Understanding Functional and Access Roles

In this section:

Reference:

PMF provides you with the flexibility to create, modify, and set access levels for functional roles and access roles. A functional role is a class of user that controls access to systems when performing work in PMF. An access role is created and assigned to a group of users who are granted the same level of access to the measures and dimensions in PMF.

Administrators can edit functional roles to control the system-level functions each type of user is allowed to perform. Users are assigned one of the functional roles that ship with PMF, which are Admin w Access Security, Administrator, Analyst, Author, Consumer, and Planner. You can also add as many new functional roles as are needed for maintenance of your system.

In most organizations, a Business Strategy Committee has the responsibility to assign functional roles. By default, when a user is added to the PMF application, the user is assigned an administrator role. Because an administrator grants user IDs and passwords, you should assign each user an appropriate functional role for their area of responsibility in your organization.


Top of page

x
Planning Considerations for Functional Roles

When you determine functional roles, consider the following factors:

All others will generally be granted user access, though there might be exceptions based on the particular needs of your installation.


Top of page

x
Working With Functional Roles

How to:

Reference:

Functional roles are assigned to each user in the New Owner and Edit Owner panels, and determine access to the systems throughout PMF.



x
Procedure: How to Create a New Functional Role

Before you set up a new functional role, you must set up a corresponding group in Managed Reporting using the Managed Reporting Administration Interface. For details about using this interface, see the WebFOCUS Managed Reporting Administrator's Manual.

  1. In the Manage tab, click the Functional Roles panel button.
  2. Click New.

    The New Functional Role panel opens, as shown in the following image.

    New Functional Role panel

  3. In the Role ID field, type a unique identifier for the functional role. The maximum number of characters is eight. This field cannot be edited after the functional role is created.
  4. In the Role Name field, type an intuitive name for the role. The maximum number of characters is 20. This name appears in selection lists.
  5. Select access levels from the drop-down menus for each of the PMF settings listed in the panel. Choose from the following access level values:
    • Admin
    • Editor
    • No Access
    • Admin (if owner) else Editor
    • Admin (if owner) else Viewer
    • Viewer

    For more information about setting access levels, see Access Levels for Functional Roles.

    The systems listed in the panel include Scorecard Objects, Security Settings, Dimensions, Measures Loads & Metadata, Gadgets and Dashboard Designs, Tasks, Processes, Projects, System Objects & Settings, Actuals, Targets, Benchmarks, Forecasts, and Stretches. For more information about these fields, see Fields in the Functional Role Panels.

  6. Click Save when you have finished selecting appropriate access levels for all settings. The tree refreshes to show the new functional role.


x
Reference: Fields in the Functional Role Panels

The Functional Role panels contain three fields that are manually entered. The Role ID, which is a permanent ID used to track a role (cannot be edited after the role is created), the Role Name, and the Description.

The following table lists and describes the fields you can use to set access levels in the New Functional Role and Edit Functional Role panels.

Field

Controls the ability to add/change/delete/view

Scorecard objects

Scorecards, Perspectives, Objectives, Objective-to-Measure Linkages, Objective-to-Measure Weights, and Themes.

Security settings

Access Roles and Owners.

Dimensions

Dimension designs and Dimension loads.

Sources, Fields & Measures

Source Loads, Field designs & Measure metadata.

Gadgets & Dashboard Designs

Gadgets, Gadget Default Settings, Dashboard Designs.

Tasks

Measures Tasks.

Feedback

Feedback for a Measure.

Processes

Processes.

Projects

Projects and Project Measures.

System objects & settings

PMF System Settings, Time Ranges, Units of Measure, and Content (including links to external web content and WebFOCUS operational reports).

Data Mart

Snapshots, Audit, and resynch.

Actuals

Measures Actuals data entry for User-Entered Measures.

Targets

Measures Targets data entry for User-Entered Measures.

Benchmarks

Measures Benchmarks data entry for User-Entered Measures.

Forecasts

Measures Forecasts data entry for User-Entered Measures.

Stretches

Measures Stretch Targets data entry for User-Entered Measures.



x
Procedure: How to Edit Functional Role Properties
  1. To edit an existing functional role, navigate to the Functional Roles tree structure and click the role you want to change.

    The Edit Functional Role panel opens for that role.

  2. Make the changes you want and click Save when you have finished.

Editing a functional role changes program access for all users currently connected to that role, so make changes carefully. Also, it is possible to remove other functional roles access to change owners. As a result, no users would be able to change program access within PMF. If this happens, contact Customer Support Services.

Note: If you rename a functional role, you must update the dashboard for that new role name in the Dashboard View Builder.



x
Procedure: How to Delete a Functional Role
  1. To delete an existing functional role, navigate to the Functional Roles tree structure and click the functional role you want to delete.

    The Edit Functional Role panel opens for that role.

  2. Click Delete and then click OK to confirm the deletion.

Caution: Deleting a functional role deletes program access for all users currently connected to that role, so make changes carefully. Also, it is possible to delete the last functional role that has access to change owners. As a result, no users would be able to change program access within PMF. If this happens, contact Customer Support Services.



x
Procedure: How to Limit Functional Roles to Enter Only Actual or Target Values

By default, all functional roles are given Admin access. You can limit users to input only actuals or only targets, by editing the functional role to which they belong using the Edit Functional Role panel.

  1. Navigate to the Functional Roles tree structure and select the functional role assigned to the users that should have limited access to entering actual or target values.

