Managing Editing Rights for Data Model


#1

Hey there, we are currently facing the following challenge: we have users that only have analyst user rights but are able to change the data model.

What do we have to change in the settings in order to prevent this from happening?


#2

This sounds interesting… The only way that I could explain that is if you granted them folder admin rights. Is this the case?


#3

Hi Linda, Thank you for your prompt response. Actually we did gave them “Folder Admin” rights in order to have viewing right to the data model. Unfortunately they also have editing rights and are not only limited to viewing rights. I hope this makes sense.


#4

Folder admin rights are dominant over viewing rights, meaning that users with folder admin rights can actually change the data model… In order to prevent this, you have to revoke the folder admin rights of your analysts.

I have forwarded this as a feature request to our development team!


#5

Hello Niklas,

We had the same issue and we have solved it.

Our authorization concept per model.
• Have a main folder where users can only display analysis cockpits
o Analysis cockpits controlled by IM
o Display user can add selections
o User assignment done centrally by IM
• Have a Temporary folder where users can create and change analysis cockpits
o Analysis cockpits under control of the business
o User assignment done centrally by IM

To achieve the above behavior we have configured it in the following way:

  • Adjusted the config-custom,properties file in Celonis

User Permissions

----------------

If you want to use an external user permission system, it can be helpful to disable all permission sharing functionality

for all regular users. Only content administrators are allowed to pass permissions to users and groups, when

this setting is enabled.

instance.disable_user_permissions=true

  • Created display group
    • Assigned display group to display folder with display rights
  • Created change group
    • assigned change group to change folder with change rights
    • Assigned change group to root folder with display rights
      - required to be able to assign a model to a cockpit

Regards,

Frank


#6

Thanks for your answer, @Frank_Post !

That helped a lot.

Best regards,

Niklas