Analyzer Object and Data Permission Explained

Report accessibility and permission can be viewed as two levels .
 
On the top level are Analyzer objects like reports and folders, since they are created by Analyzer so they are controlled by Analyzer. Permission configuration is similar to an operating system that you can assign to an object (read, write, visibility, etc.). For example here a report configured to grant different permissions for a user and a role. Please noted that you need to break the inheritance from the parent object in order for the permission to take effect.
 
 Screen_Shot_2017-09-07_at_10.09.35_AM.png
 
The top most folder is the Analyzer folder so make sure you check inheritance from the root level down.
Screen_Shot_2017-09-07_at_10.10.56_AM.png
 
The lower level (or the data level) is controlled by the SSAS (cube database) role. You can set up global (1) or database specific (2) roles in SSAS to control what data a user or group can see (3, 4) so different data can be presented to the users when opening the same report. Please note by default user has no access to the SSAS database until the user is added to the role (either global or local database). 
 
Screen_Shot_2017-09-07_at_10.25.01_AM.png
 
 
Unless your Analyzer has Single-Sign-On (SSO) feature enabled otherwise the roles in Analyzer has nothing to do with data access permission. The roles in Analyzer, simply let you group users together into a group so you can assign top-level permissions (Analyzer object level permission) as described above. 
 
The basic roles like Report Designer, General User, Administrator, and Mobile User are roles that grant user additional features in Analyzer like create new reports (Report Designer role) or access to administration page (Administrator role) or allow mobile report access (Mobile User role).
 
 
 
 
 
 
 
 
 
 
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.