Detailed View Across Multiple Permissions
Learn how assigning multiple permissions to a user can impact what they see in the Detailed View visual.
Overview
It's important to understand how security can impact what the user sees in the Detailed View visual. A user's security is set to include one or more permissions, which define what parts of the organization a user can view. The data access determines the types of data they can view such as ethnicity, age, and gender. Therefore, your users can have different levels of access to different parts of the organization.
Attributes that are hidden via content packages will still appear in Detailed View. For more information, see Content Packages.
So, what happens when users select Detailed View on a portion of the population to which they have mixed access? Our security model is additive in nature, which means that if you have multiple permissions granted to you, your security is the sum of the access from each. This also applies to Detailed View.
How Detailed View data is filtered
Detailed View data is filtered in the following ways:
- The fields that show data access for each employee in Detailed View are limited based on the data access that the user is granted. If the user's combined data access doesn't allow the access to see Ethnicity data for a portion of the employee population, then this data is not provided for each employee where it’s restricted.
- If security filters are applied to the user, such as Location=USA, then only employees that fall within the filter criteria are visible.
- Metrics are calculated based on attributes. The given security permissions are defined by securing these attributes and not the metrics. Whether a user is able to see Detailed View on the population depends on what metrics and groupings the user has selected. Several examples that highlight how the metrics and attributes impact what the user sees are described next.
Example:
In the following examples, security is set such that the user has:
- Detailed rights to view Birthdate, which is used to calculate Age, for subpopulation A.
- Aggregate rights to Birthdate for the subpopulation B.
Example A: The user is viewing the Age metric and can see the average age across each subpopulation.
When the user views the details on subpopulation A, the user can see each employee and can view their Birthdate. When the user views the details on subpopulation B, the user can see all the employees, however the Birthdate field is blank.
Example B: The user is viewing Headcount grouped by Age for the entire population.
Detailed View on any of the Age ranges only shows those employees for whom the user has access rights to their Birthdate. The other employees are omitted from Detailed View, however they are included in the aggregate count.
Example C: The user is viewing Headcount grouped by Age for subpopulation B.
The user sees the results for the Age ranges, however when the user attempts to access Detailed View, no results are returned. Instead a message shows that indicates that the employee list is hidden due to security restrictions.
Because of the filtering rules what the user sees in Detailed View will be specific to the user’s security and may be unique for each user. This behavior is an important consideration when users are validating the data or downloading data as an XLSX file.