Enabling Permission Levels for Table Reports

Objectives

After completing this lesson, you will be able to:

  • Explain how permissions apply to Table Reports

Table Report Permissions in Provisioning

There are three types of permissions applied to Table reports.

Row Level Permission

Row Level Permission determines which records of data a user has access to. This is generally defined by the Target Population of Role-Based Permissions (RBP), though there are other sharing concepts (such as Public Goals), which defines this access.

If a user is determined to have no access to a Row, then, when viewing a Table report, the row will not appear.

Row Level Permission is implicitly applied to Table reports based on the Scope defined in the report definition.

Field Level Permission

Field Level Permission defines whether a field is accessible for reporting. This is defined by the User View Permissions in Role Based Permissions (RBP). A user is defined as not having permission to a particular field if a union of all their roles has no view access for a given field to any target population.

If a user is determined to have no access to a field:

  • When creating a Table report the field cannot be selected
  • When viewing a Table report the field is visible, however, no data is shown

Field Level Permission is only applied if the appropriate Enable Field Level Permission setting is enabled using Provisioning (and then it only applies to supported reporting Domains).

Note
The inability to select the field when creating a report is the key difference between Field and Cell Level Permissions.

Cell Level Permission

Cell Level Permission defines whether a particular cell (intersection of Row/Field) is accessible for reporting. This is defined by a combination the User View Permissions and Target Population in RBP. A user is defined as not having permission to a particular cell if a union of all their roles has no view access for the given field to the specific population.

When a user is has no access to a Cell, the field remains visible in the Table report but no data is displayed in the cell.

Cell Level Permission is only applied if the appropriate Enable Cell Level Permission setting is enabled via Provisioning (and then it only applies to supported reporting Domains).

When enabling permission in provisioning:

  • Employee Profile Only means that field/cell level permissions are applied only for the EP schema.
  • All Sub Domain Schemas means that field and cell level permissions are applied when the EP fields appear in other schemas, such as opening the Performance Schema and seeing User Information that is coming from EP.
Note
It is recommended to enable for the All Sub Domain Schemas.

The following settings exist in ProvisioningCompany SettingsAnalytics and Dashboard Tabs & Misc. Reporting:

  • Enable Ad Hoc Field Level Permission (Employee Profile Only).
  • Enable Ad Hoc Cell Level Permission (Employee Profile Only).
  • Enable Ad Hoc Row Level Permission for Succession subdomain schema (only support MDF Position).
  • Enable Ad Hoc Field Level Permission for Succession subdomain schema (only support MDF Position).
  • Enable Ad Hoc Cell Level Permission for Succession subdomain schema (only support MDF Position).
  • Enable Field Level Permission for data model elements (in all Sub domain schemas).
  • Enable Cell Level Permission for data model elements (in all Sub domain schemas).

Log in to track your progress & complete quizzes