BI Dashboard Builder - CMiC BI Security

System Privileges

The following system privileges pertain to BI Dashboard Builder:

System Privilege	Description
BIDBRDEDIT	Allows user, BI Developer or BI Administrator, to create, edit and delete dashboards.
BISECMNG	Grants BI Administrators full security privileges for BI Catalog Builder, giving them access to all data sources in BI Catalog Builder in order to grant members of security roles access to data sources and their business areas and folders. Note though, if Catalog Security was enabled in BI Catalog Builder, by using the Assign Roles context menu option, in BI Dashboard Builder they will only have access to data sources to which they have been granted access via BI Catalog Builder. Typically, though, admins would not need access to data sources in BI Dashboard Builder, only BI Developers would. In BI Dashboard Builder, this privilege grants administrator’s access to the Assign Roles to Dashboards – Dashboard Security option to grant members of security roles access to dashboards/queries/cards. Note, this option is available without opening a dashboard. NOTE: Depending on security setup, the administrator’s security role may also need to be assigned to the Assign Roles to Dashboards program. For more details, refer to Dashboard Security: Granting Access to Dashboards in the section below.

System Privilege

Description

BIDBRDEDIT

Allows user, BI Developer or BI Administrator, to create, edit and delete dashboards.

BISECMNG

Grants BI Administrators full security privileges for BI Catalog Builder, giving them access to all data sources in BI Catalog Builder in order to grant members of security roles access to data sources and their business areas and folders.

Note though, if Catalog Security was enabled in BI Catalog Builder, by using the Assign Roles context menu option, in BI Dashboard Builder they will only have access to data sources to which they have been granted access via BI Catalog Builder. Typically, though, admins would not need access to data sources in BI Dashboard Builder, only BI Developers would.

In BI Dashboard Builder, this privilege grants administrator’s access to the Assign Roles to Dashboards – Dashboard Security option to grant members of security roles access to dashboards/queries/cards. Note, this option is available without opening a dashboard.

NOTE: Depending on security setup, the administrator’s security role may also need to be assigned to the Assign Roles to Dashboards program. For more details, refer to Dashboard Security: Granting Access to Dashboards in the section below.

Security Setup & Rules – Catalog & Dashboard Security

1. Catalog Security: Granting Access to Data Sources, Business Areas & Folders

If at least one security role is assigned to any data source, business area or folder in BI Catalog Builder, Catalog Security is enabled.
Once Catalog Security is enabled, for each data source, business area and folder, only users belonging to the security role(s) assigned to them can use them.
In BI Dashboard Builder, if a user has rights to a data source, but not all of its business areas and folders, the business areas and folders to which the user does not have rights are hidden from the user.
If a user does not have rights to a data source, the data source and any dashboards/queries/cards using it are hidden from the user.
If Catalog Security is not enabled or used, Dashboard Security can be used to control user access to dashboards/queries/cards, as per the following about Dashboard Security.

2. Dashboard Security: Granting Access to Dashboards/Queries/Card Views

Initial Security Setup

After BI Dashboard Builder is installed, security roles must be assigned to the provided dashboards/queries/cards to make them accessible to users.
Granting Access to Dashboards/Queries/Cards

To grant a user access to a dashboard/query/card, the security role to which the user belongs must be assigned to the dashboard/query/card. This can be done using the “Assign Roles to Dashboard” option under the BI Dashboard Builder - Utilities - Menu of BI Dashboard Builder (shown below), by an administrator with the BISECMNG system privilege.

Depending on security setup, the administrator’s security role may also need to be assigned to the Assign Roles to Dashboards program using the Assign Roles to Programs screen in the System Data module, as shown in the screenshot below.

Pgm: FORMROLE – Assign Roles to Programs; standard Treeview path: System > Security > Roles > Assign Roles to Programs

NOTE: A link to launch the Assign Roles to Dashboards utility can be added as a new Console Tab using the Console tool, or to a Treeview using the Treeview Builder tool. The Target for this utility, which is required by the tools to create a link to the utility, is “SD - Assign Roles to BI Dashboards”.

Access to dashboards/queries/cards can also be granted in BI Analytics (refer to the BI Analytics guide) and in CMiC Field (refer to CMiC Field guide).

3. Set Up BI Developers

To set up a user as a BI Developer, an administrator with the BISECMNG system privilege needs to grant the developer the BIDBRDEDIT system privilege (allows user to create, edit and delete dashboards).

If Catalog Security is being used (set up in BI Catalog Builder), the BI Developer needs to be granted access to the data sources, business areas and folders required to create the dashboards they will be creating.

4. Dashboard Security for New Dashboards

When a BI Developer saves a new dashboard, the developer is asked to assign a security role to it. Only security roles to which the developer belongs can be assigned by the developer.

To assign other security roles to new dashboards, administrators with the BISECMNG system privilege can use the “Assign Roles to Dashboard” option under the Utilities menu, as described in part 2 (Dashboard Security) above.