Granular security roles allow specific users to be provided access by dimension, sheet, cell, functional area

Description

This feature allows administrators to manage data security for users at a detailed level, providing them with maximum flexibility when expanding usage of the CPM platform.

Example Use Case

Scenario: A finance company uses CPM software to manage company-wide financial data. A sudden internal audit requires specific employees, who do not normally have access to all data, to view certain dimensions, sheets, and cells.

Solution: With granular security roles enabled, the system admin can provide temporary, controlled access to these employees, allowing them to complete the audit effectively without compromising overall data security. After the audit, access can be rescinded or modified, maintaining the integrity of the company's data management practices.

Considerations

This takes the opposite approach to “group security” by allowing the administrator to go deep into the model and secure very specific data intersections, sheets, and so on. As a warning, this can result in difficult maintenance over time if the CPM product does not allow the admin to view all user's security capabilities in one centralized location. In other words, when going this granular, it is hard to understand at a high level who can view what, in what version, and what they can do with it when they access it.

On the enterprise level, we see products that offer this depth. In those environments the user usually has a dedicated admin managing all these roles and exceptions, making it practical. For smaller organizations, this is a maintenance burden and could dissuade them from broadening usage. We recommend using this sparingly.

Questions to Ask a Vendor

• Security Rules Config: How flexible is your system in allowing us to define user roles and permissions? How deep into the data can we go?
• Security Overview: Where can we see a report showing everyone's access? Do we have to view each user individually to audit access?