Model and Data Security

From the Security tab, assign read and write permissions for your data model according to user roles.

You can govern which roles will be able to view and edit your materialized databases, data models, and machine learning models (click here to learn more). This allows you to, for example, share your data models with others while restricting read and write access to your databases.

Setting Security

Security is set for databases and models at three levels:

Model

Roles are assigned read and write permissions to the database and data model from within Model. These permissions determine which user roles can open the materialized data model in Discover.

Content Management System

Once the data model has been created, set security in the CMS to determine which roles can open and edit the model definition file. The model definition file is the file containing the data flow, data model, and security. This file is stored in the content management system.

Admin Console

Metadata security can be governed from the Admin console, where administrators can manage database and data model security, as well as hierarchy, measure, and member security and overlays, using role level security. The permissions set here determine which roles will have access to the database and/ or data model in Discover.

These permissions may differ from the security permissions that were set from within Model. If this is the case, then any time the data model is processed, the security permissions set from within the model definition file will override the permissions set in the Admin console, unless Override Security is disabled from the Processing Options dialog. When the Override Security option is enabled, security set at the database and data model levels are overridden. Hierarchy, measure, member, and level security is not affected.

For instance, if Role 1 is granted read and write permissions from within the model definition file, then only Role 1 will have access to the materialized model in Discover. However, if Role 2 is then granted read and write permissions from the Admin console, or from the materialized manager, then both Role 1 and 2 will have read and write access to the model in Discover. If the data model is processed again, and Override Security is enabled, then Role 2 will no longer have access to the database and data model.

Materialized Manager

Read and write permissions for servers, databases, and data models can also be set from the materialized manager in the content management system.