MicroStrategy ONE
Create Security Roles
Security roles are collections of privileges that can be reused from project to project. Security roles enable you to assign a unique set of privileges to users on a per project basis. Security roles are created and maintained at the project source level and assigned to users at the project level.
For example, you may create a security role that allows a certain set of users to access all the editors except the Attribute Editor. Once you create a security role, you can save it and use it in any project loaded on that Intelligence Server machine, by assigning the security role to a user or to a group of users. The users associated with a particular security role can vary by project.
See Privileges by License Type to view a dashboard that lists all of the available privileges grouped by their respective license.
Yes! The MicroStrategy product suite comes with a number of predefined security roles for administrators. These roles makes it easy to delegate administrative tasks.
The predefined project administration roles cover every project-level administrative privilege except for Bypass All Object Security Access Checks. None of the roles have any privileges in common. For a list of the privileges included with each predefined security role, see the List of Privileges section.
The predefined administration security roles are:
- Analyst, who have authoring capabilities.
- Analytics Architect, who can create, publish, and optimize a federated data layer as the enterprise’s single version of the truth. Users can build and maintain schema objects and abstraction layers on top of various, changing enterprise assests.
- Application Administrator, who have access to all application-specific tasks.
- Application Architect, who create, share, and maintain intelligence applications for the enterprise.
- Certifier, who can certify objects in addition to having authoring capabilities.
- Collaborator, who can view and collaborate on a dashboard they have access to.
- Consumer, who can only view a dashboard they have access to.
- Database Architect, who can optimize query performance and utilization based on query type, usage patterns, and application design requirements by tuning VLDB settings or configuring schema objects.
- Embedded Analytics Architect, who can inject, extend, and embed analytics into portals, third-party, mobile, and white-labelled applications.
- IntroBI, which is used for the MicroStrategy class "Introduction to Enterprise Business Intelligence."
- Mobile Architect, who builds, compiles, deploys, and maintains mobile environments and applications. This user can also optimize the end user experience when accessing applications via mobile devices.
- Northeast Users, which is used for the MicroStrategy class "Introduction to Enterprise Business Intelligence."
- Platform Administrator, who configures the Intelligence Server, maintain the security layer, monitor system usage, and optimize architecture in order to reduce errors, maximize uptime, and boost performance.
- Power Users, which have the largest subset of privileges of any security role.
- Project Bulk Administrators, who can perform administrative functions on multiple objects with Object Manager (see Copying Objects Between Projects: Object Manager), Command Manager (see Automating Administrative Tasks with Command Manager), and the Bulk Repository Translation Tool.
- Project Operations Administrators, who can perform maintenance on various aspects of a project.
- Project Operations Monitors, who can view the various Intelligence Server monitors but cannot make any changes to the monitored systems.
- Project Resource Settings Administrators, who can configure project-level settings.
- Project Security Administrators, who create users and manage user and object security.
- System Administrator, who sets up, maintains, monitors, and continuously supports the infrastructure environment through deployment on cloud, Windows, or Linux.
Do not modify the privileges for an out-of-the-box security role. During upgrades to newer versions of MicroStrategy, the privileges for the out-of-the-box security roles are overwritten with the default privileges. Instead, you should copy the security role you need to modify and make changes to the copied version.
Create a Security Role
- Open the Workstation window with the Navigation pane in smart mode.
-
In the Navigation pane, click Users and Groups.
- Select an Environment from the upper-left drop-down.
- Click Create a new Security Role next to Security Roles.
- Enter a name and description for the new security role.
- In the left pane, click Privileges.
- Select the privileges to add to this security role. For an explanation of each privilege and their associated license, see Privileges by License Type.
To select all privileges in a privilege group, select the group.
- Click Create.
How to Edit a Security Role
- Open the Workstation window with the Navigation pane in smart mode.
-
In the Navigation pane, click Users and Groups.
- Select an Environment from the upper-left drop-down.
- Click Security Role.
- Right-click an existing security role and select Properties.
- Modify the name or description for the security role.
- In the left pane, click Privileges.
- Select the privileges to add to this security role. For an explanation of each privilege and their associated license, see Privileges by License Type.
To select all privileges in a privilege group, select the group.
- Click Save.
Delete a Security Role
- Open the Workstation window with the Navigation pane in smart mode.
-
In the Navigation pane, click Users and Groups.
- Select an Environment from the upper-left drop-down.
- Click Security Roles.
- Right-click the security role that you want to remove and select Delete.
- Click OK.