Manage Privileges

About Security in Metrics and Scorecards

Data permissions on Scorecard, KPI, and other related families are configured in Data Permissions in the Security Manager.

In APM, you can manage privileges for specific:

Note:
  • Only Super Users and members of the MI Metrics Administrator Security Group can manage privileges for the Analysis Services Cube records. Members of the MI Metrics Administrator Security Group can manage the privileges for individual KPIs and Scorecards. Other users can manage privileges only for the KPIs and Scorecards that they created and for which they have been granted update privileges.
  • If a Security User is assigned to multiple Security Groups, the user is granted the privileges of the Security Group with the most permissions. For example, if a Security User is assigned to both, the MI Metrics Viewer and the MI Metrics Admin Security Groups, the user is granted view, create, update and delete privileges.

About Cube Privileges

Cube privileges determine which Analysis Services Cube records are available for selection within Metric Views and KPIs. You can see the list of the users and groups that have access to any Analysis Services Cube record by viewing its privileges.

You can grant access or revoke the access to a cube via the Manage Cubes page. Only Super Users and members of the MI Metrics Administrator Security Group can manage privileges for the Analysis Services Cube records.

When users have been granted access to Analysis Services Cube records, they will be able to view the Metric Views, Scorecards, and reports that are based on the associated Analysis Services cubes.

Members of the MI Metrics Administrator Security Group can manage the entity-level privileges for all KPIs and Scorecards. Other users can manage privileges only for the KPIs and Scorecards that they have created and for which they have been granted entity-level update privileges.

About KPI Privileges

The KPI privileges that you set up in the APM are applied in addition to family-level permissions defined for the KPI families.

By default, all the MI Metrics User are given the View, Insert, Update, and Delete permissions to the KPI family.

You can also manage privileges at entity-level by selecting the users and groups that should have access to a given KPI. Via the Schedule, Alerts, and Privileges section, you can grant or revoke the privileges for the users and the groups.

The Super Users and members of the MI Metrics Administrator Security Group can, by default, manage privileges for all KPIs. Other users can manage the privileges for a KPI that they create, unless those privileges are revoked by an administrative user. Non-administrative users can also manage privileges for KPIs to which they have been granted Update privilege.

About Scorecard Privileges

The Scorecard privileges that you set up in the APM are applied in addition to family-level permissions defined for the Scorecard families. By default, all the MI Metrics User are given the View, Insert, Update, and Delete permissions to the Scorecard family.

You can also manage privileges at entity-level by selecting the users and groups that should have access to a given Scorecard. Via the Privileges section, you can grant or revoke the privileges for users and groups.

The Super Users and members of the MI Metrics Administrator Security Group can manage privileges for all Scorecards. By default, other users can manage the privileges for any Scorecards that they create, unless those privileges are revoked by an administrative user. Non-administrative users can also manage privileges for Scorecards to which they have been granted Update privilege.

Modify Access Rights to an Analysis Services Cube Record

About This Task

When users are granted access to Analysis Services Cube records, they can view the Scorecards, KPIs, and Metric Views associated with those records. Administrative users can grant or revoke privileges to Security Groups and individual Security Users so that they can access Analysis Services Cube records. Cube privileges determine which Analysis Services Cube records are available for Metric Views and KPIs. You can see the list of users and groups that have access to any Analysis Services Cube record by viewing the Privileges section.

Procedure

  1. Access the Manage Cubes page.
  2. In the left pane, select the Analysis Services Cube record to which you want to modify access.
    In the workspace, in the Privileges section, the User/Group list appears.
    Note: To revoke access from a user or group, in the User/Group list, next to the user or group whose privileges you want to revoke, select .
  3. To grant access to users and groups, in the User/Group section, select the Add User/Group link.
    The Select Users or Group window appears, displaying the User section.
  4. If you want to assign privileges to a group, then select the check box that appears next to each user name to whom you want to grant access to the cube.
  5. If you want to assign privileges to a group, then select the Group tab.
    The Group section appears.
  6. Select the check box that appears next to each group name.
    Note: Inactive Security Groups may also appear in the list.
  7. Select OK.
    The Select Users or Group window closes, and the new users or the groups appear in the User/Group list.
  8. In the User/Group list, next to each user or group, select or clear the View check box for the user or group. The View privilege allows the user or group to use the cube for creating a Metric View or a KPI.
  9. In the upper-right corner of the workspace, select .
    Your changes are saved.

Modify Access Rights to a Scorecard

About This Task

To view a Scorecard, a user must be granted privileges to specific Scorecards via the APM application. You can revoke privileges for users and groups that no longer need to access the Scorecard.

Note: Super Users and members of the MI Metrics Administrator Security Group can manage privileges for ALL Scorecards. Other users can, by default, manage the privileges for any Scorecard that they create, unless those privileges are revoked by an administrative user. Non-administrative users can also manage privileges for Scorecards to which they have been granted Update privileges.

Procedure

  1. Access the Scorecard design page.
  2. Select the Privileges tab.

    The Privileges section appears, displaying the User/Group subsection.

    Note: To revoke access from a user or group, in the User/Group list, next to the user or group whose privileges you want to revoke, select .
  3. To grant access to users and groups, select the User/Group link.

    The Select Users or Groups window appears, displaying the User section.

  4. Next to each user to whom you want to grant access to the Scorecard, select the check box.
  5. Select the Group tab.
    The Group section appears.
  6. Next to each group to which you want to grant access to the Scorecard, select the check box.
  7. Select OK.
    The Select Users or Groups window closes, and the new users or groups appears in the User/Group list.
  8. In the User/Group list, next to each user or group, clear the check boxes for any privileges that you do not want the user or group to have:
    • View: Allows the user or the group to view the Scorecard.
    • Update: Allows the user or the group to edit the Scorecard.
    • Delete: Allows the user or the group to delete the Scorecard.
  9. In the upper-right corner of the page, select .
    Your changes are saved.

Modify Access Rights to a KPI

About This Task

To view a KPI, a user must be granted privileges to specific KPIs via the APM application. By managing privileges, you select the users and groups that have access rights to a given KPI. You can also revoke privileges for users and groups that no longer need to access the KPI.

Note: Super Users and members of the MI Metrics Administrator Security Group can manage privileges for all KPIs. Other users can manage the privileges for any KPI that they create by default, unless those privileges are revoked by an administrative user. Non-administrative users can also manage privileges for KPIs to which they have been granted Update privileges.

Procedure

  1. Access the KPI design page.
  2. In the upper-right corner of the page, select .
    The KPI design page appears.
  3. Select the Schedule, Alerts, and Privileges tab.
    The Schedule, Alerts, and Privileges section appears, displaying the Select Users or Group list in the Privileges subsection.
    Note: To revoke access from a user or group, in the User/Group list, next to the user or group whose privileges you want to revoke, select .
  4. To grant access to users and groups, select the User/Group link.
    The Select User or Group window appears displaying the User section.
  5. Next to each user to whom you want to grant access to the KPI, select the check box.
  6. Select the Group tab.
    The Group section appears.
  7. Next to each group to which you want to grant access to the KPI, select the check box.
  8. Select OK .
    The Select Users or Group window closes, and the new users and groups appear in the User/Group list.
  9. In the User/Group list, next to each user or group, clear the check boxes for any privileges that you do not want the user or group to have:
    • View: Allows the user or the group to view the KPI.
    • Update: Allows the user or the group to edit the KPI
    • Delete: Allows the user or the group to delete the KPI.
  10. In the upper-right corner of the page, select .
    Your changes are saved.