What are the different ways to restrict access within Adaptive?
Access to sheets is granted by level or by user.
Access is granted by level (department, cost center, etc.) for any sheet that is on the Sheets tab. These sheets are also known as Level Dependent Sheets. A user will only see those levels that he/she has been given access to in the drop-down selectors on sheets and on reports.
Access to sheets on the Assumptions tab is granted on a per-user basis. These sheets are also known as User Assigned Sheets. This means that a user with access to the Assumptions sheet will see data for ALL levels and accounts that are available on the sheet, regardless of the level access that the individual has. The levels and accounts that are made available on this type of sheet are determined by the sheet creator.
Administrators can create roles to further specify what a user has access to in the application. Roles can be created by going to Admin, Create and Assign Roles – Set Role Permissions. There are templates in Adaptive Insights to assist you, but each role can be customized. The default settings for each template are below.
- Administrative: User has all permissions, EXCEPT Structure Import. Structure Import allows a user to reload or append any structure in the model (COA, organization structure, Custom accounts, etc.). Note: Structure Import cannot be used to update existing levels in a structure. For clients with Discovery, all Discovery permissions are enabled.
- Analysis: User has read-only access to sheets, can see which users are working in the application, and can create and run reports. For clients with Discovery, View Dashboards that have been published to them, Edit Personal Discovery Dashboards, and Use Analysis tools are the permissions that are enabled.
- Report Only: User can see other users logged in to the system and can create and run reports. For clients with Discovery, View Dashboards that have been published to them, Edit Personal Discovery Dashboards, and Use Analysis tools are the permissions that are enabled.
- Standard: User can edit data on sheets, access and create reports, see salary level detail, see which users are logged in, and approve levels in Workflow. For clients with Discovery, View Dashboards that have been published to them, Edit Personal Discovery Dashboards, and Use Analysis tools are the permissions that are enabled.
- Discovery Only: User can view dashboards that have been published to them, edit Personal Discovery Dashboards, and Use Analysis Tools. Users can also create and run reports and see which users are logged in.
Salary Detail Permission
There is a permission called Access Salary Detail. If this option is checked (and the Personnel sheet is configured so that access to the sheet requires salary detail permission), the user will be able to view the Personnel sheet for the levels that he/she has access to. A user must also have Editable Sheet Access permission to add/edit rows on the Personnel sheet.
If a user does NOT have the Access Salary Detail permission, he/she will not be able to view the Personnel sheet at all. When viewing the P&L, the user will see the consolidated total of the GL Salary account, but if the user tries to drill into the cell, an error message is displayed indicating that he/she does not have sufficient permission to view the data. There is not a way to restrict the value of the GL salary account by user. You can restrict the account by level (using Customization for Subplans), but not the value by user.
Report access respects level access. The level(s) that a user has access to on sheets is the same access that a user will have on reports. When saving a report, the user can select the “Show all data regardless of level” option. This option allows viewers of the report to see data for all levels available on the report. However, if a user tried to drill into data that he/she normally does not have access to, the system will display an error message and not allow the user to drill further.
With the current functionality, access cannot be granted by folder, nor can reports be assigned to individual users.
We do not recommend that employee names are set up as a dimension on the Personnel sheet, as the salary detail permission is bypassed, and there is a potential for a security breach. If names are a dimension, any user with the ability to create reports can run a report with the name dimension and the Salary Modeled account and see this sensitive information.
The Access Control section of Version Details (in Modeling > Versions) allows Administrators to determine what different types of users will be able to view and edit within specific Versions. Please see the Version Access article for additional information.