DeepSee: Setting up security - Part 3 of 5

In part 1 and part 2 of this series we set up two user types, simpleuser and poweruser. In this part of the tutorial we create one last user type having privileges typically needed by an administrator/developer in analytics.



Granting access to Architect, Folder Manager, Query Tool, and Settings pages


The third and last user type that we define in this post is typical for an an administrator or developer in analytics. This user type adds to poweruser the ability to access Architect and the Folder Manager user interface. Architect allows users to to modify or create DeepSee models, whereas Folder manager is useful to maintain DeepSee items (i.e. pivot tables, dashboards, etc). 

Create a DSAdmin role

According to the documentation we need USE permissions for the %DeepSee_Portal and %DeepSee_ArchitectEdit to grant full access to Architect (see the row for the task “Modifying an existing cube or subject area in the Architect” in the table). Notice that %DeepSee_Architect providing Read-only access to Architect is not needed when %DeepSee_ArchitectEdit is granted. 
To grant access to Folder Manager, Query Tool, and Settings pages (see the row for the task “Folder Manager Page - Query Tool page - Settings pages” in the table) we need USE permissions for the %DeepSee_Portal resource, and either the %DeepSee_Admin or %Development resource. 
Create a DSAdmin role including the following resources:
 

ResourcePermission
%DeepSee_PortalUSE
%DeepSee_ArchitectEditUSE
%DeepSee_AnalyzerEditUSE
%DeepSee_Admin or %DevelopmentUSE
%DB_APP-DATARW

Create an Admin user

In Users page > Create New User create an Admin user with the DSPowerUser and DSAdmin roles assigned as shown in the following screenshot:

You might have noticed that most resources in DSPoweruser and DSAdmin overlap. I leave to the reader the exercise of implementing security for DSAdmin in a less redundant way. 

Test Admin

Open an incognito/private window of your browser and log in as Admin. Architect should be accessible and cubes or subject areas fully editable. Navigate to Analyzer and User Portal and confirm that Admin can view, create and edit pivot tables and dashboards. Check that the DeepSee > Admin > Folder Manager and Settings pages are fully accessible. Test the DeepSee > Tools > Query Tool page by running an MDX query.


In part 4 we will see how to secure model elements (such as DeepSee cubes and subject areas) and DeepSee items (such a pivot tables, dashboards, folder items, KPIs, listings, listing fields).