- OneStream Community
- Forums
- Application Build
- Is it possible to use 'Cell Data Access Security' to increase a user's access?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2023 04:40 AM
Hi
We have a requirement where users need access to all entities in the organisation but only for a specific set of accounts.
Currently we have a simple security model where users are restricted by Entity. I was hoping that I could create a Cell Data Access Security rule that will give them access to entities outside of their group for the specific set of accounts, but it feels as though the Entity access overrules the Cell Data Access Security?
To be clear I have Group A and Group B, restrictions defined below.
Group A :
- Full access to all Group A Entities
- Additional access to Group B Entities (for specific set of accounts)
Group B :
- Full access to all Group B Entities
- Additional access to Group A Entities (for specific set of accounts)
1. Is it possible to grant access as I have described and am I just doing something wrong?
2. If the approach I am taking isn't the correct one, what is the best way to implement this kind of logic?
Thanks,
Mark
Solved! Go to Solution.
- Labels:
-
Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2023 10:08 AM
Hi Mark
That is possible. Entity access does not 'overrule' cell data access, it works in conjunction - if the user doesn't have access to the entity they can't see any data. And the Entity must be flagged as using Cube Data Access Security.
Your users will need to have access to all the entities in GroupA and GroupB. Then on the data access side, you either remove access to all accounts (ie Everyone has No Access) and then grant it for the relevant groups or grant access to all accounts and then remove it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2023 10:08 AM
Hi Mark
That is possible. Entity access does not 'overrule' cell data access, it works in conjunction - if the user doesn't have access to the entity they can't see any data. And the Entity must be flagged as using Cube Data Access Security.
Your users will need to have access to all the entities in GroupA and GroupB. Then on the data access side, you either remove access to all accounts (ie Everyone has No Access) and then grant it for the relevant groups or grant access to all accounts and then remove it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-17-2023 04:41 AM
Thank Marcus.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-17-2023 04:42 AM
Thanks Marcus
- Extract detailed user info with business rule in Rules
- Is it possible to hide workflows based on Period? in Workflow and Data Integration
- How to access Security Group assigned to WF Profile in Rules
- How to use the Text1 field from a user's security profile as a parameter in a dashboard in Rules
- Custom table limitation in Workflow and Data Integration
