Configuring access control for a factory
Often, it is important to control user access to Measure Factory data. Using Workbench, you can define groups, assign users to the groups, and then set the access control at the factory project level. In DivePort, you grant access to the environment or page for each DiveLine group as appropriate.
Sometimes, you need more selective security, such as hiding some summaries, limiting users to their specific department values, or hiding some dimensions from a set of users. Each of these requirements can be met by defining property/value pairs, assigning them to groups, and then using limits on the access configuration for the factory project.
It is less straightforward to allow access to aggregate data while restricting access to detail data. The aggregate data is computed from the detail data, so the user must have access to the detail data in order to see the aggregate data. In such a situation, consider splitting the data into two data sets. Create one data set at the detail level and another data set that is squashed. There are then duplicate measures: one set that is backed by detailed data and the other that is backed by the squashed data.
Any user can be granted access to see the squashed data, but access to the detail data can be limited. Note that you need to design your portal to explicitly transition from aggregate to detail when diving around. For example, an Analysis Portlet does not support that, but you could send the user to a different page that uses a different data set.
NOTE: You should be aware that the processes in Measure Factory modify the names of some rules and measures. See Considerations for Access Control.
See also: