KPI rules

The key performance indicator (KPI) rules section of the object security rules file defines which users and groups can see specific KPIs.

The sample object security rules file contains one KPI rules section. The rule is written against four KPIs, which are visible to users RSmith and PatrickL but are hidden from the user with the distinguished name (DN) of JaneDoe2 and from the PayrollEmployees group.

{
    "ObjectSecurityArray": [
        {
            "ModelID": "MortgageLendingBAMShowcase",
            "KPIRules": [
                {
                    "KPIIDs": [
                        "Yearly_Minimum_Completed_Loan_Amount",
				"Yearly_Average_Loan_Amount",
				"Monthly_Minimum_Completed_Loan_Amount",
				"Monthly_Maximum_Completed_Loan_Amount"
                    ],
                    "VisibleTo": {
                        "Users": ["RSmith", "PatrickL"]
                        },
                    "HiddenFrom": {
				"UserDNs": ["uid=JaneDoe2,o=defaultWIMFileBasedRealm"],
                        "Groups": ["PayrollEmployees"]
                    }
                } 
            ]
        }
    ]
}

The attributes of the KPI section are described in the following list:

"KPIRules": A required attribute that signals the beginning of an array of KPI rules for the model.
"KPIIDs": KPI_ID", "KPI_ID" , "KPI_ID" . . .: A required attribute that includes one or more KPI IDs to which the rule applies.
"VisibleTo":: A required attribute that includes the names of users and groups who have permission to see the KPI data.
VisibleTo is required if HiddenFrom is not specified; otherwise, it is optional.
"HiddenFrom":: A required attribute that includes the names of users and groups who do not have permission to see the KPI data.
HiddenFrom is required if VisibleTo is not specified; otherwise, it is optional.

Use one or more of the following parameters as needed with VisibleTo and HiddenFrom. When the object security rules file is imported, all users and groups defined in the file are read:

"Users": ["cn", "cn" . . .]: A list of common names (CNs) of users.
"UserDNs": ["dn", "dn" . . . ]: A list of distinguished names (DNs) of users.
"Groups": ["cn", "cn" . . .]: A list of group CNs.
"GroupDNs": ["dn", "dn" . . . ]: A list of group DNs.

The following list describes how a user's visibility to a KPI depends on a combination of factors:

If a user is included in the "VisibleTo" list, the user has access to the KPI.
If a user is not included in the "VisibleTo" list but a group to which the user belongs is included in the list, the user has access to the KPI.
If a user is not included in the "VisibleTo" list and none of the groups to which the user belongs is included in the "VisibleTo" list, that user does not have access to the KPI.
If all the groups to which a user belongs are included in the "HiddenFrom" list, the user does not have access to the KPI, unless the user is explicitly included in the "VisibleTo" list.