EducationSoftwareStrategy.com
StrategyCommunity

Knowledge Base

Product

Community

Knowledge Base

TopicsBrowse ArticlesDeveloper Zone

Product

Download SoftwareProduct DocumentationSecurity Hub

Education

Tutorial VideosSolution GalleryEducation courses

Community

GuidelinesGrandmastersEvents
x_social-icon_white.svglinkedin_social-icon_white.svg
Strategy logoCommunity

© Strategy Inc. All Rights Reserved.

LegalTerms of UsePrivacy Policy
  1. Home
  3. Topics

Workstation Privileges and Security Access

Roberto Lara

Vice President, AI Engineering • MicroStrategy

Starting with the release of Strategy ONE (March 2024), dossiers are also known as dashboards.
Privileges and Security Access in Workstation
Strategy has a rich security model that consists of three major components - privileges, security filters, and permissions.
 

  • Privileges are given on a per-user basis, some of which are also per-Application. These are meant to restrict the ability to perform certain privileged actions. For example, a user needs to be given the "Create Dataset in Workstation" privilege to be able to create new Datasets in that Application. Workstation will disable this action for users who do not have this privilege.
  • Security Filters can be configured so that users executing a particular query will only see certain data. For example, a security filter can be used to restrict a regional director to only visualize data from their region.
  • Permissions are used to either grant or deny the right to perform particular actions on an object. Strategy uses a common security paradigm, Access Control Lists, or ACLs, to determine if a user has the permission to execute a particular action.


 
This article will focus on Privileges and Permissions. In Workstation, Privileges and Permissions are used to enable or disable certain actions from being taken by the current User(s).
Privileges
   
Privileges can be granted or denied in Developer. The following table describes various actions in Workstation that are protected by Privileges. Some actions require multiple Privileges, and some may also be affected by Permissions.
 


Requires that user sends a password.Yes-
A known issue has been fixed in Strategy 2021 Update 3 where SSL connection would fail with the scram-sha-256 method when using Strategy ODBC driver for PostgreSQL.GSSAPI Kerberos AuthenticationRelies on a GSSAPI-compatible security library. Typically, this is used to access an authentication server, such as a Kerberos or Microsoft Active Directory server.Yes-
Supported since Strategy 2020 Update 3 and Strategy 2021. For details, see KB484540 and KB484541.Certificate AuthenticationRequires an SSL connection and authenticates users by checking the SSL certificate they send.Yes-
Supports only with native ODBC driver. For details, see KB484539.LDAP Authentication Relies on an LDAP authentication server.YesOther authentication modesSee this PostgreSQL documentation.On the roadmap. ActionPrivilege(s)Mac BehaviorWindows BehaviorConnect to an Environment via WorkstationServer – Intelligence:


Requires that user sends a password.Yes-
A known issue has been fixed in Strategy 2021 Update 3 where SSL connection would fail with the scram-sha-256 method when using Strategy ODBC driver for PostgreSQL.GSSAPI Kerberos AuthenticationRelies on a GSSAPI-compatible security library. Typically, this is used to access an authentication server, such as a Kerberos or Microsoft Active Directory server.Yes-
Supported since Strategy 2020 Update 3 and Strategy 2021. For details, see KB484540 and KB484541.Certificate AuthenticationRequires an SSL connection and authenticates users by checking the SSL certificate they send.Yes-
Supports only with native ODBC driver. For details, see KB484539.LDAP Authentication Relies on an LDAP authentication server.YesOther authentication modesSee this PostgreSQL documentation.On the roadmap. ActionPrivilege(s)Mac BehaviorWindows BehaviorConnect to an Environment via WorkstationServer – Intelligence:


Requires that user sends a password.Yes-
A known issue has been fixed in Strategy 2021 Update 3 where SSL connection would fail with the scram-sha-256 method when using Strategy ODBC driver for PostgreSQL.GSSAPI Kerberos AuthenticationRelies on a GSSAPI-compatible security library. Typically, this is used to access an authentication server, such as a Kerberos or Microsoft Active Directory server.Yes-
Supported since Strategy 2020 Update 3 and Strategy 2021. For details, see KB484540 and KB484541.Certificate AuthenticationRequires an SSL connection and authenticates users by checking the SSL certificate they send.Yes-
Supports only with native ODBC driver. For details, see KB484539.LDAP Authentication Relies on an LDAP authentication server.YesOther authentication modesSee this PostgreSQL documentation.On the roadmap. ActionPrivilege(s)Mac BehaviorWindows BehaviorConnect to an Environment via WorkstationServer – Intelligence:


