Group ACLs

Access control lists (permissions or access rights) can be assigned to user groups. Each space can have groups that contain users and have access rights. Users can be members of multiple groups. The users in a group get the access rights assigned to the group.

Example Scenario for Groups

Use groups and ACLs to assign rights according to user roles. For example, you could have three roles: Admins, Analysts, and Business Users. You can create the groups and and assign ACLs to each group.

  • Admins: AdvancedAdmin, EditReportCatalog
  • Analysts: Adhoc, EditDashboard, ModifySavedExpressionsAllowed
  • Business Users: EnableDownload, EnableBookmarks, ExploreInVisualizer, SelfScheduleAllowed

In this example, the administrators would be members of all three groups, the analysts who create reports and dashboards would be in the Analysts and Business Users groups, and end users would be in the Business Users group.

To add or remove ACLs from a group

Use the ACL names in the table below for the ACL_tag in the addacltogroup and removeaclfromgroup commands in the Command Window to add ACLs to a group or remove ACLs from a group:

addacltogroup space_name group_name ACL_tag

removeaclfromgroup space_name group_name ACL_tag

Important: After assigning ACLs to a group, the users in that group need to log out and log back in before the permissions take effect.

Tip: You can set many of the ACLs in the user interface at Admin - Manage Access - Manage Groups.

ACL Tag Name on Manage Groups Tab Allows Users in the Group to...
Adhoc Designer Access Access Designer.
AdvancedAdmin Not Available in Manage Groups tab

Access the advanced administration options at Hierarchies - Advanced and at Manage Sources - Grain - Specify Override Level Key Columns. These buttons are inactive when this ACL is not enabled. Also access Data Flow - Add - Add Inherited Source.

Only Account Administrators can grant the AdvancedAdmin ACL.

EditDashboard Edit Dashboard Create and edit Original Dashboards and Dashboards 2.0.
EditReportCatalog Edit Report Catalog Rename files and folders, delete files and folders and create new folders from Designer and Original Dashboards.
EnableBookmarks Enable Bookmarks Use bookmarks in Dashboards 2.0.
EnableDownload Enable Download Export to file (csv, xls, etc.) from Designer, Visualizer, Original Dashboards, and Dashboards 2.0.
Visualizer Visualizer Access Access to Visualizer. (This ACL used to be called "EnableVisualizer".)
ExploreInVisualizer Dashboard Visualizer Exploration Use the Explore in Visualizer dashlet option for end users of Dashboards 2.0. Applies to Visualizer reports only.
SelfScheduleAllowed Enable Self Schedule Schedule reports to be delivered from Original Dashboards and Dashboards 2.0.
ModifySaved-
ExpressionsAllowed
Modify Saved Expression Create and modify saved expressions in Designer. In Visualizer a user requires this permission to make an expression global.
NewDashboard Not Available This ACL is deprecated (5.22). Access to Dashboards 2.0 no longer requires an ACL.
storytellingAccess Enable Storytelling Allows Users in the Group to access storytelling on mobile devices.

See Also: