Creating an Authorization Object

Authorization object is used to create data segments with restricted access permissions for different users or groups of users.

Data segments are cube slices that are fixed by specific analytics (dimensions).

Authorization object determines access permissions for users or groups of users to the specified data segments of two types:

NOTE. The authorization object with dynamic access permissions must be specified on creating process steps.

To open the wizard in the object navigator execute one of the operations:

Click the New Object > User Objects > Authorization Object button in the Create group of the Home ribbon tab of the object navigator.
Select the Create > User Objects > Authorization Object item in the object navigator's context menu.

Enter required values in the Name and Identifier boxes; the Comment box is optional.

Static. If the radio button is selected in the Available Roles area, the users or groups of users with read and read and write permissions are selected. Static permissions are permanent for all process steps based on user belonging to a specific group of users.
For Process Steps. If the radio button is selected in the Available Roles area, the users or groups of users, whose permissions will be determined on setting up specific process steps, are marked. Dynamic permissions are used only when a process step is being executed.

Static. Using checkboxes, determine users or groups of users, who have read permission or read and write permissions independently of process step execution:

For Process Steps. Use the checkboxes to determine users or groups of users with permissions applied only on execution of specific process steps:

After object basic properties have been determined, click the Next button. The following page of the Data Segments wizard opens:

The list of data sources and their dimensions enables the user to execute the following operations:

To add a data source, click the Add Data Source button.

The object selection dialog box opens:

Select one or several cubes in the dialog box that are data sources, and click the OK button.

To delete the selected data source in the list, click the Delete button. The data source will be deleted after operation confirmation.

To set selections, double-click the dimension or select it and click the Edit Value button. A dialog box opens to determine dimension values:

Select one of the radio buttons:

Undefined (all elements). If the radio button is selected, data of all dimension elements is included into the segment.

Determine. If the radio button is selected, select dictionary elements that will set data segment.

Click the Save button.

Thus, static data segments are created outside the processes using authorization objects, to which the permissions are granted for selected users or groups of users. Access permissions to static data segments are determined by discretionary access control method. Attribute-based access control method (ABAC) can be used along with discretionary access control method.

To work, dynamic data segments, that are created on starting process step and are active till it is finished, are defined in processes using authorization objects.

Creating Authorization Objects