Requires that user sends a password.Yes-
A known issue has been fixed in Strategy 2021 Update 3 where SSL connection would fail with the scram-sha-256 method when using Strategy ODBC driver for PostgreSQL.GSSAPI Kerberos AuthenticationRelies on a GSSAPI-compatible security library. Typically, this is used to access an authentication server, such as a Kerberos or Microsoft Active Directory server.Yes-
Supported since Strategy 2020 Update 3 and Strategy 2021. For details, see KB484540 and KB484541.Certificate AuthenticationRequires an SSL connection and authenticates users by checking the SSL certificate they send.Yes-
Supports only with native ODBC driver. For details, see KB484539.LDAP Authentication Relies on an LDAP authentication server.YesOther authentication modesSee this PostgreSQL documentation.On the roadmap. ActionPrivilege(s)Mac BehaviorWindows BehaviorConnect to an Environment via WorkstationServer – Intelligence:


Requires that user sends a password.Yes-
A known issue has been fixed in Strategy 2021 Update 3 where SSL connection would fail with the scram-sha-256 method when using Strategy ODBC driver for PostgreSQL.GSSAPI Kerberos AuthenticationRelies on a GSSAPI-compatible security library. Typically, this is used to access an authentication server, such as a Kerberos or Microsoft Active Directory server.Yes-
Supported since Strategy 2020 Update 3 and Strategy 2021. For details, see KB484540 and KB484541.Certificate AuthenticationRequires an SSL connection and authenticates users by checking the SSL certificate they send.Yes-
Supports only with native ODBC driver. For details, see KB484539.LDAP Authentication Relies on an LDAP authentication server.YesOther authentication modesSee this PostgreSQL documentation.On the roadmap. ActionPrivilege(s)Mac BehaviorWindows BehaviorConnect to an Environment via WorkstationServer – Intelligence:


Error will be thrown when trying to connect to an Environment. Error will say:
“The following privilege is required to access the resource you requested: UseWorkstation. Please contact the Strategy Intelligence Server Administrator to verify that the required privilege is granted.”Error will be thrown when trying to connect to an Environment. Error will say:
“The following privilege is required to access the resource you requested: UseWorkstation. Please contact the Strategy Intelligence Server Administrator to verify that the required privilege is granted.”Create New ApplicationServer – Intelligence:


Error will be thrown when trying to connect to an Environment. Error will say:
“The following privilege is required to access the resource you requested: UseWorkstation. Please contact the Strategy Intelligence Server Administrator to verify that the required privilege is granted.”Error will be thrown when trying to connect to an Environment. Error will say:
“The following privilege is required to access the resource you requested: UseWorkstation. Please contact the Strategy Intelligence Server Administrator to verify that the required privilege is granted.”Create New ApplicationServer – Intelligence:


Error will be thrown when trying to connect to an Environment. Error will say:
“The following privilege is required to access the resource you requested: UseWorkstation. Please contact the Strategy Intelligence Server Administrator to verify that the required privilege is granted.”Error will be thrown when trying to connect to an Environment. Error will say:
“The following privilege is required to access the resource you requested: UseWorkstation. Please contact the Strategy Intelligence Server Administrator to verify that the required privilege is granted.”Create New ApplicationServer – Intelligence:


Error will be thrown when trying to connect to an Environment. Error will say:
“The following privilege is required to access the resource you requested: UseWorkstation. Please contact the Strategy Intelligence Server Administrator to verify that the required privilege is granted.”Error will be thrown when trying to connect to an Environment. Error will say:
“The following privilege is required to access the resource you requested: UseWorkstation. Please contact the Strategy Intelligence Server Administrator to verify that the required privilege is granted.”Create New ApplicationServer – Intelligence:


 Clicking the Application plus button will trigger these privilege checks. The Create Application window’s drop-down will only show environments for which the User has all four privileges. If this is not true for any of the connected environments, an error will be shown saying “You cannot create an application”.Menu options to create new Application will be disabled, and the Application plus button will be disabledCreate New DatasetClient – Architect:


