PAW (Planning Analytics Workspace) has four types of security: User Role, User Group, Folder Security, and Book Security. These security types are separated from the database security, such as cube security, element security and process security. A PAW administrator usually helps a user fix security issue in PAW. This article covers the common security issues that are reported by PAW users.
1. A user cannot see a PAW book (or a folder)
A sample PAW book called Sample View
If a user cannot see a PAW book and a PAW administrator can see it, the issue is related to the permissions of the book. The administrator will fix this issue by updating the folder security and book security or assigning the user to a group which has access to the book. However, it is recommended that the administrator also checks the folder in which the book is.
Folder security
The folder security is set on the “Set Permissions” page which shows users and groups in the first column and permission in the second column. A user can gain access to a folder by receiving the access through the username and/or group. In the screenshot below, User1 receives the “full control” access to the Sample Report folder. If User1 has no access to the folder through the username (Permission = Choose an option) but he is in the Expense Planning group, User1 will have the “view only” access to the Sample Report folder.
Book Security
The book security is very similar to the folder security, but the permissions apply to a book instead of a folder. A user must receive the permission to access a book through the username and/or group. If the permission settings are grayed out, this means that the book is inherited the security settings from the folder in which the book is saved.
The settings are grayed out and permissions of the Sample View report are inherited
User Group
If a user is assigned to a PAW security group, the user inherited the permissions of the group. An administrator should review the groups to which the user belongs to fully understand the user’s permissions. After knowing the groups, the administrator will review the folder and book security to find out whether the user has the permission to a particular folder or book.
The administration tile for checking user groups
2. A user cannot see the list of databases
This issue is related to the user role. A consumer does not have the permission to edit a PAW book (report). Therefore, the list of databases along with cubes and other objects is not visible to the user. If the user wants to see databases, the user must have the Analyst, Modeler, or Administrator role.
3. A user receives the below error message when opening a folder. This error means that the folder is missing, or the user does not have the access to the folder. If an administrator confirms that the folder exists, the user is having the folder security issue. To troubleshoot the folder security issue, please review the first issue in the Folder Security section.
4. A user receives the below error message when opening a report or a cube view. This is another common error message when the user does not have the permission to a PA (Planning Analytics) object like cube or dimension. Troubleshooting the security of a PA object is beyond the scope of this article. An administrator should start the troubleshooting steps by checking the object security in this situation.
When a user sees a security issue in PAW, an administrator should check the security settings in PAW and database (PA object security). Nevertheless, knowing the common security issues in PAW will help an administrator get to the root cause of an issue faster. Reviewing the User Role, User Group, Folder Security, and Report Security helps an administrator to understand the full picture of a user’s access. If you need help with analyzing a PAW security issue or designing efficient PAW security, please contact our experts at QueBIT.