Access permissions (entity-level) for hierarchies and regimes
It is possible to edit the entity-level permissions for hierachies (Dataflow) and regimes (Economics and Financials), in the Tenant users and administrators and Tenant workgroups management interfaces. The workgroup permissions allow you to collectively modify the permissions for a group of user accounts.
The entity-level permissions set specified degrees of control, as in the table below, for all instances of that type of entity (that is, hierarchy node or regime). For example, a user may be granted Update permission for all regimes in the Economics application.
The entity-level permissions are additive with the instance-level permissions, which are set for each instance of a hierarchy node or regime within the Planning Space application (for details of how to do this, see the Planning Space User Manual). Thus, for example, a user can have Update permission for all Economics regimes, with extended Full Control permission for specific regimes, or the Update permission could be removed by setting Update to 'Deny' for a specific regime.
The rule 'Deny trumps Allow' takes precedence, thus a Deny setting at entity level cannot be over-ridden by an Allow setting at instance level.
In the Users interface, you can use the 'View Effective Permissions' tab to see the effective permission setting for a user account, after all of the different levels of permission have been combined.
| Permission setting | Description |
|---|---|
| Full Control | User can view, edit and delete all instances, and let other users define their permissions. |
| Assign | User can grant any permissions to other users and workgroups. |
| Read | User can view all instances. |
| Update | User can edit all instances. |
| Delete | User can delete all instances. |