 Clicking the Application plus button will trigger these privilege checks. The Create Application window’s drop-down will only show environments for which the User has all four privileges. If this is not true for any of the connected environments, an error will be shown saying “You cannot create an application”.Menu options to create new Application will be disabled, and the Application plus button will be disabledCreate New DatasetClient – Architect:


 Clicking the Application plus button will trigger these privilege checks. The Create Application window’s drop-down will only show environments for which the User has all four privileges. If this is not true for any of the connected environments, an error will be shown saying “You cannot create an application”.Menu options to create new Application will be disabled, and the Application plus button will be disabledCreate New DatasetClient – Architect:


 Clicking the Application plus button will trigger these privilege checks. The Create Application window’s drop-down will only show environments for which the User has all four privileges. If this is not true for any of the connected environments, an error will be shown saying “You cannot create an application”.Menu options to create new Application will be disabled, and the Application plus button will be disabledCreate New DatasetClient – Architect:


Clicking the Datasets plus button will trigger this privilege check.  Applications where the user does not have this privilege will be disabled and not selectable.The Datasets plus button will be disabledImport DataServer – Analytics


Clicking the Datasets plus button will trigger this privilege check.  Applications where the user does not have this privilege will be disabled and not selectable.The Datasets plus button will be disabledImport DataServer – Analytics


Clicking the Datasets plus button will trigger this privilege check.  Applications where the user does not have this privilege will be disabled and not selectable.The Datasets plus button will be disabledImport DataServer – Analytics


Clicking the Datasets plus button will trigger this privilege check.  Applications where the user does not have this privilege will be disabled and not selectable.The Datasets plus button will be disabledImport DataServer – Analytics


In the Data Import window, the Local Files, Cloud, and Databases options will only be visible if the User has the corresponding privilegesIn the Data Import window, the Local Files, Cloud, and Databases options will only be visible if the User has the corresponding privilegesAccess Users & Groups,
Create New User/User GroupServer – Intelligence


In the Data Import window, the Local Files, Cloud, and Databases options will only be visible if the User has the corresponding privilegesIn the Data Import window, the Local Files, Cloud, and Databases options will only be visible if the User has the corresponding privilegesAccess Users & Groups,
Create New User/User GroupServer – Intelligence


In the Data Import window, the Local Files, Cloud, and Databases options will only be visible if the User has the corresponding privilegesIn the Data Import window, the Local Files, Cloud, and Databases options will only be visible if the User has the corresponding privilegesAccess Users & Groups,
Create New User/User GroupServer – Intelligence


In the Data Import window, the Local Files, Cloud, and Databases options will only be visible if the User has the corresponding privilegesIn the Data Import window, the Local Files, Cloud, and Databases options will only be visible if the User has the corresponding privilegesAccess Users & Groups,
Create New User/User GroupServer – Intelligence


In the Users and Groups environment selection screen, any Environment for which the User does not have this privilege will be disabled and not selectable. The icon will also say “No Access”.
 
Clicking the Users and Groups plus button will also trigger this privilege check. The Create New User/Group window’s drop-down will only show environments for which the User has this privilege. If no environments are connected where the user has this privilege, an error will be shown saying “You cannot create a new user or user group”.
 Any Environment for which the User does not have this privilege will be greyed out and not selectable in the drop down for Users and Groups. The Environment selector drop down will also say “(No Access)” along with Environment Name.
 
In addition, menu options to create new users and groups will be disabled, including the Users and Groups plus button.Access TopologyServer – Intelligence


In the Users and Groups environment selection screen, any Environment for which the User does not have this privilege will be disabled and not selectable. The icon will also say “No Access”.
 
Clicking the Users and Groups plus button will also trigger this privilege check. The Create New User/Group window’s drop-down will only show environments for which the User has this privilege. If no environments are connected where the user has this privilege, an error will be shown saying “You cannot create a new user or user group”.
 Any Environment for which the User does not have this privilege will be greyed out and not selectable in the drop down for Users and Groups. The Environment selector drop down will also say “(No Access)” along with Environment Name.
 
