Introduction
From Permissions tab, the admin can set the permissions that the User or User Group will have.
CONTENT
General Permissions
The "Access Mobile Version" permission indicates whether the user or users belonging to a specific group will be able to login in through the CXO-Mobile App.
Comments
This set of permissions indicates whether the user or users belonging to a specific group will be able to Edit, Lock, Unlock Comments and View Comments History.
- View Comments History - Ability to read comments & narratives (Applies to everyone who is allowed to view the data)
- Edit Comments - Ability to edit comments & narratives
- Lock Comments - Ability to lock comments & narratives (No more editing allowed)
- Unlock Comments - Ability to unlock comments & narratives (Usually only the Administrator or the process owner is allowed to unlock)
Permissions inheritance
Each user or user group can be member of one or more user groups. This can be set through the Main Tab inside Create New User / New User Group or Edit User / Edit User Group popup.
- When a user or user group is member of a user group, he will inherit all permissions from it (i.e. Permissions, Point of View Security Filters or Report Permissions).
- When a user or user group is member of more user group, he will get the sum of all permissions from all the user groups he is member of.
- In addition to the permissions inherited from the user group a user or user group is member of, additional permissions can be set for the specific user / user group.
- The inheritance hierarchy can be an deep as needed, i.e. it is possible to create basic user groups with permissions to be applied to most users (e.g. 'basic group') and then have additional user groups with more advanced permissions (e.g. 'group 1') who are member of the 'basic group', and then more complex user groups (e.g. 'group 2') who are member of 'group 1' and so on. Users member of 'group 2' will inherit permission both set for 'basic group' and for 'group 1'.
Permissions inheritance allows to optimize the maintenance of users and user groups..
Inherited permissions can't be removed. When creating or editing a user or user group, inherited permissions will appear in the popup as selected and disabled, while permission set for the single user or user group will appear selected but enabled.
Unselecting the option 'Show inherited permissions, only permissions set for the specific user or user group will appear.
Duplicated Permission
When a permission is both inherited and set for the current user or user group a symbol 
will appear close to the permission. It is suggested to remove duplicated permission to avoid potential problems.
e.g.
- A user is given 'Report Admin' permission
- In a second time, when more admin are needed, a user group 'Report Admin' is created (with 'Report Admin' permission) and the user is set as member of the group
- After a period for any reason, the admin wants to take out the 'Report Admin' permission from the user. He will remove the user from the 'Report Admin' group and think this is enough, while as the user had the 'Report Admin' permission set previously on himself, even if he is no more member of 'Report Admin' user group, he will still maintain the capabilities associated to 'Report Admin' permission.
To remove duplicated permissions:
- Unselect 'Show inherited permissions' flag to view permission set for the current user or user group
- Unselect the duplicated permission
- Select again 'Show inherited permissions' flag, the duplicated symbol will not appear any more
- Save
Draft Data
This set of permissions indicates whether the user or users belonging to a specific group will be able to view Draft Data.
- View Draft Period Data - Ability to view, and select in the report's Point of View, data from the period marked as 'Draft'
- View Data Beyond Draft Period - Ability to view, and select in the report's Point of View, data from periods after the 'Draft Period'
Admin
| Action in CXO Cockpit | Report Builder | Report Admin | Reports Security Admin | Integration Admin | Security Admin | Storyboard Admin |
|---|---|---|---|---|---|---|
| Create report | x | x | ||||
| View any report | x | |||||
| View own reports depending on own menu-item permissions | x | x | ||||
| Modify or delete any report | x | |||||
| Modify or delete own reports not yet placed in menu | x | x | ||||
| Place reports in the menu | x | |||||
| Give permissions to view reports | x | |||||
Create and modify shared objects like variables, formats, cube calculations and lists | x | |||||
| Create new private objects from scratch or based on a copy of a public object | x | x | ||||
| Setup users and user groups | x | |||||
| Connect CXO-Cockpit to a source system | x | |||||
| Give users access to a storyboard in the CXO - Designer (via Tools) | x |
View Report Builder for more details on this role and on the differences between it and the Report Admin role.
Data Warehouse Adapter
This set of permissions indicates whether the user or users belonging to a specific group will be able to Edit Data Wharehouse Data and Metadata.
- Edit Data Warehouse Data - Ability to edit data, save them and process it towards the OLAP cube
- Edit Data Warehouse Metadata - Ability to maintain and create Metadata and process it towards the OLAP cube.