Data-level security
In addition to the modules and features a user group can access, the model uses this type of data-level security:
- Data-security is applied on fact tables and domain specific dimensions. Conformed dimensions are not secured due to ETL reasons.
- Company data access on fact- and domain-specific dimensions is inherited from LN (ttams460). Members of the LNBIRST-Exemption All Security are exempt from this security.
- LN Authorization and Security (tcsec) is not implemented for LN Analytics.
- For each fact table, the data security filter on Company (Company_Key column) is enabled.
When the fact table is also targeted to the Financial Company, a data security filter is
available on Financial Company (Financial_Company_Key column). However, this filter is
disabled, which is in line with default LN behavior.
For example, if a user does not have access to the financial company in which financial
transactions takes place, the user can still see the sales orders in LN. To enable the Financial
Company filter, customers must enable the financial company data security in
each space.Note: In the Finance space, there is no Financial Company data security filter, because the Company data security is already sufficient.
In LN Analytics, row level data security is applied in the fact-related model spaces. In these spaces, fact tables and domain-specific dimensions are secured for the Company and Financial Company. Users can view the KPI and dashboard values only for the companies they can see in LN. There are no company restrictions on conformed dimensions.
This table shows examples of the scenarios that can be applicable:
| Scenario | Access |
|---|---|
| Users have access to company 100 in LN, do not have access to company 200, and are no member of the LNBIRST-Exemption All Security IFS role. |
|
| Users have access to company 100 and 200 in LN, or are member of the LNBIRST-Exemption All Security IFS role. |
|
See Company data security for further details.