In addition, menu options to create new users and groups will be disabled, including the Users and Groups plus button.Access TopologyServer – Intelligence


In the Users and Groups environment selection screen, any Environment for which the User does not have this privilege will be disabled and not selectable. The icon will also say “No Access”.
 
Clicking the Users and Groups plus button will also trigger this privilege check. The Create New User/Group window’s drop-down will only show environments for which the User has this privilege. If no environments are connected where the user has this privilege, an error will be shown saying “You cannot create a new user or user group”.
 Any Environment for which the User does not have this privilege will be greyed out and not selectable in the drop down for Users and Groups. The Environment selector drop down will also say “(No Access)” along with Environment Name.
 
In addition, menu options to create new users and groups will be disabled, including the Users and Groups plus button.Access TopologyServer – Intelligence


In the Users and Groups environment selection screen, any Environment for which the User does not have this privilege will be disabled and not selectable. The icon will also say “No Access”.
 
Clicking the Users and Groups plus button will also trigger this privilege check. The Create New User/Group window’s drop-down will only show environments for which the User has this privilege. If no environments are connected where the user has this privilege, an error will be shown saying “You cannot create a new user or user group”.
 Any Environment for which the User does not have this privilege will be greyed out and not selectable in the drop down for Users and Groups. The Environment selector drop down will also say “(No Access)” along with Environment Name.
 
In addition, menu options to create new users and groups will be disabled, including the Users and Groups plus button.Access TopologyServer – Intelligence


Any Environment for which the User does not have this privilege will be greyed out and not selectable in the environment selection screen shown after selecting “Topology”. The icon will also say “No Access”.Any Environment for which the User does not have this privilege will be greyed out and not selectable in the drop down for Topology. The Environment selector drop down will also say “(No Access)” along with Environment Name.Topology – Start and Stop ServicesServer – Intelligence


Any Environment for which the User does not have this privilege will be greyed out and not selectable in the environment selection screen shown after selecting “Topology”. The icon will also say “No Access”.Any Environment for which the User does not have this privilege will be greyed out and not selectable in the drop down for Topology. The Environment selector drop down will also say “(No Access)” along with Environment Name.Topology – Start and Stop ServicesServer – Intelligence


Any Environment for which the User does not have this privilege will be greyed out and not selectable in the environment selection screen shown after selecting “Topology”. The icon will also say “No Access”.Any Environment for which the User does not have this privilege will be greyed out and not selectable in the drop down for Topology. The Environment selector drop down will also say “(No Access)” along with Environment Name.Topology – Start and Stop ServicesServer – Intelligence


Any Environment for which the User does not have this privilege will be greyed out and not selectable in the environment selection screen shown after selecting “Topology”. The icon will also say “No Access”.Any Environment for which the User does not have this privilege will be greyed out and not selectable in the drop down for Topology. The Environment selector drop down will also say “(No Access)” along with Environment Name.Topology – Start and Stop ServicesServer – Intelligence


Any Environment for which the User does not have this privilege will not allow the User to right-click to Start or Stop services in the Environment, when viewing Topology. No context menu will appear.Any Environment for which the User does not have this privilege will not allow the User to right-click to Start or Stop services in the Environment, when viewing Topology. The context menu options – Start and Stop are disabled. Access CertificatesServer – Intelligence


Any Environment for which the User does not have this privilege will not allow the User to right-click to Start or Stop services in the Environment, when viewing Topology. No context menu will appear.Any Environment for which the User does not have this privilege will not allow the User to right-click to Start or Stop services in the Environment, when viewing Topology. The context menu options – Start and Stop are disabled. Access CertificatesServer – Intelligence


Any Environment for which the User does not have this privilege will not allow the User to right-click to Start or Stop services in the Environment, when viewing Topology. No context menu will appear.Any Environment for which the User does not have this privilege will not allow the User to right-click to Start or Stop services in the Environment, when viewing Topology. The context menu options – Start and Stop are disabled. Access CertificatesServer – Intelligence


Any Environment for which the User does not have this privilege will not allow the User to right-click to Start or Stop services in the Environment, when viewing Topology. No context menu will appear.Any Environment for which the User does not have this privilege will not allow the User to right-click to Start or Stop services in the Environment, when viewing Topology. The context menu options – Start and Stop are disabled. Access CertificatesServer – Intelligence