    The Edit Functional Role panel opens for that role.

  2. To prevent users of this functional role from:
    • Entering Actuals values, select Viewer from the Actuals drop-down menu.
    • Entering Targets values, select Viewer from the Targets drop-down menu.
  3. Click Save.


x
Reference: Access Levels for Functional Roles

The following table lists and describes the different access levels that can be set for functional roles.

Access Level

Description

Admin

Allows add/change/delete/view access to object forms, and to any dependent objects, if applicable.

Editor

Allows change/view access to object forms, and to any dependent objects, if applicable.

Admin (if owner) else Editor

Access depends on object Ownership.

If the Owner is designated as the object Owner, they are given add/change/delete/view access to object forms, and to any dependent objects, if applicable.

If the Owner is not designated as the object Owner, they are given change/view access to object forms, and to any dependent objects, if applicable.

Admin (if owner) else Viewer

Access depends on object Ownership.

If the Owner is designated as the object Owner, they are given add/change/delete/view access to object forms, and to any dependent objects, if applicable.

If the Owner is not designated as the object Owner, they are given view-only access to object forms, and to any dependent objects, if applicable.

Viewer

Allows view-only access to object forms, and to any dependent objects, if applicable.

No Access

Does not allow the user to view object forms.

Note: If a role does not have a corresponding access to the tab in question, it does not make sense to grant read/write access. For example, by default, consumers and analysts have no access to the Manage tab. If you grant them access to Add/Change/Delete Owners, it is meaningless unless you add that tab to their Group View as well.

Caution: Deleting a functional role deletes program access for all users currently connected to that role, so make changes carefully. Also, it is possible to delete the last functional role that has access to change owners. As a result, no users would be able to change program access within PMF. If this happens, contact Customer Support Services.



x
Reference: Gadgets and Dashboard Design Security

The following table lists the security settings that are available in PMF for gadgets and dashboards.

Security Setting

Authorized to...

Admin

  • Create Public and Private dashboards.
  • Delete Public and Private dashboards.
  • Edit (Save) Public dashboards.
  • Change dashboard parameters.
  • Change dashboard viewed.

Editor

  • Create Private dashboards ONLY.
  • Delete Private dashboards ONLY.
  • Change dashboard parameters.
  • Change dashboard viewed.

Admin (if owner) else Editor

  • Create Private dashboards ONLY.
  • Delete Private dashboards ONLY.
  • Edit (Save) Public dashboards, for which you are owner.
  • Change dashboard parameters.
  • Change dashboard viewed.

Admin (if owner) else Viewer

  • Edit (Save) Public dashboards, for which you are owner.
  • Change dashboard parameters.
  • Change dashboard viewed.

Viewer

  • Change dashboard parameters.
  • Change dashboard viewed.

No Access

  • Change dashboard parameters.


x
Reference: Default Functional Roles in PMF

Each default functional role in PMF has access to a particular combination of tabs in the PMF dashboard. If you want to change these tabs, you need to use the WebFOCUS Dashboard View Builder. For more information on using the WebFOCUS Dashboard View Builder, see the WebFOCUS Managed Reporting Administrator's Manual.

The following table lists and describes the default functional roles that are provided with PMF.

Role/Group

Function

Tabs Available

Admin w Access Scrty

Allows an Administrator to test Access Security without having to log off and log back on with a different user.

All tabs are available.

Administrator

Performs and checks every facet of the application. Assigns users to roles, sets up the initial operational data in the application, and enters other application-specific data for each site.

Also responsible for ongoing maintenance of the application.

All tabs are available.

The only other role with access to Administration is the Planner.

Author

Sets up the structure of the scorecard, specifies the measures to be used, and links them to the scorecard. This role has the authority to update all fields in the scorecard and all updates are kept historically by date of the entry.

Today, Analytics, Author, Strategy.

This is the only role with author and strategy update capabilities.

Analyst

System users who analyze data, view scorecards, view and comment on their own measures and those of their staff, and perform forecasting functions. Cannot enter values.

Today, Analytics

Consumer

System users who can display their own views and provide comments on the results of a scorecard. Cannot enter values.

Today

Planner

Sets up targets for one, many, or all measures in the system.

Today, Analytics, Administration.



x
Working With Access Roles

How to:

Access roles can be created and assigned to multiple users to set up the exact same level of access to the measures and dimensions in PMF. In the future, if you need to change access to measures and dimensions for that group of users, editing the access role is all that is required.



x
Procedure: How to Create Access Roles
  1. In the Manage tab, click the Access Roles panel button.
  2. Click New.

    The New Access Role panel opens, as shown in the following image.

    New access role panel

  3. Type a name for the new access role in the Access Role Name field, for example, Consulting.
  4. Using the drop-down menus for each dimension, select the measure level at which you want to limit access for the access role.

    For each level you select, all users (owners) linked to that access role will only be able to view measures at or below that level. If the access role should be allowed to view all measure data for a dimension, select All in the drop-down menu for that dimension.

  5. When you are finished setting measure access for each dimension, click Save to create the new access role.


x
Procedure: How to Edit Access Roles
  1. In the Manage tab, click the Access Roles panel button.
  2. Click the access role you want to edit in the tree.

    The Edit Owner Access panel opens.

  3. Using the drop-down menus for each dimension, select the measure level at which you want to limit access for the access role.
  4. When you are finished editing the measure access level for each dimension, click Save to save your changes.

WebFOCUS