Add Access to Items

Configure data security for the different items users can access.

Note: If the More Security Around Data Access Management feature is enabled, you will need access to all data, such as the Super Admin permission, to perform this task. For more information, see More security around data access management.

In a permission, you can configure data security for the different items users can access such as analytic objects, managed plans, and if enabled, sources data categories, and targets.

Analytic objects

You can configure data security for the analytic objects that can be accessed in the solution. Analytic objects are organized into two categories: subjects and overlays.

Subjects include analytic objects like applicants, candidates, employees, and requisitions. When you add access to a subject, you'll also be granting access to any associated events and related objects. For example, when you add access to the Employee subject, you'll also be defining access to events such as Employee Exit and Pay Change Events as well as related objects such as Assignments and Certifications. Events and related objects are typically items that don't have any meaning without the subject. For example, it would not make sense to have access to the Employee Exit event (terminations) without having access to the employee data for the individual who was terminated. By default, events and related objects will inherit the data security configurations from the subject.
Overlays are a collection of aggregated data that are used to support key business comparisons. Overlays include analytic objects like Engagement and Benchmarks.

Sources

Limited Availability

You can configure data security to give access to data sources. Sources store data for your solution and are used to map to data load targets, such as analytic objects in Visier's data model. For more information, see Sources.

When you provide access to a source, you're granting access to data associated with the source. For example, if you grant access to the Employee source, any user assigned this permission can see all data ever uploaded to the Employee source. Source security does not allow a user to edit the source definition, such as the file regex. This can only be done by users with access to all data to prevent unauthorized users from changing how data is assigned to sources.

Users who are granted source access through permissions can:

Create and edit mappings.
- For lookup mappings, a permission only needs to include source access.
- For regular, auxiliary, and correction mappings, a permission must include source, data category, and target access. A user can only create or edit the mappings from the sources and targets they have access to.
View all data associated with a source.
View source configuration, but can't change the source configuration.
View data files that they uploaded to Visier, even if the files aren't connected to the sources that the user has access to.
Include or exclude uploaded files in the source. For more information, see Add or Remove Records from a Source.

Note:

Users can see all uploaded files for a source that they have source access to, including files uploaded by other users. If a user uploads a file that connects to a source they don't have access to, the user cannot view or delete the file after uploading it. Only users with access to all data can see all uploaded files.

Granting source access does not automatically provide access to data load targets or analytic objects within the solution.

Data categories and targets

Limited Availability

You can configure data security to give access to data categories and targets for data loading and validation workflows. A data category represents a dataset loaded into Visier and contains the instructions that bring together mappings from your source data to the target objects within Visier's data model. For more information, see Data Categories.

When you provide access to a data category and specific targets, you are giving visibility into all associated data with those targets. Users who are granted data categories and targets access through permissions can:

Create and edit regular, auxiliary, and correction mappings if the permission includes source, data category, and target access. A user can only create or edit the mappings from the sources and targets they have access to.
Create or edit rules (business rules, system rules, and multi-subject rules).
View debugging information from all sources for the specified targets in the Debug Inspector. Granting access to individual subjects will also provide visibility to the debug information of all their child events.

Note:

Granting data category and target access does not automatically provide access to sources or analytic objects within the solution.
A user with access to all data, such as the Super Admin permission, has access to all sources, data categories and targets by default.

Managed plans

You might configure data security to give access to managed plans. Managed plans are plans created in Studio that allow you to configure security to limit plan visibility. When you provide access to a managed plan, you're granting access to plan items and segmentation within the plan.

Plan item security determines which plan items are visible to the user, such as Base Pay. Segmentation security determines which rows of the plan are visible based on access to the plan’s hierarchy members, such as Location. You must configure data security in order for users to view the plan. When you share a plan with users, they will only see the plan data that you have granted them access to through their permission. Plan values they do not have access to will be blank.

Add items to a permission

If target security is enabled, see Setting access with target security enabled.

In a project, on the navigation bar, click Security > Permissions.
Select a permission.
In a permission, click the Data security tab and then click Add access.
In the Select the data dialog, select the items that users with this permission can access and then click Finish.
Result: Population and data access configurations appear for analytic objects. To configure custom population access, see Security Filters. To configure data access, see Data Access Sets.

Setting access with target security enabled

In a project, on the navigation bar, click Security > Permissions.
Select a permission.
In a permission, click the Data security tab and then click Set access.
Select an access type from the list.

In the Set access dialog, do one of the following:

To add access to	Do this
Analytic objects or sources	Select the items that users with this permission can access. Click Add. Result: Population and data access configurations appear for analytic objects. To configure custom population access, see Security Filters. To configure data access, see Data Access Sets.
Targets within a data category	Select the data category that users with this permission can access. In the selected data category, click Add targets. In the Select targets dialog, select the targets that users with this permission can access and then click Select. Click Save.
All current and future targets in a data category	Select the data category that users with this permission can access. In the selected data category, select All current and future targets from the list. Click Save.

To add access to

Do this

Analytic objects or sources

Select the items that users with this permission can access.
Click Add.

Result: Population and data access configurations appear for analytic objects. To configure custom population access, see Security Filters. To configure data access, see Data Access Sets.

Targets within a data category

Select the data category that users with this permission can access.
In the selected data category, click Add targets.
In the Select targets dialog, select the targets that users with this permission can access and then click Select.
Click Save.

All current and future targets in a data category

Select the data category that users with this permission can access.
In the selected data category, select All current and future targets from the list.
Click Save.

Remove or restrict access to items

In a project, on the navigation bar, click Security > Permissions.
Select a permission.
In a permission, click the Data security tab.

Do one of the following:

To	Do this
Remove access to analytic objects or sources	Hover over the item you want to remove access to and click the Remove access button .
Restrict access to an event or related object for a subject	Hover over the analytic object you want to restrict and click the toggle button.
Edit access to the targets in a data category	Click Set access. Select Data categories and targets from the access type list. In the Set access dialog, select the data category you want to edit and then click Edit targets. In the Select targets dialog, select targets or clear previously selected targets and then click Add. Click Save.