The Security PQL Script Editor exposes PQL functions within a simple point-and-click interface, which are combined with selected hierarchies, elements, and measures from the data model, in order write sophisticated expressions. Within the context of the Admin console, the PQL Editor is used to configure advanced member security on specified hierarchies for given user roles.
Once the script is written the logic is presented in the simplified script window. In this example, the bottom 10 % of Product Sales will be disabled for the selected role.
The hierarchy on which the member security was defined will appear orange with a padlock icon (red highlight below).
Using The Identity Functions
The Identity functions (in the Common library) can be used to drive member level security by customizing the data model for each user in the application. The Identity functions provide a simple way for admins to achieve this type of customization because they allow developers to reference facts about the currently logged in user - like username, roles, tenants, email etc. For instance, you could build a formula that checks the current user's roles, and returns a specific hierarchy in the data model accordingly.
- See here to learn how to achieve this using the UserRolesSet function.