Security Reports
Download the security reports to assess data security and determine which areas of the solution a user can access.
Overview
We recommend that you conduct regular audits of your permissions to ensure your data security is configured correctly. You can download the following security reports to help you assess your data security and determine which areas of the solution your users can access:
- Permission Definitions: Examine your security definitions and see how your permissions have been configured in detail.
- User Permission Report: See which permissions have been assigned to each user.
- Data Security Report: Examine the populations and properties that a user has access to in detail.
- Content Security Report: See the metrics, dimensions, and concepts that are visible or not visible for the user.
Tip: Create a pivot table to analyze the data included in the security reports.
Permissions Definition
Download the Permissions Definition to examine your security definitions in detail. Although you can't directly see what data a specific user has access to from this report, you can still get a detailed understanding of the data and property values that are accessible across each permission.
Note: This feature is also available through Visier's public APIs. For more information, see User Management API.
-
In a project, on the navigation bar, click Security > Permissions.
- Click Download Permissions in the upper-right corner of the Permissions room.
Result: The report is generated as an .xlsx file and automatically begins downloading.
The report contains the following tabs and information:
Permission Summary Profiles
Breakdown of the analytic object and property access for each permission.
| Column | Description |
|---|---|
| Permission Display Name |
The name of the permission. |
| Permission Description |
An optional statement that explains what the permission is and how to use it. |
| Analytic Object Type |
Analytic object types include subject, event, overlay, and related object. |
| Parent Analytic Object Name |
The name of the subject that an event is associated with. This column is only populated when the permission defines data security for an event or related object. |
| Analytic Object Name |
The name of the subject, event, overlay, or related object that data security is being defined for. |
| Inherited Unique Population Access | The population access inherited from the subject listed in the Parent Analytic Object Name column. |
| Inherited Shareable Population Access | The population access inherited from the subject listed in the Parent Analytic Object Name column. This column is populated when the population access for the Parent Analytic Object is set using a saved security filter. |
| Custom Unique Population Access | The population access that is manually set. |
| Custom Shareable Population Access | The population access that is manually set using a saved security filter. |
| Path to Property |
The subject reference path that shows how two analytic objects are linked. |
| Shareable Property Set Name | The name of the data access set used in the permission. |
| Property |
The name of the property that data security is being defined for. |
| Has Data |
Shows whether or not data has been loaded for the property. 1 indicates Yes/True and 0 indicates No/False. |
| Access Level |
The level of access granted to the property and property values. 0 indicates None, 1 indicates Aggregate, and 2 indicates Detailed. |
| Full Access |
Indicates whether full access to all data is granted by the permission. 1 indicates Yes/True and 0 indicates No/False. |
Capability Profiles
Breakdown of the capability access for each permission.
| Column | Description |
|---|---|
| Permission Display Name |
The name of the permission. |
| Permission Description |
An optional statement that explains what the permission is and how to use it. |
| Capability | The name of the capability. |
| Has Access | Indicates whether access to the capability is granted by the permission. 1 indicates Yes/True and 0 indicates No/False. |
| Full Access | Indicates whether access to all capabilities is granted by the permission. Indicates whether full access to all data is granted by the permission. 1 indicates Yes/True and 0 indicates No/False. |
Content Packages
Visibility settings for analyses, metrics, dimensions, and key groups for each content package. See a list of permissions where the content package is currently being used.
| Column | Description |
|---|---|
| Permission Display Name |
The name of the permission. |
| Permission Description |
An optional statement that explains what the permission is and how to use it. |
| Content Package Name | The name of the content package. |
| Visier Blueprint | Indicates whether the analysis is provided by Visier. 1 indicates Yes/True and 0 indicates No/False. |
| Content Type | Content types include analysis, dimension, key group, and metric. |
| Content Name | The display name of the content. |
| Object Name | The unique identifier of the content. |
| Enabled/Visible | Indicates whether the content is available in Guidebook or Explore. 1 indicates Yes/True and 0 indicates No/False. |
| FilterBy | Indicates whether the dimension or key group can be used to filter data in Explore. 1 indicates Yes/True and 0 indicates No/False. |
| GroupBy | Indicates whether the dimension or key group can be used to group data in Explore. 1 indicates Yes/True and 0 indicates No/False. |
| Excluded Paths | The hidden subject reference paths for the dimension or key group. A subject reference is a link between two analytic objects. Hiding paths will reduce the number of attributes that can be used to filter and group by. For example, if the path Requisition > Hiring Manager is excluded for the Age dimension, users will not be able to filter or group data by the Hiring Manager's age when analyzing a Requisition metric. |
Data Access Sets
Breakdown of the property access for each saved data access set. Includes a list of permissions where each saved data access set is currently being used. Good for auditing data access set usage.
| Column | Description |
|---|---|
| Analytic Object Type |
Analytic object types include subject, event, overlay, and related object. |
| Data Access Set Object | The name of the subject. |
| Data Access Child Object | The name of events and related objects associated with the subject listed in the Data Access Set Object column. |
| Shareable Property Set Name | The name of the property set. |
| Path to Property |
The subject reference path that shows how two analytic objects are linked. |
| Property |
The name of the property that data security is being defined for. |
| Has Data |
Shows whether or not data has been loaded for the property. 1 indicates Yes/True and 0 indicates No/False. |
| Access Level |
The level of access granted to the property and property values. 0 indicates None, 1 indicates Aggregate, and 2 indicates Detailed. |
| Number of Permissions Using | The total number of permissions using the data set. |
| Permission List | The name of the permissions where the data set is being used. |
Security Filters
Breakdown of member filters defined for each saved security filter. Includes a list of permissions where each security filter is currently being used.