Any Environment for which the User does not have this privilege will be greyed out and not selectable in the environment selection screen shown after selecting “Certificates”. The icon will also say “No Access”.Any Environment for which the User does not have this privilege will be greyed out and not selectable in the drop down for Certificates. The Environment selector drop down will also say “(No Access)” along with Environment Name.Download CertificatesServer – Intelligence


Any Environment for which the User does not have this privilege will be greyed out and not selectable in the environment selection screen shown after selecting “Certificates”. The icon will also say “No Access”.Any Environment for which the User does not have this privilege will be greyed out and not selectable in the drop down for Certificates. The Environment selector drop down will also say “(No Access)” along with Environment Name.Download CertificatesServer – Intelligence


Any Environment for which the User does not have this privilege will be greyed out and not selectable in the environment selection screen shown after selecting “Certificates”. The icon will also say “No Access”.Any Environment for which the User does not have this privilege will be greyed out and not selectable in the drop down for Certificates. The Environment selector drop down will also say “(No Access)” along with Environment Name.Download CertificatesServer – Intelligence


Any Environment for which the User does not have this privilege will be greyed out and not selectable in the environment selection screen shown after selecting “Certificates”. The icon will also say “No Access”.Any Environment for which the User does not have this privilege will be greyed out and not selectable in the drop down for Certificates. The Environment selector drop down will also say “(No Access)” along with Environment Name.Download CertificatesServer – Intelligence


Any Environment for which the User does not have this privilege will not show the “Download Certificate” button in the inspector window for Certificates.Any Environment for which the User does not have this privilege will show the “Download Certificate” button disabled in the inspector window for Certificate.Set Platform Analytics in Environment -> Get InfoServer – Intelligence


Any Environment for which the User does not have this privilege will not show the “Download Certificate” button in the inspector window for Certificates.Any Environment for which the User does not have this privilege will show the “Download Certificate” button disabled in the inspector window for Certificate.Set Platform Analytics in Environment -> Get InfoServer – Intelligence


Any Environment for which the User does not have this privilege will not show the “Download Certificate” button in the inspector window for Certificates.Any Environment for which the User does not have this privilege will show the “Download Certificate” button disabled in the inspector window for Certificate.Set Platform Analytics in Environment -> Get InfoServer – Intelligence


Any Environment for which the User does not have this privilege will not show the “Download Certificate” button in the inspector window for Certificates.Any Environment for which the User does not have this privilege will show the “Download Certificate” button disabled in the inspector window for Certificate.Set Platform Analytics in Environment -> Get InfoServer – Intelligence


Right click an Environment → Get Info(need Read permission on the Environment). If user does not have this privilege, the drop-down in the Platform Analytics section of the Properties tab is disabled.Right click an Environment → Get Info(need Read permission on the Environment). If user does not have this privilege, the drop-down in the Platform Analytics section of the Properties tab is disabled.Send to LibrariesClient – Architect


Right click an Environment → Get Info(need Read permission on the Environment). If user does not have this privilege, the drop-down in the Platform Analytics section of the Properties tab is disabled.Right click an Environment → Get Info(need Read permission on the Environment). If user does not have this privilege, the drop-down in the Platform Analytics section of the Properties tab is disabled.Send to LibrariesClient – Architect


Right click an Environment → Get Info(need Read permission on the Environment). If user does not have this privilege, the drop-down in the Platform Analytics section of the Properties tab is disabled.Right click an Environment → Get Info(need Read permission on the Environment). If user does not have this privilege, the drop-down in the Platform Analytics section of the Properties tab is disabled.Send to LibrariesClient – Architect


Right click an Environment → Get Info(need Read permission on the Environment). If user does not have this privilege, the drop-down in the Platform Analytics section of the Properties tab is disabled.Right click an Environment → Get Info(need Read permission on the Environment). If user does not have this privilege, the drop-down in the Platform Analytics section of the Properties tab is disabled.Send to LibrariesClient – Architect


Right-click a dossier or document. If User does not have this privilege, then the Share → Send To Libraries menu items will be disabled
 If User does not have this privilege then an error will be thrown after the user makes changes on the “Send to Library” window and clicks “Send” button.Certify an ObjectServer – Intelligence


