Use Data Access settings to restrict which data users can view in reports, assignments, and other application areas. Data access is configured through Organization & Workflow positions and applies to users assigned as position holders or delegates.
In this article, we will cover:
About Data Access Security
Data Access settings control which dimension members users can access throughout the application. Access restrictions are applied through Organization & Workflow positions rather than directly on user accounts.
When Data Access is configured:
Users see only the data permitted by their assigned position.
Restrictions apply to reports and assignments.
Access is controlled through secured dimensions.
Before You Begin
Before configuring Data Access restrictions, verify that the user is not assigned to the FullAccess role.
Users assigned to the FullAccess role are not subject to Data Access restrictions.
Also verify that the user is assigned to an Organization & Workflow position as either:
A position holder
A delegate
Configuring Data Access Restrictions
Assigning Data Access to a Position
Open Organization & Workflow.
Select the organization position associated with the user.
Open the Data Access tab.
Select the dimension you want to secure.
Select the member that users should be allowed to access.
-
Save the changes.
Users assigned to the selected position can access only the data permitted by the configured dimension member selections.
Configuring a Secured Dimension
Only secured dimensions are available in the Data Access configuration.
Enabling Dimension Security
Open Dimensions.
Select the dimension.
Open the Settings tab.
Enable Secured.
-
Save the changes.
The dimension becomes available for selection in Data Access settings.
Understand Available Dimensions
You may notice that only a subset of dimensions appears in the Data Access tab. This behavior is expected.
Why Some Dimensions Do Not Appear
Only dimensions with the Secured setting enabled are displayed in the Data Access configuration list.
If a dimension is not visible:
Open the dimension configuration.
Verify whether Secured is enabled.
Enable the setting if required.
Save the changes.
Data Access Workflow
The following sequence is required to implement user-level data restrictions:
Verify that the user is not assigned to the FullAccess role.
Assign the user as a position holder or delegate.
Configure Data Access on the organization position.
Secure the required dimensions.
Assign permitted dimension members.
Save the configuration.
Example
Assume you want users in a department manager position to see only a specific department.
Enable Secured on the department dimension.
Open the manager's organization position.
Open Data Access.
Select the department dimension.
Select the department member.
-
Save the changes.
Users assigned to that position can access data only for the selected department member.
Troubleshooting
| Issue | Resolution |
|---|---|
| User can see all data | Verify that the user is not assigned to the FullAccess role. |
| User restrictions are not applied | Verify that the user is assigned as a position holder or delegate. |
| Dimension does not appear in Data Access | Verify that the dimension is configured as Secured. |
| Data Access settings are unavailable | Verify that an Organization Position is selected. |
Best Practices
Configure Data Access through Organization & Workflow positions rather than individual users.
Use the FullAccess role only for users who require unrestricted visibility.
Secure only the dimensions that require access control.
Assign users to positions before configuring Data Access restrictions.
Review secured dimensions periodically to ensure access controls remain appropriate.
Additional Information
Data Access settings are configured on Organization Positions.
Users must be position holders or delegates for restrictions to apply.
FullAccess users bypass Data Access restrictions.
Only secured dimensions are available for Data Access configuration.
Data Access restrictions affect reports and assignments.