cancel
Showing results for 
Search instead for 
Did you mean: 

Is it possible to use 'Cell Data Access Security' to increase a user's access?

MarkBird
Contributor II

Hi

We have a requirement where users need access to all entities in the organisation but only for a specific set of accounts.

Currently we have a simple security model where users are restricted by Entity. I was hoping that I could create a Cell Data Access Security rule that will give them access to entities outside of their group for the specific set of accounts, but it feels as though the Entity access overrules the Cell Data Access Security?

To be clear I have Group A and Group B, restrictions  defined below.

Group A :

- Full access to all Group A Entities

- Additional access to Group B Entities (for specific set of accounts)

 

Group B :

- Full access to all Group B Entities

- Additional access to Group A Entities (for specific set of accounts)

 

1. Is it possible to grant access as I have described and am I just doing something wrong?

2. If the approach I am taking isn't the correct one, what is the best way to implement this kind of logic?

 

Thanks,

Mark

1 ACCEPTED SOLUTION

MarcusH
Contributor III

Hi Mark

That is possible. Entity access does not 'overrule' cell data access, it works in conjunction - if the user doesn't have access to the entity they can't see any data. And the Entity must be flagged as using Cube Data Access Security.

Your users will need to have access to all the entities in GroupA and GroupB. Then on the data access side, you either remove access to all accounts (ie Everyone has No Access) and then grant it for the relevant groups or grant access to all accounts and then remove it. 

View solution in original post

3 REPLIES 3

MarcusH
Contributor III

Hi Mark

That is possible. Entity access does not 'overrule' cell data access, it works in conjunction - if the user doesn't have access to the entity they can't see any data. And the Entity must be flagged as using Cube Data Access Security.

Your users will need to have access to all the entities in GroupA and GroupB. Then on the data access side, you either remove access to all accounts (ie Everyone has No Access) and then grant it for the relevant groups or grant access to all accounts and then remove it. 

Thank Marcus.

Thanks Marcus