Controlling Access to the BI User Console, BI Folders, Reports and Dashboards in SAI360

This section will touch on the folder structure used by SAI360, and which BI folders, reports and dashboards a user will have access to. Controlling to which DATA a user has access to is covered in the following sections for reports which are:

Granting Access to SAI360 Reports

The following is the minimum requirement to access any BI reports or tools.

To achieve ...

You need to ...

Granting access to SAI360 Reports.

To access any BI reports,

  • users need to be associated with a role which has the flag Available in BI selected (see here for more details).
  • AND this role must be used in SAI360 to grant access to a Folder or Report (see below for further details).

Controlling Access to the BI User Console

Access to the BI User Console is required for the following tasks:

  • Create Analytical and Interactive Reports
  • Create Dashboards
  • Administrative Tasks, like for example controlling access to BI Folders and Files.

To achieve ...

You need to ...

Granting access to the BI User Console.

The access to the User Console is granted by the following ROLE:

Policy Role - BI User Console

This role grants access to the User Console, but does not set any specific operations permissions in the User Console.

Folder Structure in SAI360

To make any report or dashboard available to users in SAI360, they have to be saved to a file structure within the BI User console (which, like SAI360, is a Web Service).

To access this structure, you need to be logged in as an administrative user, and then use the Browse button to navigate to it.

This structure has two top level folders:

  • Home Folder 

    The Home folder is used to contain "private" information for each SAI360 user.

    Whenever a SAI360 user saves a report or dashboard via the user console, this report will be saved under a sub-folder in "Home", with the folder name being the user's name. Should no such folder exist, then the system will automatically create the folder.

    Each user can create further sub-folders in his/her directory.

    In the SAI360 user console, the complete path to a user would be

    Home Menu path separator <User Name>.

    The entire content of a user's directory will be only accessible for this particular user.

    In SAI360, the content of a user's folder can be accessed via BI Reports Menu path separator My Reports (private).

  • Public Folder

    Any BI reports, charts or dashboards which need to be accessible to a wider group of users must be placed under a public folder. The name of this folder can be configured, but by default it will be

    Public Menu path separator e360.

    The folder structure beneath this level can be freely defined, to suit each client's needs.

Controlling Access to individual BI Folders, and Files

The access to Folders and Files in SAI360 can be defined by an Administrator, using the User Console.

Warning

WARNING:

The PUBLIC and the e360 folder are system folders, and therefore you must not modify the security settings for either of these folders.

Instead, only apply security on any of the sub-folders of SAI360.

The principle for Folders and Files is the same. While in the BI User Console ...

  • select a Folder, or a File
  • then click on Properties
  • in the following window select the Share tab.

    Folder properties for sharing

  • If the permissions of the currently selected Folder or File will be different from the 'parent', you will need to un-check the field "Inherits folder permissions".

To achieve ...

You need to ...

Granting access to a BI folder or file for ALL SAI360 users.

If you have a set of reports or dashboards to which ALL SAI360 users need to have access, the best way is to:

  • Create a dedicated folder under the "SAI360" folder.
  • Apply the role "Authenticated" - which will cover every user who is logged into SAI360.
  • For every file or folder within this folder, tick the box "Inherits folder permissions".

Limiting access to a BI folder or report/dashboard to certain SAI360 roles.

In most cases it will be necessary to control the access to reports. In this case, the following steps are necessary:

  • If present, remove the role Authenticated from the list of Users and Roles.
  • then Add the SAI360 role(s) which will have access.
    NOTE that the system will apply the same role inheritance or ancestry as it does in SAI360.
  • You can add or remove roles at any time.

"Publishing" changed security settings.

Changes to the security settings are effective immediately - there is no need to perform any "publishing" steps.

For users who are logged in at the time changes have been made, the changes will apply

  • when the user is refreshing their browser (Ctrl+F5).
  • logs out, and then logs in again.

Security Setup, with User having ...

Outcome

  • access to a folder
  • access to file in folder (report or dashboard)
  • As long there is at least one file in the folder to which the user has access, the folder will be visible.
  • Files (reports or dashboards) are available.
  • access to a folder
  • no access to a file in a folder
  • As long there is at least one file in the folder to which the user has access, the folder will be visible.
  • The file will not be shown to the user.
  • no access to a folder
  • access to file in folder
  • Neither the folder nor any of it's content will be shown to the user.
  • access to a dashboard
  • no access to a report which is included in the dashboard
  • The dashboard will be available for the user.
  • The system will replace the report with a warning message in the corresponding panel.

See Also

From an Administrator's and Designer's Perspective

Creating and Configuring Analytics Report

Creating and Configuring Interactive Reports

Creating and Configuring a Dashboard - Basics

Use of the SAI360 BI Report Designer

Implementing Data-Security for Reports