How to restrict access to certain dimensions and measures in vizualizer?
How can I restrict access so that users only have a subset of fields to work with in visualizer? When I remove the default subject area, they can still type in the search bar to get to anything inside of it.
For reference, my setup is a single source space, single conformed dimension space, several model spaces, and single consumer space. I want to restrict access based on the models. The way I have it set up is that I add a user to an IFS role which populates an account group on Birst, giving them access to the proper spaces and collections. Now I just need to limit what they can get to in viz.
Thanks for any help on this!
Best Answer
-
Dan,
The best practice is having the SAs and corresponding access in the Consumer. Access at the package level is only for its visibility by the user in the associated access group(s) to connect it in the child space(s).
2
Answers
-
By stating "remove the default subject area" do you mean group access 'All Users in Space' in the Model Space and the other Subject Areas have the appropriate group access of those users who can see the contents in those SAs? The Custom SAs can then be added to a package with Access assignment. Access must be one level deeper than spaces and collections (report catalog).
0 -
Hi Diane, yes I removed the group "All Users in Space". My test user then could not see any subject areas but could still access all fields via search. However, after playing around further, once I added that account group under a different subject area it seemed to apply the security… maybe it required at least one subject area and there is a bug where if none are assigned then access is unlimited?
I also found that I was able to accomplish this in the current setup by creating the custom subject areas in the consumer space and have not had any need to add the test user to any space or package other than the consumer and yet it can still access the appropriate reports and subject area… does this seem right? I've also heard other people mention needing to add access at a package level but I'm not sure why that would be needed here or if I did something not to standard.
Thanks!
0