Defining and applying custom access rights

  • 21 December 2021
  • 0 replies
  • 259 views

Userlevel 3
Badge

In Pigment, access rights and permissions are treated just like any other data type such as number, integer, or text. This means you can create Metrics and use formulas to build custom security rules based on all of the data available in Pigment with a lot of flexibility.

 

Example

You can restrict the access rights of a country manager so that they only see financial data for their own country, while central management can see a consolidated view for all countries.

 

This  article will focus on building custom access rights rules.

 

First, create a new Metric and define the data type as “Access Rights”

Click on the image to expand the view

 

Create the Metric with the Dimensions that you want to use to restrict access rights. Ultimately, the Metrics of access rights that you will apply must contain the User Dimension because Pigment needs to know which user to apply these rules on.

 

Click on the image to expand the view

 

In order to apply these custom rules, go to Security tab > “Complement the roles with access rights rules” > “Add an access rights rule”.

 

Click on the image to expand the view

 

You can apply these rules to:

  • Some selected Metric(s) that already contain the Dimensions used in your Access Rights Metric (for example: Country, Department)
  • All Metrics that contain a set of Dimensions, including the Dimensions used in your Access Rights Metric
  • List Properties. Pigment lets you define on which Lists and on which Properties of this List these access rights should apply to. (for example: specific access rights for the Annual Salary property of my Employee list)

 

Note

While building your custom security rules, keep in mind that they are cumulative as long as they restrict the users. This means that a rule preventing access to some data will always be prioritized against a rule that gives access.

 

Security rule configuration example:

 

Click on the image to expand the view

 

Please also see this guide, Setting Up User Access: The Complete Practical Guide, for a more extensive explanation. 


0 replies

Be the first to reply!

Reply