In Pigment, access rights and permissions are treated just like any other data type such as number, integer, or text. This means you can create Metrics and use formulas to build custom security rules based on all of the data available in Pigment with a lot of flexibility.
You can restrict the access rights of a country manager so that they only see financial data for their own country, while central management can see a consolidated view for all countries.
This article will focus on building custom access rights rules.
First, create a new Metric and define the data type as “Access Rights”
Create the Metric with the Dimensions that you want to use to restrict access rights. Ultimately, the Metrics of access rights that you will apply must contain the User Dimension because Pigment needs to know which user to apply these rules on.
In order to apply these custom rules, go to Security tab > “Complement the roles with access rights rules” > “Add an access rights rule”.
You can apply these rules to:
- Some selected Metric(s) that already contain the Dimensions used in your Access Rights Metric (for example: Country, Department)
- All Metrics that contain a set of Dimensions, including the Dimensions used in your Access Rights Metric
- List Properties. Pigment lets you define on which Lists and on which Properties of this List these access rights should apply to. (for example: specific access rights for the Annual Salary property of my Employee list)
While building your custom security rules, keep in mind that they are cumulative as long as they restrict the users. This means that a rule preventing access to some data will always be prioritized against a rule that gives access.
Security rule configuration example:
Please also see this guide, Setting Up User Access: The Complete Practical Guide, for a more extensive explanation.