Version 2021

Create and Edit Security Filters

A security filter is a stand-alone object with filtering capabilities that you assign to users or groups. The security filter limits what users can see by narrowing their result set when they execute reports or browse elements. Security filters enable you to control, at the MicroStrategy level, what warehouse data users can see based on the filter criteria. The security filter applies to all reports and documents, and all attribute element requests, submitted by a user.

The Security Filter Editor used in this workflow uses the new Modeling service infrastructure. Make sure that this service is properly configured and running before creating security filter objects. You must have the Create Application Objects (under Server - Intelligence) and Create and Edit Security Filters (under Server - Intelligence) privileges to create and edit security filters.

  1. Open the Workstation window with the Navigation pane in smart mode.
  2. To create a security filter:

    1. Choose File > New Security Filter.
    2. Select an environment and project.
  3. To edit a security filter:
    1. In the Navigation pane, click Projects or Objects and navigate to the security filter.
    2. Right-click the security filter and choose Edit.
  4. The Security Filter Editor contains the following sections:
    • The left pane contains an object browser to locate objects to build a filter or data restriction.
    • The Users and Groups pane on the right allows you to select user and groups.
    • The center pane is where you build the security filter definition.

  5. Use the Filter Definition section in the middle pane to build the row-level filter. The filters in security filters are similar to regular filters. The only difference is that security filters can only be created using qualifications based on attributes and system prompts or shortcuts to other filters. Metrics and regular prompts are not allowed in the qualifications. A security filter can include as many qualification expressions as necessary, joined together by logical operators.

  6. Use the Data Restrictions section in the middle pane to define the top and bottom range attributes, which restrict the allowed granularity of metric data in reports and visualizations. The bottom range attributes allow viewing, for example, of metric data at a customer city level or higher, disallowing metric data at the customer level. Similarly, top range attributes security filters can allow the viewing of metric data at the subcategory level or lower, restricting viewing metric data at category level. The granularity is based on the relationships among attributes.

  7. The users and groups associated with this security filter appear in the right pane. If the pane is hidden, click Users & Groups to display it. Click Add to add more users and groups to associate with this security filter. Click next to a user or group to remove it.