beyond Draft Period.

Data Warehouse Adapter

This set of permissions indicates whether he Edit Data Warehouse Data and Metadata.

  • Edit Data Warehouse Data - Ability to edit data, save them and process it towards the OLAP cube
  • Edit Data Warehouse Metadata - Ability to maintain and create Metadata and process it towards the OLAP cube

Workflows

These following set of permissions decide whether the user or users belonging to a specific group will be able to:

  • Access workflows: Only if a user has this permission enabled will they be able access workflow tab
  • Create workflows: When this option is enabled for a user, the +New tab to
Edit Data Wharehouse Data and Metadata.

Report Builder

The Report Builder can build reports by reusing global (public) objects or creating his own private objects. Report Builders can build new reports or edit the reports they have created themselves.

The User can be created to have Report Buildet Permission or be set as member of User Group that has Report Builder permisiions.

Image Removed

Report Builder Role Specifics

This is how the Design Studio looks for Report Builder:

SCREEN with user: User1

pass: 654321

The following menus, which are present for Administrators, are hidden from Report Builder:

  1. Users
  2. Menu items
  3. Application Settings

The following Shared Objects are available, but the resulting grids are Read-Only:

  1. Cube Calculations – Only list of avaliable Cube calculations and their details are present
  2. View Lists - Only a list with Shared lists
  3. View Formats - List of Formats and their details
  4. View Variables - List of Variables nad their Details
  5. View Palettes - List and Details
  6. View Narrative Templates - List and Details

Report Builder can view already published reports

When Report Builder views the reports, created by other users (published reports), he cannot modify them. Report Settigs tabs are displayed in read-only mode. In the same way he cannot modify the lists and the formats, used for such reports.

Report Builder can build reports using existing lists or creating linked lists

When Report Builder decides to build a report by using the existing (Shared) lists, these lists will appear as read-only in the Content Panel. Repport Settings become available for modifications.

In this Report Content Settings, Report Builder has the possibility to create Report list which will be used for this report only.

Image Removed

Report Builder can create Drill-lists and Formats

For each Report List, linked to his Report, Report Builder can create specific Linked List (created for the drill-down from a member of that list) and Formats.

Create a Linked List

Image Removed

Maintain List Formats

Image Removed

 

Report Builder can reuse his own previously created lists

Report Builder can reuse his own previously created lists

When Report Builder creates a copy of his own report lists (but not drill lists), this list will be copied together with all drill lists linked to it. To make the drill list be used in several reports Report Builder should create it on report level first and then copy it in any report he wants.

How Administrator can promote reports

On the Open Report Panel,  Administrator has 4 tabs: Unpublished Reports, Reports by Menu, Reports by Template and Recent Reports. Unpublished Reports section includes the reports, which were created but not published yet. These reports are sorted by the user names, who created the reports.  To publish a report Administrator needs to place it in the menu by selecting the report and clicking on the gaer that will appear.

Image Removed

 
 

Once the report is published by the Admninistrator, the Report Builder cannot edit it anymore. If after publishing the report the Administrator decides whether Report Builder  will be able to see the report.

 
  • create a new workflow becomes available for the user
  • Edit workflows: When this option is enabled, the user can edit the template or the instance of the workflow. Edit workflow permission allows the user to make changes to the owner and/or due date for a step of the workflow.
  • Full control over all instances: Admin with this option enabled has full control over the workflow functionality. It also allows the user to mark a step as done even if the step is not assigned to them.

Other Permissions

The Access Mobile Version permission indicates whether the user or users belonging to a specific group will be able to login in through the CXO mobile app.

The Edit MDX permission indicates whether the user having Report Builder rights will be able to write MDX statements via linked cube calcs or linked MDX lists.

Permissions inheritance

Each user or user group can be member of one or more user groups. This can be set through the Main Tab inside Create New User / New User Group or Edit User / Edit User Group popup.

  • When a user or user group is member of a user group, they will inherit all permissions from it (Permissions, Point of View Security Filters or Report Permissions).
  • When a user or user group is member of more user group, they will get the sum of all permissions from all the user groups are a member of.
  • In addition to the permissions inherited from the user group a user or user group are a member of, additional permissions can be set for the specific user / user group. 
  • The inheritance hierarchy can be as deep as needed, that is, it is possible to create basic user groups with permissions to be applied to most users (e.g. 'basic group') and then have additional user groups with more advanced permissions (e.g. 'group 1') who are member of the 'basic group', and then more complex user groups (e.g. 'group 2') who are member of 'group 1' and so on. User members of 'group 2' will inherit permission both set for 'basic group' and for 'group 1'.

Permissions inheritance allows to optimize the maintenance of users and user groups.

Inherited permissions cannot be removed. When creating or editing a user or user group, inherited permissions will appear in the popup as selected and disabled, while permission set for the single user or user group will appear selected but enabled.
Unselecting the option Show inherited permissions, only permissions set for the specific user or user group will appear.

Image Added

Duplicated Permission

When a permission is both inherited and set for the current user or user group a symbol  will appear close to the permission. It is suggested to remove duplicated permission to avoid potential problems for a scenario like:

  • A user is given Report Admin permission
  • In future, when more Admin users are needed, a user group Report Admin is created (with Report Admin permission) and the user is set as member of the group.
  • After a period for any reason, the Admin wants to remove the Report Admin permission from the user. The user loses the permissions that were part of that group but retains the permissions assigned directly to the user.
    Image Added  

To remove duplicated permissions:

  1. Unselect Show inherited permissions option to view permission set for the current user or user group
  2. Unselect the duplicated permission
  3. Select Show inherited permissions option, the duplicated symbol will not appear anymore
  4. Click Save