Application Security Roles

Below are the specific Application-level security roles and what they control:

Administer Application

This role allows a user to administer the application and load zip files.  This is useful when multiple applications exist in one environment and different groups of administrators/users need to administer separate applications.

Administrator Database

This application-level role is intended for a few people that are allowed to mass delete metadata and data, primarily using the database page.

This roleType is unlike most other roleTypes because Administrators are not automatically given access to operations that require this role.

Open Application

This allows the user to see and open the application.

Modify Data

This allows the user to modify data. The user is basically a read-only user throughout this application if he/she does not have this role.

View All Data

This allows a group of users to view all data in the application.

Create Audit Attachments

This allows the user to create data attachments for supporting documentation.

Create Footnote Attachments

This allows the user to create a footnote attachment for supporting documentation.

Certify and Lock Descendants

This allows the user to certify and lock descendants from the Workflow. This is typically an administrator function.

Unlock and UnCertify Ancestors

This allows the user to uncertify and unlock ancestors from the Workflow. This is typically an administrator function.

Preserve Import Data

The administrator will lock the Workflows and then preserve imported data when changes need to be made. The Workflow can then be unlocked so changes can be made. 

Restore Import Data

This allows the administrator to restore imported data to the original state from the Preserve Import process.

Unlock Workflow Unit

This allows a user to unlock a Workflow Unit, however, the user must also have Workflow Execution access in order to lock a Workflow Unit.

View Source Data Audit

This allows a user to view the Source Data Audit Report within the Import Workflow.

Encrypt Business Rules

This allows a user to Encrypt and Decrypt a rule from the Business Rule screen in the Application tab, if the user is in the role.

Manage Application Properties

This allows a user to update this application’s properties.

Manage Metadata

This allows a user to edit metadata under the Dimension Library for this application.

Manage FX Rates

This allows a user to update FX Rates.

Manage Data

This allows users to manage data in all aspects included, but not limited to exporting data and clearing data completed through Data Management. This is typically an administrator function. 

Manage Cube Views

This allows a user to create new Cube Views and manage Cube View Groups and Profiles.

Manage Data Sources

This allows a user to create new Data Sources.

Manage Transformation Rules

This allows a user to create new Transformation Rules and manage Transformation Rules Groups and Profiles.

Manage Confirmation Rules

This allows a user to create new Confirmation Rules and manage Confirmation Rules Groups and Profiles.

Manage Certification Questions

This allows a user to create new Certification Questions and manage Certification Question Groups and Profiles.

Manage Workflow Channels

This allows a user to create new Workflow Channels.

Manage Workflow Profiles

This allows a user to create new Workflow Profiles.

Manage Journal Templates

This allows a user to create new Journal Templates and manage Journal Groups and Profiles.

Manage Form Templates

This allows a user to create new Form Templates and manage Forms Groups and Profiles.

Manage Application Dashboards

This allows a user to create new Application Dashboards and manage Dashboard Groups and Profiles.

Manage Application Database Files

Two file systems which are stored in the Framework database (i.e., the System database) and each Application database. Users in the security roles for ManageSystemDatabaseFiles and ManageApplicationDatabaseFiles have full read and write access to his/her user folders in those two database file systems, respectively. These folders are private to the user and access is intentionally restricted to just the user and managers.  Security cannot be edited for a user folder. Users can be given read and/or write access to specific folders in the database file systems using the individual folders’ security settings, however this excludes access to User folders and sub-folders.

Below are the specific Application-Level User Interface Roles and what they control:

Application Load Extract Page

This gives access to the Load/Extract screen located in |Application |Tools|. This is typically restricted to administrators.

Application Properties Page

This gives access to the Application Properties screen located in |Application |Tools|. This is typically restricted to administrators.

Application Security Roles Page

This gives access to the Application Security screen located in |Application |Tools|. This is typically restricted to administrators.

BookAdminPage

This gives access to the Book Designer screen located in |Application|Presentation|. This is typically restricted to administrators, or any users who create Report Books.

Business Rules Page

This gives access to the Business Rules screen located in |Application |Tools|. This is typically restricted to administrators.

Certification Questions Page

This gives access to the Certification Questions screen located in |Application| Workflow|. This is typically restricted to administrators.

Confirmation Rules Page

This gives access to the Confirmation Rules screen located in |Application |Workflow|. This is typically restricted to administrators.

Cube Admin Page

This gives access to the Cube Admin screen located in |Application |Cube|. This is typically restricted to administrators.

Cube Views Page

This gives access to the Cube Views screen located in |Application |Presentation|. This is typically restricted to administrators, or any users who create Cube Views.

Dashboard Admin Page

This gives access to the Dashboard Admin screen located in |Application |Presentation|. This is typically restricted to administrators.

Data Management Admin Page

This gives access to the Data Management Admin screen located in |Application |Tools|. This is typically restricted to administrators.

Data Sources Page

This gives access to the Data Sources screen located in |Application |Data Collection|. This is typically restricted to administrators.

Dimension Library Page

This gives access to the Dimension Library screen located in |Application |Cube|. This is typically restricted to administrators.

FX Rates Page

This gives access to the FX Rates screen located in |Application |Cube|. This is typically restricted to administrators.

Form Templates Page

This gives access to the Form Templates screen located in |Application |Data Collection|. This is typically restricted to administrators.

Journal Templates Page

This gives access to the Journal Templates screen located in |Application |Data Collection|. This is typically restricted to administrators.

Transformation Rules Page

This gives access to the Transformation Rules screen located in |Application |Data Collection|. This is typically restricted to administrators.

Workflow Channels Page

This gives access to the Workflow Channels screen located in |Application |Workflow|. This is typically restricted to administrators.

Workflow Profiles Page

This gives access to the Workflow Profiles screen located in |Application |Workflow|. This is typically restricted to administrators.

NOTE: Click and begin typing the name of the Security Group in the blank field. As the first few letters are typed, the Groups are filtered making it easier to find and select the desired Group. Once the Group is selected, click CTRL and Double Click. This will enter the correct name into the appropriate field.