Intellicus Enterprise Reporting and Business Insights 19.1

Access Rights

0 views June 28, 2020 0

End-users, by default don’t have any system privileges. They specifically need to be granted access rights depending on their application access needs. For example, rights to be able to create and manage Query Object (QO) and Parameter Object (PO); rights to create, run and save ad hoc reports, etc. End users/ Designers should have appropriate rights on the category to be able to access objects within that category.

This application supports multi-level categories. A category may contain objects like Query Objects, Parameter Objects, dashboards etc.

Use Access Rights page to manage end-user access rights on categories, QO, PO, reports, dashboards and dashboard-widgets, analytical objects as well as Connections.

Click Navigate > Administration > Manage Users > Access Rights to open this page.

Access Rights
Figure 7: Entity Access Rights page

From Choose Object dropdown available on the top left of the page, select the object you want to work on.  List of the items will be available below.

Checkboxes to select assignees are in the center and access rights details appear on the right side of the page.

At a time, you can select an object and grant access right on the selected object to:

  • All users of all organization(s)
  • All users of the selected organization(s)
  • All users who are assigned the selected role(s)
  • Selected user(s)

Access rights are: Full, Deny, None and Partial.

General steps

To grant rights on category, select category in Choose Object dropdown, navigate to respective category and select the category.

To grant rights to an object, select respective object type in Choose Object dropdown, navigate to the category where the object is and select the object.

Now, select assignee(s), select access rights and click Save button.

Application will display an alert if you navigate away to another category, object or select another assignee without saving the changes.

Access rights for category

Objects like Reports, Parameter Objects (POs), Query Objects (QOs) etc. are saved in categories. Access rights for category are:

  • Full: Selected category and all its child categories will be listed to the user. User will be able to open any of the categories and carry out any operations on any of the objects in the categories and its child categories.
  • Deny: Selected category and any of its child categories (as well as objects in it) will not be listed to the user. As a result, user will not be able to access any of the categories (as well as objects in those categories).
  • None: Selected category and all objects in the selected category will not be listed to the user (hidden), but will be available for access to the user.
  • Partial: User can access selected category and all objects on which access is provided. For example, you may grant the user access to all reports, all QOs but not POs.

Access rights on Reports

These are the rights to carry out report operations on selected report (direct run and scheduled run).

  • Full: User will be able to carry out all the report operations on the selected report.
  • Deny: Selected report will not be listed to the user. User will not be able to carry out any operation on selected report.
  • Partial: User will be able to carry out report operations as per following on the selected report.
  • Include associated objects when checked under Reports, enables execute right for all objects associated with that report.
Schedule Reports

Select (All) to allow user to create private schedule of report delivery as well as run report in background for all delivery types. Uncheck (All) and select the delivery types to allow scheduled delivery and run in background operations in corresponding selected delivery option.

Delivery of scheduled reports can be made via publish, print, email or FTP.

Access rights on Query Object (QO) / Parameter Object (PO) / Analytical Object (AO)
  • Full: User will be able to carry out all operations on the QO / PO / AO.
  • Deny: User will not be able to carry out any operation on the QO / PO / AO.
  • Partial: Partial rights for QO / AO are: Read, Write and Execute. Partial rights for PO are: Read, Write and Prompt.
    • Read rights on QO / PO / AO: Object will be listed to the user. User will be able to open, view and save as a PO / QO / AO. To carry out these operations on a category, user should have Read rights granted at category level (all POs / QOs / AOs).
    • Write rights on QO / PO / AO: User will be granted all the rights that are granted through Write rights. Also, user will be able to update an object (modify it and save with the same name). To carry out this operation on a category, user should have Write rights given at category level (all POs / QOs / AOs).
    • QO / AO Execute: QO / AO will be listed to the user. User will be able to view the QO / AO details. User will be able to use it at all the places where that QO / AO needs to be executed / built, like during report execution.
    • PO Prompt: PO will be listed to the user. User will be able to view the PO details. User will be able to use it at all the places where that object’s execution is required, like Input Parameter Form.

Access rights on Dashboards / Dashboard Widgets

  • Full: User will be able to carry out all operations on the dashboard / dashboard widget.
  • Deny: User will not be able to carry out any operation on the dashboard / dashboard widget.
  • Partial: Partial rights for dashboard / dashboard widget are: Read, Write and Execute. If none of these rights are granted, it will not be listed and so user will not be able to execute or update it.
    • Read Rights: The dashboard / dashboard widget will be listed to user. User will be able to view the dashboard / dashboard widget. User will however be able to copy definition from one category to another.
    • Write Rights: User will be granted all the rights that are granted through Write rights. User will be able to update the definition (modify it and save with the same name) and delete the dashboard / dashboard widget.  To carry out this operation, user should have Write rights at category level.
    • Execute Rights: Dashboard / dashboard widget will be listed to the user. User will be able to view its details, and execute the objects on dashboard / dashboard widgets.
    • Include associated objects when checked under Dashboards, enables execute right for all objects associated with that dashboard.

Access Rights on Connections

  • Full: User will be able to run reports on the selected connection.
  • Deny: User will not be able to run reports on the selected connection.

Note: If Full or Deny is applied at the parent ( like category, organization) level, this will be applicable on the child entities. However, in case of Partial or None, child entity rights take preference over the parent.