Extended Security Profiles are used by users to lock down the application's functionality for specific users (via roles) for a given content item. Providing more granular control of the application, extended security provides an quick and elegant solution to both content and data access through the lock down of certain advanced analytic functions.
Administrators create extended security profiles in the Profiles tab in the administrative console which is then exposed through the Save Dialog. Administrators can create any combination of choices related to certain advanced analytic functions in the main client. Each profile provides and unique collection of "switches" that can be turned off and on as a package. Each package can then be applied to each content item when it is saved for each role that will have read access to the relevant content item by the end user.
NOTE: Extended Security profiles only apply to public and group accessible content.
Profiles provide the ability to lock down the following general areas:
- Context Menus for analytics (drill down/up, dicing, focus/eliminate and cube actions)
- Context Menus for reporting (non-empty)
- Context Menus for member selection (element trees)
- Ribbons (saving, new cube sessions, searching, advanced querying capabilities)
- Advanced query setup (selection, hierarchy and element tree lock-downs)
- The viewing mode (workspace type or the runtime type)
- Access to Conversations and Collaboration
Profiles are applied when a user saves a content item. They appear as drop down choices next to each security role that has READ access to the given book (green highlight below).
When a user belonging to that role opens that item, the profile will be applied and changes the access to functions as defined.
IMPORTANT: If a user belongs to two or more roles, the extended security is applied as a COMPOSITE, giving the user the MOST access to the item across their profiles ("optimistic" application).