Role Configuration Guidelines

Use these guidelines to configure roles in a way that ensures appropriate access to features, protects sensitive data, and supports your organization’s governance model.

This topic builds on the general role setup described in the Roles topic by offering best practices for assigning permissions to the predefined SECURITY and BASIC roles.

General Guidelines

  1. Understand the default roles: Before assigning permissions, it's important to to understand the purpose of each predefined role:

    • SECURITY
      Intended for administrators or super-users who manage data models, OLAP cubes, governance rules, distribution jobs, and environment configurations.

    • BASIC
      Designed for users who use existing reports, dashboards, and views, and may create their own versions. This role should not have permissions that allow system-wide changes.

  2. Assign only the required permissions: Grant only the permissions needed for the person to complete their tasks.

    • SECURITY
      Select all permissions required for full platform access, including creating, modifying, and deleting data models, views, and procedures.

    • BASIC
      Assign permissions that allow interaction with content, such as viewing and creating dashboards or reports. Avoid permissions that affect data models or system-level configurations.

    Tip

    Assign each role to a test account and verify that the permissions allow the expected tasks without exposing unnecessary features.

  3. Renew and update roles regularly: As your organization grows or new features are introduced, revisit the role configurations to make sure they still align with your security requirements and business needs.

  4. Track permission changes: Maintain a log of all changes to role permissions. This can help with audits, troubleshooting, and understanding access history.

Recommended permissions

The following tables outline the recommended permission values for the default SECURITY and BASIC roles:

General Roles

Category Permission Basic Security
Overview  
Administration

Manage Security

Manage Global Parameters

Manage Global Variables

Manage Distribution

Manage External Locations

Environment & Data Sources

Manage Global Scripts

Manage Application Links

Manage Global Selection Pages

Manage License Information

Manage Dictionary

Languages

Manage Excel Publish

OLAP Manager

Create Installation Template

Manage Installation Template

Import Template

Manage Data Warehouse

Manage Reporting Trees

 

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

Command Center

Organize Command Center Data Models

Organize Command Center Views

Create Data Model

 

P

P

P

P

Folder

Create

Rename

Delete

P

P

P

P

P

P

Dashboard

Rename

Change Publish for

Change Owner

Lock or Unlock

Open

Create

Design

Save As

Delete

Subscribe to Distribution

Add other emails in To, Cc and Bcc

Send Comment

Export

Print

Use Filtering Function

P

P

P

P

P

P

P

P

P

P

 

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

Reports

Rename

Change Publish for

Change Owner

Lock or Unlock

Open

Create

Design

Save As

Delete

Subscribe for Distribution

Add other emails in To, Cc and Bcc

Send Comment

Export

Print

Use filtering function

P

P

P

P

P

P

P

P

P

P

 

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

Excel Add-in

Formula wizard

Formula drill-down

Data Entry

Link to formula

Pivot Table

Pivot Table Refresh

Duplicator

Data Extraction

Data Extraction Refresh

Prompt

Quick Prompt

Create Static Copy

References Configuration

Change Password

Open View

Refresh Formulas

Data Model Configurations

Environment Configurations

Reporting Tree Selector

Reporting Tree Node Selector

Reporting Tree Duplicator

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

Workbook

Copy Folder

Rename

Create

Save As

Delete

Toolbar Visibility

P

P

P

P

P

P

P

P

P

P

P

P

OLAP Manager

Add and Save Cube

Copy and Delete Cube

Navigation

Build

Load All

Refresh

   P

P

P

P

P

P

 

Data Model Roles

Category Roles Basic Security
Overview  
Data Model

Design

Copy Data Model

Overwrite Data Model

Manage Selection Pages

Manage Data Model Parameters

Manage Stored Procedures

Translate Data Model

Manage Info Pages

View Info Pages

Create Documentation

View Documentation

Rename

Delete

 

 

 

 

 

 

 

 

 

P

 

P

P

P

P

P

P

P

P

P

P

P

P

P

P

View

Rename

Change Publish for

Change Owner

Lock or Unlock

Edit Prompt Selection on Open

Open

Save

Create

Save As

Delete

Subscribe to Distribution

Add other emails in To, Cc and Bcc

Send Comment

Export

Print

Use Data Entry

 P

P

P

P

P

P

P

P

P

P

P

 

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

Calculated Column

Create

Edit

Delete

 P

P

P

P

P

P

Filter

Create

Save

Rename

Change Publish for

Change Owner

Lock or Unlock View

Apply Predefined Filters

Delete

Use Filtering Function

Edit Advanced Filter

 P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

P

 

By following these best practices and detailed steps, administrators will establish a robust permissions system that aligns with organizational security policies and enhances the user experience in SEI.

Note

Role assignments and permissions contain sensitive information. Only authorized personnel should view or modify these settings.