Managing Permissions

---

Besides defining access and restrictions on cubes, it may be necessary to define permission on the different analytic components saved in the server as well. O3 Server Administrator lets you assign permissions on: Scorecards, Models, Rules, Actions, Desktops, Queries, Dashboards, Reports, Simulations and Expressions.

Note
The managing of permissions on views differs from these components due to the required integration with cubes and the way in which users can continuously create, improve and share the views.

Assigning permissions to Components

On Scorecards, Models, Rules, Actions, Desktops, Queries, Dashboards, Reports, Simulations and Expressions, access definitions and restrictions are applied on the cubes they use, but it may be necessary, for instance, to restrict users so they cannot modify or see certain components. 

Permissions to Read, Write and List can be assigned on these components. In the same way as for cubes, the assignment of these permissions is performed on the roles and users playing each role acquire the permissions indirectly. It is relevant to bear in mind that permissions can only be assigned to those components saved in O3 Server.

The following picture shows the tab where permissions are assigned, in the Properties Pane of the Security branch in O3 Server Administrator

It is also possible to assign permissions on components to a role in a general or particular way. For instance, you may assign permissions to a role  to Read all defined desktops by default, and only assign permissions to Write on a certain desktop for users to improve it.

In order to assign permissions in general, the first item in the list of components is always Repository. This special item does not correspond to any specific component and is used to assign permissions inherited by the remaining components of the list by default.

By default, when a component is first saved in O3 Server, it inherits the permissions to Read, Write and List  defined in the first Repository item of each role.

In turn, also by default, this Repository item is configured with the Inherit value, which means that all users playing the role will have full permissions on the components of the selected type.

To assign permission on components to a role:

1. Start O3 Server Administrator.
2. Expand the Services | Security branch in the Administration Tree.
3. Click on the Permissions tab in the Properties Pane. This tab displays a list with the defined roles on the right and an area for the assignment of permissions.
4. Select the role to which you wish to assign permissions from the list.
5. Select the type of component on which you wish to assign permissions from the Component drop-down list in the Permissions area. This area also displays a list of the components of the selected type saved in O3 Server, plus the Repository item to assign permissions in a general way.
6. Select the component on which you wish to assign permissions from the drop-down list.
7. To assign permissions on the selected component of the list it is necessary to change the values of the Read, Write and List columns.
   Values are indicated independently, and by default each component is configured with the Inherit values.
   The available values to assign permissions are:
   • Deny. Users playing the selected role will be denied the permission corresponding to the column. 
   • Allow. Users will have the permission corresponding to the column. 
   • Inherit. Permission will be determined by the value of the first item on the list, Repository.
     The way to assign permissions  to a certain role on all the components is by assigning the Inherit value.  
   • Click on the Apply button in the Permissions area to confirm changes to permissions.
     When you change a permission, the list of roles and the frame to select the type of component are automatically disabled until the performed change is applied or canceled. 

Managing Permissions on Views

---