This topic provides orientation on how to create access rules for use in the Intelligence solution. Note that both this feature and the Intelligence solution itself are provided on demand. This section will only appear if the solution was installed and if access rules were enabled.
Access to all tables in Microsoft Analysis Services is restricted from all users by default. When applying access rules during the installation of the Intelligence solution, the organization can choose to restrict access to all data and manually enable it for each user or group, or opt for open access and then block each user or group.
Note that if no access rules are implemented, any user with permission to create or copy intelligence reports will view all available data from Microsoft Analysis Services, regardless of other permissions they may or may not have in the system. This means that the data in the report will not be filtered to show only what the user is allowed to see. For example, if no access rules are being used, a user who only has permissions in the Workflow module (aside from permission to create intelligence reports) will be able to view asset risk metrics, which include information from the Organization and Risk modules.
Access can be granted to certain users or groups as follows:
• Access to a certain table can be fully granted.
• Access to a certain table can be granted but only for entries related to up to two values in two columns. For example, a user will have access to the list of events, but only events where a certain user is responsible and of a certain event type.
• Access to a certain table can be granted with the exception of entries related to up to two values in two columns. For example, a user will have complete access to the list of events, except for those where a certain user is responsible and of a certain event type.
A system administrator must first access Microsoft Analysis Services to configure which columns from which tables can be used to restrict access.