In IBM Clarity, hierarchy security is the security layer that controls who can see which dimension elements in a particular cube. Hierarchy security is just one component of the security profile. Here are some key definitions we need before discussing this further.
- Users – These are the individual users or logins for the Clarity application
- Roles – This is a group of users. A user can be a member of multiple roles. Roles can be members of other roles.
- Menu Items – The folders and items that users can see when they each login. This can be very different from one user to the next, because of security.
- Hierarchy Security – When running a report or template, which options are visible and/or selectable for a user.
- Workflow – The sequential process of who enters numbers and who approves them for each entity.
What is Hiearchy Security and why is it important?
Let’s use an example. Say we have a sales forecasting tool and each sales manager goes in to update their forecasts. Should all sales managers see everyone’s information? Should they be able to update everyone’s information? The most common scenario is that each sales manager can only see or update their own numbers. Regional managers can see a more broad area of the business, but they may not be able to update the numbers. Hierarchy security lets administrators set these boundaries. They only need to build one template, but since each person has different security, they are still limited to only what they should be able to see.
What if I Don’t Set It Up?
Setting up hierarchy security is not required for Clarity to work. Clarity will work fine without it, but there will be no ability to filter options depending on the particular user running the template or report.
When Should I Use It?
The most challenging part of security is getting the business teams to decide on security groups and permissions. Once those permissions are decided upon, implementing it is quick. To facilitate the security discussion, I often use the attached Excel file. Using just Excel, we start with a list of all users and then discover roles, menu security settings and hierarchy security settings. Once documented, setting it up is easy.