The Diver Solution™ 6.2 Speeds Time to Value. Click HERE to learn more now.     		 Find Out About 6.2

 

Company Overview Capabilities Overview Industries Overview Services Overview Partners Overview Login Overview
Leadership Events News Resources Careers Contact
On Demand BI About 6.2 Data Integration Dashboards Analytics Reporting Alerts
Healthcare beverage-alcohol publishing finance government higher education
education techsupport consulting on-demand platforms tips
domestic international benefits inquiries
customers Distributors
 
Services > Tips & Tricks > DiveLine ACL Tip
   

Tips and Tricks

To access our tip & trick library, CLICK HERE.

  

diveline acl tip

Bookmark and Share

DiveLine Administrators, looking for a best practice when configuring Access Control Lists (ACL’s)? Grouping Users and applying a Default File ACL can expedite the configuration, and maintenance, of controlling access to DiveLine data.

All objects are controlled by an Access Control List (ACL). In Security Level 2, an object is inaccessible unless Users or Groups are added to its ACL. Typically, in DI project directories there are several Model files. For the DiveLine Administrator, this could become a cumbersome process. By grouping Users and assigning those Groups to the Default File ACL, you save time. How? First, a Group can be assigned to an ACL and Users can be easily moved in or out of the Group. Second, the Limits and Deletes can be applied at the Default File level and the restriction can cascade to all files within that directory, so long as the file does not have its own ACL.

Step 1: Create the Groups and its Members (Figure 1).

a. Open DI-Config as an Administrator.
b. Select DI-DiveLine Config’s Groups tab.
c. Click on the New Group… button.
d. Type in a Group Name.
e. Click on the Members… button to select Users for the Group.

In this example, the Group name is Sales and three (3) Users are members.

Now edit the Default File ACL:

Step 2: Add the Group to the Default File ACL (Figure 2).

a. Select DI-DiveLine Config’s ACL tab.
b. Click on the Default File ACL in the Server Tree.
c. Click on the Edit Members… button to select (add) the Group.

Step 3: Edit the Sales Group’s ACL Entry Properties, Data Access (Figure 3).

This is accessed by double clicking the Sales entry in the Member listing.

a. Click on the Edit… button, in the Data Access section, to open the Edit ACL Entry Deletes dialog.

Now, edit the ACL Entry Deletes.

Because the Delete (and/or Limit) is being added from the default file level, the Available Columns listing is blank. However, the Summary columns are added by typing them in.

Step 4: Add Delete Values (Figure 4).

a. In the Edit ACL Entry Deletes dialog, type in the Column name. In this example “Revenue” is being added. Any Dimension, Summary and Info Field Columns can be added.
b. Click the Add button.
c. Click the OK button to close the Edit ACL Entry Deletes dialog.
d. Click the OK button in the ACL Entry Properties dialog to close.

Multiple columns can be added by repeating Steps 4a & 4b. Figure 5 illustrates two (2) deletes have been added.

Similar steps are taken if Dimensions values are limited.

Step 5: Review the ACL configuration (Figure 5).

a. Notice the Default File ACL member configuration – the group Sales’ Limits/Deletes indicates: 0 limits, 2 deletes.
b. Click on a Model file. Provided that it does not have its own ACL, the Default File ACL configuration is applied.

Step 6: Save the Changes

a. Click the Save and Exit button.

For DiveLine Administrators, assigning a Group to a file ACL and maintaining its User membership simplifies the privileges configuration process. When the ACL is configured at the Default File ACL level, the privileges cascade through the directory tree.

Bonus

The DiveLine process for determining Access is not the same for releases prior to 6.2 DiveLine.

6.1 and prior:

  • First, determines whether a specific ACL or default ACL should be used.
  • Second, checks for access granted explicitly to a User and their privileges (limits and deletes).
  • Third, if the User is not explicitly listed, checks for a Group that the User is listed in. When the User is in more than one Group in the ACL, the first Group’s privileges are used. Therefore, the listing order of Groups on a directory or file ACL matters.
  • Finally, if the User is not explicitly listed nor is the User in a listed Group, checks if “Star User” has access granted and any respective privileges.

6.2:

  • First, determines whether a specific ACL or default ACL should be used.
  • Second, determines the User and Group membership list.
  • Third, checks for access granted explicitly to a User and their privileges (limits and deletes).
  • Fourth, if the User is not explicitly listed, checks for a Group that the User is listed in. When the User is in more than one Group that have different privileges on the file, access decisions are additive in the following manner: Deletes are merged; Limits on the same Dimension are additive; Limits on different Dimensions are combined.
  • Finally, if the User is not explicitly listed nor is the User in a listed Group, checks if “Star User” has access granted and any respective privileges.

 

  

 

Figure 1: ‘Sales’ Group Profile dialog box

Figure 2: Default File ACL with the ‘Sales’ Group

Figure 3: ACL Entry Properties

Figure 4: Adding Summary Columns to be deleted.

Figure 5: Default File ACL is applied to a Model ACL.

 

  
Contact Go to iLinc Privacy Policy Site Map
Copyright ©  Dimensional Insight. All rights reserved.