Right-click a dossier or document. If User does not have this privilege, then the Share → Send To Libraries menu items will be disabled
 If User does not have this privilege then an error will be thrown after the user makes changes on the “Send to Library” window and clicks “Send” button.Certify an ObjectServer – Intelligence


Right-click a dossier or document. If User does not have this privilege, then the Share → Send To Libraries menu items will be disabled
 If User does not have this privilege then an error will be thrown after the user makes changes on the “Send to Library” window and clicks “Send” button.Certify an ObjectServer – Intelligence


Right-click a dossier or document. If User does not have this privilege, then the Share → Send To Libraries menu items will be disabled
 If User does not have this privilege then an error will be thrown after the user makes changes on the “Send to Library” window and clicks “Send” button.Certify an ObjectServer – Intelligence


If the user does not have this privilege, the Certify checkbox/menu item will be disabled. The proper Permissions(Browse, Read, Execute) on the object are also needed to enable this.
 If the user does not have this privilege, the Certify option in context menu will be hidden and the Certify option on Properties window will be disabled.
 
Browse, Read and Execute Permissions are also needed.
If the user has the Privilege but not the permissions, then an error message will be thrown once the user click Certify optionOpen a DossierClient – Web


If the user does not have this privilege, the Certify checkbox/menu item will be disabled. The proper Permissions(Browse, Read, Execute) on the object are also needed to enable this.
 If the user does not have this privilege, the Certify option in context menu will be hidden and the Certify option on Properties window will be disabled.
 
Browse, Read and Execute Permissions are also needed.
If the user has the Privilege but not the permissions, then an error message will be thrown once the user click Certify optionOpen a DossierClient – Web


If the user does not have this privilege, the Certify checkbox/menu item will be disabled. The proper Permissions(Browse, Read, Execute) on the object are also needed to enable this.
 If the user does not have this privilege, the Certify option in context menu will be hidden and the Certify option on Properties window will be disabled.
 
Browse, Read and Execute Permissions are also needed.
If the user has the Privilege but not the permissions, then an error message will be thrown once the user click Certify optionOpen a DossierClient – Web


If the user does not have this privilege, the Certify checkbox/menu item will be disabled. The proper Permissions(Browse, Read, Execute) on the object are also needed to enable this.
 If the user does not have this privilege, the Certify option in context menu will be hidden and the Certify option on Properties window will be disabled.
 
Browse, Read and Execute Permissions are also needed.
If the user has the Privilege but not the permissions, then an error message will be thrown once the user click Certify optionOpen a DossierClient – Web


If the User does not have this privilege, then the dossier will only open in Presentation Mode, not Open Without Data or Edit modes
 
“Open without Data” option in Context menu will be disabled.If the User does not have this privilege, then the dossier will only open in Presentation Mode, not Open Without Data or Edit modes
 
“Open without Data” option in Context menu will be disabled.Set Data Engine VersionServer – Intelligence


If the User does not have this privilege, then the dossier will only open in Presentation Mode, not Open Without Data or Edit modes
 
“Open without Data” option in Context menu will be disabled.If the User does not have this privilege, then the dossier will only open in Presentation Mode, not Open Without Data or Edit modes
 
“Open without Data” option in Context menu will be disabled.Set Data Engine VersionServer – Intelligence


If the User does not have this privilege, then the dossier will only open in Presentation Mode, not Open Without Data or Edit modes
 
“Open without Data” option in Context menu will be disabled.If the User does not have this privilege, then the dossier will only open in Presentation Mode, not Open Without Data or Edit modes
 
“Open without Data” option in Context menu will be disabled.Set Data Engine VersionServer – Intelligence


If the User does not have this privilege, then the dossier will only open in Presentation Mode, not Open Without Data or Edit modes
 
“Open without Data” option in Context menu will be disabled.If the User does not have this privilege, then the dossier will only open in Presentation Mode, not Open Without Data or Edit modes
 
“Open without Data” option in Context menu will be disabled.Set Data Engine VersionServer – Intelligence


