Usually, before starting doing anything hands-on, we should collect requirements from the whole organization in order to build a matrix of user access. Moreover, we should specify what kind of permissions are granted to particular groups and users. The easiest and most transparent way is to design security according to organizational structure, that is, each department has one folder with its name in shared folders. In addition, we can create a name folder under the department folder. We recommend denying delete access in order to save content.
Let's imagine that we have just started to implement BI and the first users come from the following departments:
- Business Intelligence
- Sales
- Product
- Finance
Let's create these folders in Public Objects | Shared Folders.
After several meetings from departments, we came up with the following matrix:
Raw Level Access means that we should show Sales metrics of their region only. In addition, we can define privileges for groups or users. Let's assume that BI users have access to MicroStrategy Developer only and all businesses have only web access.
Before we start, we should create the following simple reports in the department folders:
- Sales department
- Orders by Country
- Attributes: Country Region Name
- Metrics: Internet Order Quantity, Reseller Order Quantity
- Sales by Country is free from SQL report with the following statement:
select a12.COUNTRYREGIONname COUNTRYREGIONCODE, a12.CITY CITY, sum(a11.SALESAMOUNT) WJXBFS1 from EDW.FACTINTERNETSALES a11 join EDW.DIMGEOGRAPHY a12 on (a11.SALESTERRITORYKEY =a12.SALESTERRITORYKEY) group by a12.COUNTRYREGIONCODE, a12.CITY
- Orders by Country
There is a screen of report definition:
- Product
- Cost by Product Name
- Attributes: Product Name
- Metrics: Total Cost
- Cost by Product Name
- Finance
- Revenue and Sales by Year
- Attributes: Calendar Year
- Metrics: Amount, Amount Revenue, Internet Profit, Internet Sales, Reseller Profit
- Revenue and Sales by Year
When we finish creating all reports, we can start to manage security in order to satisfy user access requirements.