Roles, security, and permissions

Users can access the Xtraction web client to view previously saved dashboards, documents, and filters. If assigned one of the designer roles, a user can also create new dashboards, documents, and filters and edit existing ones.

For information about setting up users, see User accounts.

User roles defined

Administrator: Manages user accounts, user roles, groups, and data policies and allocates privileges to all other users. Users must make a request to the administrator if different privileges are sought.

Content designers (collective role): Create reporting content for use by other users. A user can be assigned only one type of designer role. Specific roles in order of precedence are:

Enterprise designer: Has access to designer functions with the ability to create or edit private and shared objects including dashboards, dashboard folders, filters, and filter folders. Enterprise designers can see all private objects owned by other users.

Designer: Has access to the same designer functions as the enterprise designer, with the ability to create or edit private and shared objects. Privileges are limited to those objects in previously shared folders to which the designer has access.

Private designer: Has access to the same designer functions as the enterprise designer, with the ability to create or edit private objects. Privileges are limited to creating private objects. Private objects can only be saved into the user’s folder and can only be seen by their creator and by the enterprise designer.

Scheduler: Can schedule the export of dashboards, documents, and reports in a variety of formats. This role is usually assigned in combination with a designer role.

Alert users: Can set up dashboard and threshold alerts and view the breach history list. This role is usually assigned in combination with a designer role.

You can also configure a data policy for each user role, which places certain restrictions on a user's access to data. For details, see Data policies.

Allowing users view-only access

If your organization has purchased an Enterprise Server license, you can set up an unlimited number of users (known as "viewers") with view-only access to private and public objects (dashboards, filters, and folders). Viewers can view and interact with existing dashboards without taking up a user license. Users are considered viewers only if they are not assigned a user role. Once a user has an assigned role, each Xtraction session that they open in a browser will use an available license.

User role functionality

The following table shows all functions accessible to each user role:

Function

Admin

Enterprise Designer

Designer

Private Designer

Viewer

Scheduler

Alert User

Administrator

x

 

 

 

 

 

 

Dashboard designer

 

x

x

x

 

 

 

Document designer

 

x

x

x

 

 

 

Report designer

 

x

x

x

 

 

 

Schedule document

 

x

 

 

 

 

 

Add public objects (i.e., dashboards, filters, folders)

 

x

x

 

 

 

 

View private & public objects (i.e., dashboards, filters, folders)   x x x x    

Update public objects

 

x

x

 

 

 

 

Update object owners

 

x

 

 

 

 

 

View/Update private objects owned by others

 

x

 

 

 

 

 

Set permissions

 

x

x

 

 

 

 

Set permissions
for groups

 

x (for all groups)

x (for the
designer’s
groups only)

 

 

 

 

Set permissions
for users

 

x (for all
users)

x (for users
in the
designer's groups only)

 

 

 

 

Schedule dashboards, documents, and reports for export

x

x

 

 

 

x

 

Create alerts on dashboards

x

 

 

 

 

 

x

Create threshold alerts

x

 

 

 

 

 

x

View personal alerts

x

 

 

 

 

 

x

View all alerts

x

 

 

 

 

 

 

Security

Xtraction's access privileges are managed by these provisions:

Access to the Xtraction web client is controlled by user accounts and user authentication.

Access to Xtraction functionality is controlled through user roles, where groups and folder permissions define access to dashboards, documents, and filters.

Access to specific data is managed by data policies set at the user level.

User accounts, roles, groups, and data policies are managed using the Administration links at the bottom of the Xtraction page.

Folder permissions are managed at the designer level. For details, see User groups and folder security.

Folder accessibility

The following table shows each user role and the allowed actions and accessible folders available to each one:

Role Allowed action + Accessible folders
Enterprise designer Open, Save, Move, or Explore — My folders, shared folders, and user folders
Designer Open, Save, Move, or Explore — My folders and shared folders
Private designer

Open — My folders and shared folders

Save, Move, or Explore — My folders only

Viewer Open — My folders and shared folders. All other interaction is prevented by the absence of relevant privileges.