Security Setup (Mandatory)

Configurable Inquiries allow sites to setup security access for Non-Admin or business users for securing access to Business Views associated with a BI Model as well as applying Row-Level Security to filter the inquiry data.

Non-admin or business users accessing Create Configurable Inquiry (CREATCI) and My Configurable Inquiries (CIMYINQ) require access to the BI Model to create, edit, and view Configurable Inquiries associated with that BI Model.  

The BI Security Role enforces Row-Level Security (RLS) on CI data returned by Advantage Insight. The BI roles (for example, Department Security, Department Unit Security, No Security, and PB Security) are configured on the Advantage Insight data models and one of these Roles needs to be passed for data security. If the BI Security Role field is left blank, the No Security BI Role will be used for RLS on the CI data by default.

The security setup should be done by Admin users on the BI Model Role Setup (BIRSETUP) and the BI Security Role Mapping (BISECMAP) pages.   

• On the BI Model Role Setup (BIRSETUP) page, BI Model name(s) required by your site for Configurable Inquiry reporting purposes should be mapped to a BI Role Name. The BI Role Name field defines Row-Level Security access.  

• Recommended Option: The BI Security Role Mapping (BISECMAP) page provides the capability to map Advantage Security roles with BI Models defined on the BI Model Role Setup page. This controls access to BI Perspective and Business Views associated with the BI Model. A user will be able to access the Business View only if the system finds a record with a BI Model and a Security Role assigned to the user.  

• Default Option: If a site does not wish to apply security to a BI Model level and instead prefers a sitewide security control applicable to all models, a Security Role can be set up by providing mapping to a Default BI Role name. In this scenario, setup is not required on BI Model Role Setup. This setup means users with access to the mapped security role can access all models and Default BI Role Name is considered for Row-Level security purposes. By default,

1. Mapping for three security roles are pre-delivered with BI Role as No Security.

2. Sites that require model specific setup should delete Day 0 CGI pre-delivered setup listed in table.

3. For sites with Performance Budgeting only implementation, the default security role should be changed to PB Security.  

If the system finds multiple records of Security Role mapped with a BI Model as well as record with BI Model mapped to Default BI Role, the system gives precedence to a Default BI Role record.