Free cookie consent management tool by TermsFeed

Secure Data for Data Fabric Insights

This page applies to system administrators and developers. It describes how to allow users to access data fabric insights and how to decide what data is available to them.

Overview

Using group security and simple record type configurations, system administrators can decide who can access data fabric insights and developers can determine what data is available to them.

To allow users to access data fabric insights and build reports and dashboards:

As report creators build reports and dashboards, they can also determine who can see their reports and dashboards by sharing them with others.

Add users as report creators

To allow users to access data fabric insights, add them to the Data Fabric Report Creators system group.

Once a user is added to this group, they can take advantage of data fabric insights by selecting Process HQ from the navigation menu.

Choose which record types are available as datasets

By default, new record types are not available to report creators in Process HQ.

To be available, a record type must be configured to display as a dataset in the Data Catalog of Process HQ. This allows users to access the record type as its own dataset and in any other datasets where the record type is configured as a related record type. Users can then build and view reports and dashboards created from that data.

Review the record types in your environment to determine which data should be available to report creators. You should only allow users to access record types necessary for reporting.

To display a record type as a dataset in the Data Catalog of Process HQ:

  1. In the record type, go to Workspaces.
  2. Select the Show this record type as a dataset in the Data Catalog of Process HQ checkbox.
  3. Click SAVE CHANGES.

To allow report creators to also access data from related record types, you'll need configure this setting any one-to-one or many-to-one related record types.

Review security on record types

Once you determine which record types are available as datasets, you can specify which users can view and update data from those record types.

Each dataset will inherit the different layers of security configured on the record type and its related record types. If you've already secured these aspects of your record types, there's likely no additional configuration necessary.

To allow users to view and update the record data in a report or dashboard, they must have the following security configurations on the base record type and any related record types:

Security

Required Configuration

Record type object security

Users must have at least Viewer permission.

As a best practice, you should configure the record type security so that Default (All Other Users) is set to No Access. This ensures that only users who have been specifically granted permission to the record type are allowed to see the record data.

Record-level security

Users must be included in a security rule or security expression that allows them to see the appropriate records (or rows of data in the dataset).

Record action security

Users must be included in a security rule or a security expression that allows them to see the appropriate record actions. Users must also have Initiator permission to the underlying process models.

Record view security

No additional configuration necessary. Users can only view a record's Summary view, which is automatically visible to any user with permission to view the record type and the record itself.

Feedback