Configuring Access Control

Setting up access control to secure your Workbench projects can take many possible forms, depending on the structure of your data and how you want your users to interact with it. For information about prerequisite items that you might need to prepare before working with the access tabs, such as setting up users and groups, properties, and project access, see Access Control Overview.

The following are the overall steps for working with the access control sub-tabs. Not all sub-tabs are applicable in all projects—use only those that are pertinent to your situation.

  1. On the File Access tab, set read and write permissions. See Setting File Access.
  2. On the cBase Access tab, set limit by details in the Row-Based Rules table to limit the row data that users can see, and set restrict/allow columns rules in the Column-Based Rules table to restrict which columns the users can see. See Setting cBase Access and Using the Restrict Column Editor.
  3. On the Model Access tab, set limit dimension by details in the Row-Based Rules table to limit row data that users can see, and set restrict/allow columns rules in the Column-Based Rules table to restrict which columns the users can see. See Setting Model Access and Using the Restrict Column Editor.
  4. On the DiveTab Access tab, set restrictions on what DiveTab areas (buttons) the users see. Note that cBase access rules also apply to DiveTab data pages. See Setting DiveTab Access.
  5. On the Audit Rules tab, set trigger dimensions and specify which columns cause an entry in the audit logs when these specific columns are viewed. See Setting Audit Rules.

NOTE:

  • It is a best practice to set access rules at the project level and select the Inherit from ancestor check box for each folder in the project whenever possible. However, there can be instances where you want to completely hide specific folders from users and need to remove the Inherit from ancestor setting.
  • If you are using the home project feature, you are required to set a home directory access pattern that sets appropriate access control rules for new users. For more information about the home project and the home directory pattern, see Home Project Overview and Setting the Home Directory Settings.

    You can also retrofit existing users to use the home project. The home project likely uses aliases to other projects, and you need to ensure that these users have project access and that the access control rules are set so users have appropriate access to data. For more information, see Retrofitting Users for the Home Project.

  • If you are not using the home project feature, but are using user home directories, you set access rules for those directories so that only the specific user has the ability to read and write to those directories. You might want to allow other users to have read access to these directories but not write access. For more information about creating home directories, see Creating Home Directories.