Administrative groups and authority
IBM® Planning Analytics supports the separation of administrative duties and roles in Planning Analytics by dividing administrative users into the following predefined administrator groups:
- ADMIN group
- Members of the ADMIN group have access to all areas of Planning Analytics and represent super-users with all privileges.
- SecurityAdmin group
- The SecurityAdmin group can perform only security operations in Planning Analytics. These operations include creating, editing, and deleting users and groups. This group can manage the access permissions of other users to objects, such as cubes, dimensions, and rules, but this group cannot view the data in those same Planning Analytics objects.
- DataAdmin group
- The DataAdmin group has ADMIN privileges to everything that is not related to security. This group can view, edit, and save objects, such as cubes, dimensions, rules, and processes. Members in this group can view security settings in read-only mode but are not allowed to modify security settings.
- OperationsAdmin group
- The OperationsAdmin group can perform only maintenance operations in Planning Analytics. This group can perform Planning Analytics database maintenance and operational work, for example, disconnect users or cancel threads. Members in the OperationsAdmin group have no access to any Planning Analytics metadata, cube data, or any other data.
The security assignments for these administrator groups are hardcoded and cannot be modified.
You can use these predefined administrator groups to control and separate Planning Analytics administrative roles among different users to satisfy internal or external security requirements and rules.
Note: Replication and synchronization operations in
Planning Analyticsshould be performed only by
members of the ADMIN group. Members of the DataAdmin, SecurityAdmin, and
OperationsAdmin groups do not have all the access privileges to perform these
operations.