Setting up data permissions
Data permissions (or permissions) are a data access control that administrators can apply to users of Business Performance Center. Administrators determine what data business professionals can view.
Before you begin
- When using an enterprise pattern deployment, the parameter is set to false in the custom resource.
- When using an evaluation pattern deployment, the parameter is set to true in the custom resource.
To manage permissions you must be a Business Performance Center administrator.
After installation, all the users who belong to the User Management Service team specified in the business_performance_center.admin_group field of the custom resource have administrator rights. If this field is not specified, only the user defined in the Business Performance Center secret has administrator rights. For more information about secrets , see Configuring custom secrets.
For 21.0.1, you must manually set up a Business Performance Center administrators team in User Management Service after installation, and then update the business_performance_center.admin_team field in the custom resource by providing the UUID of the team that you want to be the admin team.
About this task
As an administrator for Business Performance Center, you must grant and restrict team access to data. You grant permissions by associating teams with relevant monitoring sources.
A monitoring source (or, source) is a list of data that a team can view and interact with in charts, dashboards, and goals. A monitoring source consists of data kinds and domains. A data kind represents the available software in IBM Cloud Pak® for Business Automation, such as IBM Business Automation Workflow and IBM Operational Decision Manager. A data domain is a specific subset of data within a kind, such as a process in IBM Business Automation Workflow or a ruleset in IBM Operational Decision Manager.
You can grant permissions from one of two tabs: Teams and Sources. From the Teams tab, you associate all of the relevant monitoring sources to a team. From the Sources tab, you associate all of the relevant teams to a monitoring source. Changes to one tab are reflected in the other, so you can set permissions from whichever tab is convenient for you.
Procedure
Results
After you set data permissions for all the available teams, the Set data permissions button is disabled in the Teams tab. Similarly, if you assign all of the available monitoring sources, the Set data permissions button is disabled from the Sources tab.
You can edit or delete data permissions by selecting the overflow menu of a team or monitoring source.