Security Reports

Download the security reports to assess data security and determine which areas of the solution a user can access.

Overview

We recommend that you conduct regular audits of your permissions to ensure your data security is configured correctly. You can download the following security reports to help you assess your data security and determine which areas of the solution your users can access:

  • Permission Definitions: Examine your security definitions and see how your permissions have been configured in detail.
  • User Permission Report: See which permissions have been assigned to each user.
  • Data Security Report: Examine the populations and properties that a user has access to in detail.
  • Content Security Report: See the metrics, dimensions, and concepts that are visible or not visible for the user.
  • Security Impact Report: Examine how the security changes you made in the project change a user's access.

Tip: Create a pivot table to analyze the data included in the security reports.

Permissions Definition

Download the Permissions Definition to examine your security definitions in detail. Although you can't directly see what data a specific user has access to from this report, you can still get a detailed understanding of the data and property values that are accessible across each permission.

Note: This feature is also available through Visier's public APIs. For more information, see Users API.

  1. In a project, on the navigation bar, click Security > Permissions.

  2. Click Download Permissions in the upper-right corner of the Permissions room.

    Result: The report is generated as an .xlsx file and automatically begins downloading.

The report contains the following tabs and information:

Permission Summary Profiles

Breakdown of the analytic object and property access for each permission.

Column Description
Permission Display Name

The name of the permission.

Permission Description

An optional statement that explains what the permission is and how to use it.

Analytic Object Type

Analytic object types include subject, event, overlay, and related object.

Parent Analytic Object Name

The name of the subject that an event is associated with. This column is only populated when the permission defines data security for an event or related object.

Analytic Object Name

The name of the subject, event, overlay, or related object that data security is being defined for.

Inherited Unique Population Access The population access inherited from the subject listed in the Parent Analytic Object Name column.
Inherited Shareable Population Access The population access inherited from the subject listed in the Parent Analytic Object Name column. This column is populated when the population access for the Parent Analytic Object is set using a saved security filter.
Custom Unique Population Access The population access that is manually set.
Custom Shareable Population Access The population access that is manually set using a saved security filter.
Path to Property

The subject reference path that shows how two analytic objects are linked.

Shareable Property Set Name The name of the data access set used in the permission.
Property

The name of the property that data security is being defined for.

Has Data

Shows whether or not data has been loaded for the property. 1 indicates Yes/True and 0 indicates No/False.

Access Level

The level of access granted to the property and property values. 0 indicates None, 1 indicates Aggregate, and 2 indicates Detailed.

Full Access

Indicates whether full access to all data is granted by the permission. 1 indicates Yes/True and 0 indicates No/False.

Capability Profiles

Breakdown of the capability access for each permission.

Column Description
Permission Display Name

The name of the permission.

Permission Description

An optional statement that explains what the permission is and how to use it.

Capability The name of the capability.
Has Access Indicates whether access to the capability is granted by the permission. 1 indicates Yes/True and 0 indicates No/False.
Full Access Indicates whether access to all capabilities is granted by the permission. Indicates whether full access to all data is granted by the permission. 1 indicates Yes/True and 0 indicates No/False.

Content Packages

Visibility settings for analyses, metrics, dimensions, and key groups for each content package. See a list of permissions where the content package is currently being used.

Column Description
Permission Display Name

The name of the permission.

Permission Description

An optional statement that explains what the permission is and how to use it.

Content Package Name The name of the content package.
Visier Blueprint Indicates whether the analysis is provided by Visier. 1 indicates Yes/True and 0 indicates No/False.
Content Type Content types include analysis, dimension, key group, and metric.
Content Name The display name of the content.
Object Name The unique identifier of the content.
Enabled/Visible Indicates whether the content is available in Guidebook or Explore. 1 indicates Yes/True and 0 indicates No/False.
FilterBy Indicates whether the dimension or key group can be used to filter data in Explore. 1 indicates Yes/True and 0 indicates No/False.
GroupBy Indicates whether the dimension or key group can be used to group data in Explore. 1 indicates Yes/True and 0 indicates No/False.
Excluded Paths The hidden subject reference paths for the dimension or key group. A subject reference is a link between two analytic objects. Hiding paths will reduce the number of attributes that can be used to filter and group by. For example, if the path Requisition > Hiring Manager is excluded for the Age dimension, users will not be able to filter or group data by the Hiring Manager's age when analyzing a Requisition metric.