| Column | Description |
|---|---|
| Filter Display Name | The name of the security filter. |
| Analytic Object Name |
The name of the subject, event, overlay, or related object that data security is being defined for. |
| Hierarchy/Dimension | The name of the hierarchy or dimension which the security filter is based. |
| Path | Shows the link between the analytic objects. |
| Member |
|
| Is Dynamic | Indicates whether the security filter is a dynamic filter. 1 indicates Yes/True and 0 indicates No/False. |
| Included | Indicates whether access is granted to the attribute values listed in the Member column. This column is only populated if a member filter is used. 1 indicates Yes/True and 0 indicates No/False. |
| Number of Permissions Using | The total number of permissions using the security filter. |
| Permission List | The name of the permissions where the security filter is being used. |
User Permission Report
Download the User Permission Report to get a summary of the permissions your users have been assigned and see how each permission is being used across your user base.
Note: This feature is also available through Visier's public APIs. For more information, see User Management API.
To download the User Permission Report:
- Do one of the following:
Option Do this In the global workspace On the global navigation bar, click Tenant, and then click the Users tab.
In a project On the navigation bar, click Security > Users.
- Click the More button
> User Permission Report in the upper-right corner of the Users room.Result: The report is generated as an .xlsx file and automatically begins downloading.
The report contains the following tabs and information:
User Permissions
Breakdown of the permissions assigned to each user.
| Column | Description |
|---|---|
| Username |
The email of the user. |
| Name |
The full name of the user. |
| Permission Display Name |
The name of the permission. |
| User Group |
The name of the User Group where the data access comes from. Assigned Directly indicates that data access was granted through an assigned permission and not through the membership in a User Group. |
| Full Access |
Indicates whether full access to all data is granted by the permission. 1 indicates Yes/True and 0 indicates No/False. |
Permission Usage
Breakdown of the permissions and the number of users and User Groups that have been assigned to each permission.
| Column | Description |
|---|---|
| Permission Display Name |
The name of the permission. |
| Users Using Permission | The total number of users assigned this permission. |
| User Groups Using Permission | The total number of User Groups using this permission. |
Data Security Report
Download the Data Security Report for a specific user to see which populations and properties they have access to as a result of the permissions assigned to them.
Note: This feature is also available through Visier's public APIs. For more information, see User Management API.
To download the Data Security Report:
- Do one of the following:
Option Do this In the global workspace On the global navigation bar, click Tenant, and then click the Users tab.
In a project On the navigation bar, click Security > Users.
-
Select a user in the Users list.
- Click the Download Data Security Report in the User Details area.
Result: The report is generated as an .xlsx file and automatically begins downloading.
The report contains the following tabs and information:
User Properties
Breakdown of the properties and population a user has access to. Includes a list of permissions that allows you to identify where the access comes from.
| Column | Description |
|---|---|
| Username |
The email of the user. |
| Name |
The full name of the user. |
| Property |
The name of the property that data security is being defined for. |
| Access Level |
The level of access granted to the property and property values. 0 indicates None, 1 indicates Aggregate, and 2 indicates Detailed. |
| Analytic Object Name |
The name of the subject, event, overlay, or related object that data security is being defined for. |
| Parent Analytic Object Name |
The name of the subject that an event is associated with. This column is only populated when the permission defines data security for an event or related object. |
| Path to Property |
The subject reference path that shows how two analytic objects are linked. |
| Population Access | The population of the analytic object that can be accessed. |
| Permission Display Name | The name of the permission where the data access is defined. |
| User Group |
The name of the User Group where the data access comes from. Assigned Directly indicates that data access was granted through an assigned permission and not through the membership in a User Group. |
Content Security Report
Download the Content Security Report for a specific user to see which metrics, dimensions, and concepts are visible or invisible as result of the permissions assigned to them.
To download the Content Security Report:
- Do one of the following:
Option Do this In the global workspace On the global navigation bar, click Tenant, and then click the Users tab.
In a project On the navigation bar, click Security > Users.
-
Select a user in the Users list.
- Click the Download Content Security Report in the User Details area.
Result: The report is generated as an .xlsx file and automatically begins downloading.
The report contains the following tabs:
- Metrics Access
- Dimensions Access
- Concepts Access
Each tab contains the following information:
| Column | Description |
|---|---|
| Symbol Name |
The unique object name of the object. |
| Display Name |
The display name of the object. |
| Overall Visible in App | Whether or not the object is visible to the user. For this value to be true, the following columns must also be true:
|
| Flagged as Visible | Whether or not the toggle "Visible in Analytics" is on or off for the object. You can filter this column to "false" to view all the objects that are not flagged as visible in the solution. |
| Visible by Content Package |
Whether or not the object is made visible due to its assignment to a Content Package. You can filter this column to "false" to view all the objects that are not visible through a Content Package. |
| Data Loaded | Whether or not the object has data loaded. You can filter this column to "false" to view all the objects that do not have data. |
| Data Accessible | Whether or not the user can access the data for the object. For this value to be true, the Property Data Accessible column must be true for all its data properties. You can filter this column to "false" to view all the objects that the user does not have permission to access. |
| Property Symbol Name | The unique object name of the data property. |
| Property Display Name | The display name of the data property. |
| Property Data Loaded | Whether or not the property has data loaded. |
| Property Data Accessible | Whether or not the user can access the data for the property. |