 Right click an Application → Get Info (need Read permission on the Application). If the User does not have these privileges in the Environment, then Data Engine Version setting will be greyed out and not selectable, with a warning icon next to it.Right click an Application → Get Info (need Read permission on the Application). If the User does not have these privileges in the Environment, then Data Engine Version setting will be greyed out and not selectable, with a warning icon next to it.Add or Edit Security FiltersServer – Intelligence


 Right click an Application → Get Info (need Read permission on the Application). If the User does not have these privileges in the Environment, then Data Engine Version setting will be greyed out and not selectable, with a warning icon next to it.Right click an Application → Get Info (need Read permission on the Application). If the User does not have these privileges in the Environment, then Data Engine Version setting will be greyed out and not selectable, with a warning icon next to it.Add or Edit Security FiltersServer – Intelligence


 Right click an Application → Get Info (need Read permission on the Application). If the User does not have these privileges in the Environment, then Data Engine Version setting will be greyed out and not selectable, with a warning icon next to it.Right click an Application → Get Info (need Read permission on the Application). If the User does not have these privileges in the Environment, then Data Engine Version setting will be greyed out and not selectable, with a warning icon next to it.Add or Edit Security FiltersServer – Intelligence


 Right click an Application → Get Info (need Read permission on the Application). If the User does not have these privileges in the Environment, then Data Engine Version setting will be greyed out and not selectable, with a warning icon next to it.Right click an Application → Get Info (need Read permission on the Application). If the User does not have these privileges in the Environment, then Data Engine Version setting will be greyed out and not selectable, with a warning icon next to it.Add or Edit Security FiltersServer – Intelligence


Only Users with this Privilege will see the “Security Filters” column in an Object’s Get Info → Security Access tab (Need Read permission to access Get Info window).If the user does not have this privilege, an error will be thrown once he tries to save the security filter on Object’s Properties> Security Access tab (Need Read permission to access Get Info window).Application Get Info →  Application Access & Roles, Dataset Storage Quota, and Cache Management tabsServer – Intelligence


Only Users with this Privilege will see the “Security Filters” column in an Object’s Get Info → Security Access tab (Need Read permission to access Get Info window).If the user does not have this privilege, an error will be thrown once he tries to save the security filter on Object’s Properties> Security Access tab (Need Read permission to access Get Info window).Application Get Info →  Application Access & Roles, Dataset Storage Quota, and Cache Management tabsServer – Intelligence


Only Users with this Privilege will see the “Security Filters” column in an Object’s Get Info → Security Access tab (Need Read permission to access Get Info window).If the user does not have this privilege, an error will be thrown once he tries to save the security filter on Object’s Properties> Security Access tab (Need Read permission to access Get Info window).Application Get Info →  Application Access & Roles, Dataset Storage Quota, and Cache Management tabsServer – Intelligence


Only Users with this Privilege will see the “Security Filters” column in an Object’s Get Info → Security Access tab (Need Read permission to access Get Info window).If the user does not have this privilege, an error will be thrown once he tries to save the security filter on Object’s Properties> Security Access tab (Need Read permission to access Get Info window).Application Get Info →  Application Access & Roles, Dataset Storage Quota, and Cache Management tabsServer – Intelligence


Only Users with this Privilege will see the Application Access & Roles, Dataset Storage Quota, and Cache Management tabs in an Application’s Get Info window (Need Read permission to access Get Info window).Only Users with this Privilege will see the Cache Management tab in an Application’s Get Info window (Need Read permission to access Get Info window). Note: Windows does not have the Application Access & Roles or Dataset Storage Quota tabsObject Get Info → Advanced Settings tabClient – Architect


Only Users with this Privilege will see the Application Access & Roles, Dataset Storage Quota, and Cache Management tabs in an Application’s Get Info window (Need Read permission to access Get Info window).Only Users with this Privilege will see the Cache Management tab in an Application’s Get Info window (Need Read permission to access Get Info window). Note: Windows does not have the Application Access & Roles or Dataset Storage Quota tabsObject Get Info → Advanced Settings tabClient – Architect


Only Users with this Privilege will see the Application Access & Roles, Dataset Storage Quota, and Cache Management tabs in an Application’s Get Info window (Need Read permission to access Get Info window).Only Users with this Privilege will see the Cache Management tab in an Application’s Get Info window (Need Read permission to access Get Info window). Note: Windows does not have the Application Access & Roles or Dataset Storage Quota tabsObject Get Info → Advanced Settings tabClient – Architect