Data Access Sets

Breakdown of the property access for each saved data access set. Includes a list of permissions where each saved data access set is currently being used. Good for auditing data access set usage.

Column Description
Analytic Object Type

Analytic object types include subject, event, overlay, and related object.

Data Access Set Object The name of the subject.
Data Access Child Object The name of events and related objects associated with the subject listed in the Data Access Set Object column.
Shareable Property Set Name The name of the property set.
Path to Property

The subject reference path that shows how two analytic objects are linked.

Property

The name of the property that data security is being defined for.

Has Data

Shows whether or not data has been loaded for the property. 1 indicates Yes/True and 0 indicates No/False.

Access Level

The level of access granted to the property and property values. 0 indicates None, 1 indicates Aggregate, and 2 indicates Detailed.

Number of Permissions Using The total number of permissions using the data set.
Permission List The name of the permissions where the data set is being used.

Security Filters

Breakdown of member filters defined for each saved security filter. Includes a list of permissions where each security filter is currently being used.

Column Description
Filter Display Name The name of the security filter.
Analytic Object Name

The name of the subject, event, overlay, or related object that data security is being defined for.

Hierarchy/Dimension The name of the hierarchy or dimension which the security filter is based.
Path Shows the link between the analytic objects.
Member
  • For member filters, this column shows the attribute values that define the population.
  • For dynamic filters, this column shows the mapping between the user attribute and a property in your data.
Is Dynamic Indicates whether the security filter is a dynamic filter. 1 indicates Yes/True and 0 indicates No/False.
Included Indicates whether access is granted to the attribute values listed in the Member column. This column is only populated if a member filter is used. 1 indicates Yes/True and 0 indicates No/False.
Number of Permissions Using The total number of permissions using the security filter.
Permission List The name of the permissions where the security filter is being used.

User Permission Report

Download the User Permission Report to get a summary of the permissions your users have been assigned and see how each permission is being used across your user base.

Note: This feature is also available through Visier's public APIs. For more information, see Users API.

To download the User Permission Report:

  1. Do one of the following:
    OptionDo this
    In the global workspace

    On the global navigation bar, click Tenant, and then click the Users tab.

    In a project

    On the navigation bar, click Security > Users.

  2. Click the More button > User Permission Report in the upper-right corner of the Users room.

    Result: The report is generated as an .xlsx file and automatically begins downloading.

The report contains the following tabs and information:

User Permissions

Breakdown of the permissions assigned to each user.

Column Description
Username

The email of the user.

Name

The full name of the user.

Permission Display Name

The name of the permission.

User Group

The name of the User Group where the data access comes from. Assigned Directly indicates that data access was granted through an assigned permission and not through the membership in a User Group.

Full Access

Indicates whether full access to all data is granted by the permission. 1 indicates Yes/True and 0 indicates No/False.

Permission Usage

Breakdown of the permissions and the number of users and User Groups that have been assigned to each permission.

Column Description
Permission Display Name

The name of the permission.

Users Using Permission The total number of users assigned this permission.
User Groups Using Permission The total number of User Groups using this permission.

Data Security Report

Download the Data Security Report for a specific user to see which populations and properties they have access to as a result of the permissions assigned to them.

Note: This feature is also available through Visier's public APIs. For more information, see Users API.

To download the Data Security Report:

  1. Do one of the following:
    OptionDo this
    In the global workspace

    On the global navigation bar, click Tenant, and then click the Users tab.

