In the context of Corporate Performance Management (CPM) software, cell-level application security refers to the granular control of access rights at the data cell level. This enables specific permissions for various users to view, edit or disallow access to very specific data points in the system. In CPM, a cell is an intersection of various dimensions such as account, department, location, product and so on.
Scenario: An international retail company uses CPM software to manage its sales data, costs, profits, and other financial metrics. The software houses sensitive information that needs varying levels of accessibility depending on the roles and responsibilities of the users.
Solution: With cell-level application security, the company configures different access rights for different users. For example, a finance manager could have full read-write control over most cells, while an operations manager is only allowed to edit three cells an expense sheet, but can view the rest of the sheet. This right level of security makes the CPM system more accessible to the broader company.
We like this level of granularity of security permissions because it enables the finance team to broaden access to the tool without worrying about inexperienced users corrupting the data. It also allows those users to play a part in the process, even if small, and receive a broader understanding of their role in the organization's financial success.
For most cases, finance admins will secure data by sheet, or by department, or by another broader mechanism. However, having this level of granularity will eventually be needed.
Most vendors offer this, especially vendors who are targeting more substantial use cases including user counts of 30+. Vendors selling to very small companies, where there may be 3 users, do not have a need for this functionality and therefore may not offer it.