Managing Groups and Users

See the following scenario depicting how to implement a security model to control user access to BI content.

After creating a new group, you can add users, add subgroups, or specify group membership.

Subgroups give more levels of organization, so they’re useful when you set object permissions (rights) to control other user access to your BI platform content.

It's useful to create subgroups when you want to further classify groups of users. For example, you can be grouped by location (such as European), and then further divide by group according to their department (such as the European Finance Team).

Default Groups

There are groups that are built-in in the BI platform. The following groups are available by default:

• Administrators

• Everyone

Every user belongs to the Everyone group. This means that any rights that are assigned to the Everyone group apply to every user account in your BI Platform. The Everyone does not have subgroups.

The Administrators group is granted Full Controlto all objects in the BI Platform. This means that members of this group have the right to perform almost any task in the BI Platform - including assigning rights to others.

The administrator account is a member of the Administrators group. By default, the administrator (user account) is the owner of everything in the BI Platform that is not created by another user. This concept of ownership is important in managing security. We will discuss details about rights and security in the next unit.

The Group Hierarchy view is part of the side panel in the Users and Groups area of the CMC. Initially, the top-level groups are displayed. In order to view sub groups, you can either expand the group (+ symbol) or select a group. In the latter case, the sub groups and members are displayed on the right.

This behavior is different than the Group Listview. The Group Listdisplays all groups in a "flat" list, with no obvious relationship of parent group to sub group.

You can use either view to navigate to groups and perform group-related tasks, such as adding users or changing properties

In the Users and Groups management area, you can specify everything needed for a user to access the BI platform.

You create new users in the CMC. First, you must specify the properties of the new user before assigning group membership.

After a user account has been created, you can modify the account properties. The properties that can be modified include:

• Account

  The account name is the unique identifier for a user account and is the user name entered when logging into the BI platform.

• Full Name

  This optional field is used to capture the user’s full name. We recommend that you use this field, particularly when managing many users

• E-mail

  This optional field is used to add the user’s e-mail address and is used for reference only. For example, if the user forgets their password sometime in the future, you can retrieve their e-mail address from this field to send them their password.

• Description

  This optional field is used to add information about the user, such as their position, department, or geographic location.

The default Administrator is part of the Administrator Group and is used for the initial setup and owns all objects by default.  Guest users are not active by default, but can be used to test the Everyone Group or general purpose testing.

See the following video to know how to end a user session from the CMC.