Only Users with this Privilege will see the Application Access & Roles, Dataset Storage Quota, and Cache Management tabs in an Application’s Get Info window (Need Read permission to access Get Info window).Only Users with this Privilege will see the Cache Management tab in an Application’s Get Info window (Need Read permission to access Get Info window). Note: Windows does not have the Application Access & Roles or Dataset Storage Quota tabsObject Get Info → Advanced Settings tabClient – Architect


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions

 
Permissions
 
Access rights, also known as permissions, are the per-user rights that can be granted or denied for an object. An object's Access Control List keeps track of all of the access rights that have been granted or denied to particular Users.
Note: There exists a Bypass all object security access checks privilege. A user with this privilege will bypass all access checks on them. This privilege is granted inherently to the Administrator, and the Administrator is the only User that can grant or revoke this privilege.
 
Below is a table outlining each of the rights and their descriptions. 


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions

*In Workstation, if a user does not have Control right on an Object, then options to add, delete, or modify ACLs for that Object will be disabled. In addition, the Owner of an Object will always inherently have Control right for that Object. 
 
 
Permissions can be managed in Workstation by right-clicking on the Object, selecting “Get Info”, and selecting the Security Access tab.

ka0PW0000001JlpYAE_0EM44000000Resv.jpeg

For convenience, Workstation provides commonly used default configurations for permissions. This is the name that displays in the Permissions column in the Security Access tab:
 


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Advanced Settings tab.Right click an Object → Get Info (need Read permission on the Object). Users without this privilege will not see the Edit icon for Properties on Advanced Settings tab.NameDescriptionBrowseA User/User Group with this right should be informed about the existence of the target object when browsing a list of objects.ReadA User/User Group with this right should be able to examine the complete definition of the target object in metadata or in memory.
 ExecuteA User/User Group with this right should be permitted to execute queries built using the target object.UseA User/User Group with this right should be permitted to include references to the target object in the definition of other objects.ModifyA User/User Group with this right is permitted to modify the target object and save the modification to metadata.DeleteA User/User Group with this right is permitted to delete the target object from metadata.Control*A User/User Group with this right is permitted to modify the access control list of the target. Display NamePermissions IncludedView Browse, Read, Use, and ExecuteModifyEverything in View, Write, and DeleteFull ControlAll PermissionsDenyNo Permissions


 
 
Permissions can also be individually viewed, granted and denied for custom configuration using the bottom bar. In the screenshot above, the Everyone row is selected, a User Group that has View access. The bottom bar thus shows the permissions granted: Browse, Read, Use, and Execute.
 
 
Advanced Options
 
In addition, when setting the ACLs for a folder in Workstation, administrators have the option to Apply to Enclosed Objects ("Cascade inheritable permissions to all child objects" in Windows). Selecting this checkbox means that the ACL settings for the folder currently being viewed will be applied to all of the children recursively. This means that all children, and children of children, etc., will have exactly the folder's ACL upon saving. In other words, the object's ACL will be overwritten and replaced with the current folder's ACL. This is different from the default behavior of Developer, which is to merge the existing ACLs of any children with the folder's ACL. If merge behavior is desired, it can be done through Developer. 

ka0PW0000001JlpYAE_0EM44000000RetA.jpeg

HyperIntelligence and Security Access
 
 
HyperIntelligence Cards deliver instant, inline, context-aware and personalized intelligence to Strategy users. In Strategy 2019, the primary form of consumption of Cards will be through a Google Chrome extension. Workstation provides a central place to create and manage multiple cards. Users can leverage the existing ACL infrastructure through Workstation to share their cards with other Strategy users. 
 
Cards differ from other Strategy objects in how the ACLs are determined upon creation. This is to enable the creator of the card to have explicit control over what Users and User Groups can consume the Cards. Unlike other Objects, Cards will follow these rules when setting ACLs:

  • No inheritance of ACLs from parent folder
  • Author user has Full Control
  • No other users should have any ACL defined for the card upon creation
  • Save as... option will replace the ACLs, giving the new author Full Control.
Comment

0 comments

Details

Knowledge Article

Published:

December 8, 2023

Last Updated:

March 21, 2024