    In a project

    On the navigation bar, click Security > Users.

  2. Select a user in the Users list.

  3. Click the Download Data Security Report in the User Details area.

    Result: The report is generated as an .xlsx file and automatically begins downloading.

The report contains the following tabs and information:

User Properties

Breakdown of the properties and population a user has access to. Includes a list of permissions that allows you to identify where the access comes from.

Column Description
Username

The email of the user.

Name

The full name of the user.

Property

The name of the property that data security is being defined for.

Access Level

The level of access granted to the property and property values. 0 indicates None, 1 indicates Aggregate, and 2 indicates Detailed.

Analytic Object Name

The name of the subject, event, overlay, or related object that data security is being defined for.

Parent Analytic Object Name

The name of the subject that an event is associated with. This column is only populated when the permission defines data security for an event or related object.

Path to Property

The subject reference path that shows how two analytic objects are linked.

Population Access The population of the analytic object that can be accessed.
Permission Display Name The name of the permission where the data access is defined.
User Group

The name of the User Group where the data access comes from. Assigned Directly indicates that data access was granted through an assigned permission and not through the membership in a User Group.

Content Security Report

Download the Content Security Report for a specific user to see which metrics, dimensions, and concepts are visible or invisible as result of the permissions assigned to them.

To download the Content Security Report:

  1. Do one of the following:
    OptionDo this
    In the global workspace

    On the global navigation bar, click Tenant, and then click the Users tab.

    In a project

    On the navigation bar, click Security > Users.

  2. Select a user in the Users list.

  3. Click the Download Content Security Report in the User Details area.

    Result: The report is generated as an .xlsx file and automatically begins downloading.

The report contains the following tabs:

  • Metrics Access
  • Dimensions Access
  • Concepts Access

Each tab contains the following information:

Column Description
Symbol Name

The unique object name of the object.

Display Name

The display name of the object.

Overall Visible in App Whether or not the object is visible to the user. For this value to be true, the following columns must also be true:
  • Flagged as Visible
  • Visible by Content Package
  • Data Loaded
  • Data Accessible
You can filter this column to "false" to view all the invisible objects for the user.
Flagged as Visible Whether or not the toggle "Visible in Analytics" is on or off for the object. You can filter this column to "false" to view all the objects that are not flagged as visible in the solution.
Visible by Content Package

Whether or not the object is made visible due to its assignment to a Content Package. You can filter this column to "false" to view all the objects that are not visible through a Content Package.

Data Loaded Whether or not the object has data loaded. You can filter this column to "false" to view all the objects that do not have data.
Data Accessible Whether or not the user can access the data for the object. For this value to be true, the Property Data Accessible column must be true for all its data properties.

You can filter this column to "false" to view all the objects that the user does not have permission to access.

Property Symbol Name The unique object name of the data property.
Property Display Name The display name of the data property.
Property Data Loaded Whether or not the property has data loaded.
Property Data Accessible Whether or not the user can access the data for the property.

Security Impact Report

Download the Security Impact Report for a specific user after making security changes in a project to see which metrics, dimensions, concepts, and properties the user will lose or gain access to as result of the project changes.

To download the Security Impact Report:

  1. In a project after making security changes, on the navigation bar, click Home.
  2. In the upper-right corner, click the More button > Download Security Impact Report.
  3. In the Download Security Impact Report dialog, hover over the user whose report you want to download.
  4. In the Actions menu, click the Download Report button .

    Result: The report is generated as an .xlsx file and automatically begins downloading.

The report contains the following tabs:

  • Metrics
  • Dimensions
  • Concepts
  • Properties

Each tab contains the following information:

Column Description
Username

The user's Visier username.

Name

The full name of the user.

Content Name

The name of the content that the security access is defined for.

Production Access Level

The level of access granted to the user in production.

Project Access Level The level of access granted to the user as a result of the security changes in the project. If you publish the project to production, the project access level replaces the production access level.