Roles, security, and permissions
Users can access the Xtraction web client to view previously saved dashboards, documents, and filters. If assigned one of the designer roles, a user can also create new dashboards, documents, and filters and edit existing ones.
For information about setting up users, see User accounts.
User roles defined
•Administrator: Manages user accounts, user roles, groups, and data policies and allocates privileges to all other users. Users must make a request to the administrator if different privileges are sought.
•Content designers (collective role): Create reporting content for use by other users. A user can be assigned only one type of designer role. Specific roles in order of precedence are:
•Enterprise designer: Has access to designer functions with the ability to create or edit private and shared objects including dashboards, dashboard folders, filters, and filter folders. Enterprise designers can see all private objects owned by other users.
•Designer: Has access to the same designer functions as the enterprise designer, with the ability to create or edit private and shared objects. Privileges are limited to those objects in previously shared folders to which the designer has access.
•Private designer: Has access to the same designer functions as the enterprise designer, with the ability to create or edit private objects. Privileges are limited to creating private objects. Private objects can only be saved into the user’s folder and can only be seen by their creator and by the enterprise designer.
•Scheduler: Can schedule the export of dashboards, documents, and reports in a variety of formats. This role is usually assigned in combination with a designer role.
•Alert users: Can set up dashboard and threshold alerts and view the breach history list. This role is usually assigned in combination with a designer role.
You can also configure a data policy for each user role, which places certain restrictions on a user's access to data. For details, see Data policies.
Allowing users view-only access
If your organization has purchased an Enterprise Server license, you can set up an unlimited number of users (known as "viewers") with view-only access to private and public objects (dashboards, filters, and folders). Viewers can view and interact with existing dashboards without taking up a user license. Users are considered viewers only if they are not assigned a user role. Once a user has an assigned role, each Xtraction session that they open in a browser will use an available license.
User role functionality
The following table shows all functions accessible to each user role:
|
Function |
Admin |
Enterprise Designer |
Designer |
Private Designer |
Viewer |
Scheduler |
Alert User |
|---|---|---|---|---|---|---|---|
|
Administrator |
x |
|
|
|
|
|
|
|
Dashboard designer |
|
x |
x |
x |
|
|
|
|
Document designer |
|
x |
x |
x |
|
|
|
|
Report designer |
|
x |
x |
x |
|
|
|
|
Schedule document |
|
x |
|
|
|
|
|
|
Add public objects (i.e., dashboards, filters, folders) |
|
x |
x |
|
|
|
|
| View private & public objects (i.e., dashboards, filters, folders) | x | x | x | x | |||
|
Update public objects |
|
x |
x |
|
|
|
|
|
Update object owners |
|
x |
|
|
|
|
|
|
View/Update private objects owned by others |
|
x |
|
|
|
|
|
|
Set permissions |
|
x |
x |
|
|
|
|
|
Set permissions |
|
x (for all groups) |
x (for the |
|
|
|
|
|
Set permissions |
|
x (for all |
x (for users |
|
|
|
|
|
Schedule dashboards, documents, and reports for export |
x |
x |
|
|
|
x |
|
|
Create alerts on dashboards |
x |
|
|
|
|
|
x |
|
Create threshold alerts |
x |
|
|
|
|
|
x |
|
View personal alerts |
x |
|
|
|
|
|
x |
|
View all alerts |
x |
|
|
|
|
|
|
Security
Xtraction's access privileges are managed by these provisions:
•Access to the Xtraction web client is controlled by user accounts and user authentication.
•Access to Xtraction functionality is controlled through user roles, where groups and folder permissions define access to dashboards, documents, and filters.
•Access to specific data is managed by data policies set at the user level.
User accounts, roles, groups, and data policies are managed using the Administration links at the bottom of the Xtraction page.
Folder permissions are managed at the designer level. For details, see User groups and folder security.
Folder accessibility
The following table shows each user role and the allowed actions and accessible folders available to each one:
| Role | Allowed action + Accessible folders |
|---|---|
| Enterprise designer | Open, Save, Move, or Explore — My folders, shared folders, and user folders |
| Designer | Open, Save, Move, or Explore — My folders and shared folders |
| Private designer |
Open — My folders and shared folders Save, Move, or Explore — My folders only |
| Viewer | Open — My folders and shared folders. All other interaction is prevented by the absence of relevant privileges. |