Introducing proCube™ Security Manager

proCube™ Security Manager is an administrative application that provides an easier and more effective way to apply and manage security for 9Dots ( Budgeting, Forecasting, and Financial Reporting in addition to the proCube database itself. proCube Security Manager gives budget administrators, financial analysts, and 9Dots consultants more effective tools for managing users and groups, building security rules, and simultaneously applying or updating multiple cubes.

With proCube, you apply security to one cube at a time. proCube™ Security Manager, however, lets you apply this same security simultaneously over multiple cubes. It also saves you time and effort when writing security rules because the rule builder interface automates much of the work. A reporting function lets you keep track of the security settings for users and groups.

Modeled on the look and feel of proCube Management Studio, and built using the proCube Application Programming Interface (API), proCube™ Security Manager runs as a Windows application on a local desktop or as a ‘Published Application’ through Citrix.

proCube™ Security Manager administers security for these applications:

  • proCube

  • 9Dots Budgeting

  • 9Dots Forecasting

  • 9Dots Financial Planning

How proCube Security Manager works

proCube Security Manager administers users, groups and security for the 9Dots Planning applications (Budgeting, Forecasting, and Financial Reporting) and for proCube itself. The structure and the security requirements for the 9Dots applications are different though and there may be a crossover for some of the users and dimensional structure (offices, department, and accounts). The application and the corresponding proCube database for applying security are user-defined. proCube Security Manager holds configuration parameters for the currently running proCube database and for each of the applications in use and permits only users who are members of the Administrator group in the proCube database to run the security application.

proCube Security Manager lets you create, modify, and delete users, groups, metadata security, and factdata security. proCube Security Manager reads the current security settings within the selected application database as the starting point for any modification. It stores the security settings in a storage repository, e.g., a file or a database. The repository has a structure that can be manually updated outside of the interface for edits and then reapplied to the application database as necessary. Each time proCube Security Manager writes security to the application, it writes the results to the storage repository for safe keeping using a date and time stamp. proCube Security Manager can restore (or apply) security settings from an existing file existing in an external repository.

proCube Security Manager enables you to build factdata security rules by a user or group across multiple functional areas together or independently. For example, a user requires access to the compensation and revenue functional areas within 9Dots Budgeting and requires write access to the New York and Boston members in the office dimension. By selecting the compensation and revenue functional areas and then applying security grants, that user gains access to both functional areas. proCube Security Manager also allows you to build security rules by selecting the users and groups and then selecting one or more members from each of the respective dimensions from the functional area. The interface reads the dimensions in the corresponding cubes for each functional area selected. Only specific dimensions are available based on the application and the functional area. proCube Security Manager supports the selection of one or more users/groups at a time.

On-demand reports show the security assignments for a particular user or group. An on-screen report displays the functional areas and dimensions included within the security rules for that user or group. When writing the security rules to the proCube database, errors are captured and written to a viewable output log.

Briefly, here is the process of using proCube Security Manager:

  1. Create new users or fetch them from the list of Network users, similar to the add user function in proCube.

  2. Build functional areas and assign cubes and dimensions to those areas.

  3. Add, modify, and delete existing users and manage their passwords.

  4. Create, modify and delete groups.

  5. Add and remove users from groups. Each added user automatically becomes a member of the default ‘Everyone’ group, which provides generic security across an application by granting metadata read access to all cubes and all dimensions within that application’s database.

  6. Build fact data security rules for a user or group across multiple functional areas or by selecting users/groups and then selecting members from functional area dimensions.

  7. Write fact data security rules into the proCube database using the key alias for the selected members. If an alias does not exist, the security rule uses the member name. Each security rule within a cube needs to have unique name. Each rule is named using a sequential numbering scheme. Only rules that are changes will get assigned a new security rule name.

  8. Create reports listing the metadata and fact data security settings for users and/or groups.

Functional areas

To enable the application of security across multiple cubes, the proCube Security Manager lets you set up functional areas and then apply security to the cubes in those functional areas rather than applying security on a per-cube basis. A functional area is a grouping of like cubes that share users, groups, dimensions, and security rules. Functional areas manage the metadata for the grouping of these like cubes. proCube Security Manager interface manages and updates these functional areas, which are written to xml files. Manual editing of these xml files is also possible.

You will build your own functional areas in proCube Security Manager. To give you an idea of what these functional areas might consist of, below are a few sample functional areas appropriate for Satori Budgeting and the cubes that may be assigned to those areas. Refer to Building Functional Areas and Sample Functional Areas for more information.

Functional Areas

Cubes per Functional Area

Capital Expenditure

New Assets Approved
New Assets
Asset Management Firmwide
Depreciation Schedule
Asset Management Office

Compensation

Budget Compensation
Master Budget
FTE & Headcount
Hires & Attritions

Expenses

Xchange GL Data
Budget GL
Budget GL Details
Projected Actuals

Revenue

Master Budget
Budget Revenue
Hires & Attritions
FTE & Headcount

proCube Security Manager User Interface

Below is the proCube Security Manager's main user interface. Go to Installing proCube Security Manager to install the product.

MainScreen.png

Figure 1.    User Interface

The following description divides the interface into three sections:

  • Controls and commands

  • Work space

  • Messaging area

Controls and commands

ControlsCommands.png

Figure 2.    Controls and Commands

proCube Security Manager runs in conjunction with proCube, and just like proCube, employs Microsoft Office Fluent user interface. The Ribbon helps you to quickly find the commands that you need to complete a task. Commands are organized in logical groups, which are collected together under tabs. Each tab relates to a type of activity, such as working with functional areas. To reduce clutter, some tabs/commands are shown only when needed.

Click the big orange button to open the Options dialog where you can configure interface and database settings. If you prefer your commands to appear on a toolbar that you can access for immediate action, you can customize the Quick Access Toolbar. Adding commands to the Quick Access Toolbar (just to the right of the big orange button) gives you easy access to commonly used functions in Satori Security Manager.

Within the application, tool tips describe the functionality for each of the Ribbon commands.

Work area

The work space includes the Server View, the Functional Area work space, and the Group View and User View.

WorkSpace.png

Figure 3.    Work Area

The Server View displays the servers and databases to which you have access. Under each server/instance, you can navigate cubes and dimensions. The functional area work space is where you build and navigate your functional areas and attach your security rules. Users and groups are managed from the Group View and User View.

Messaging area

MessagingArea.png

Figure 4.    Messaging Area

The messaging area contains access to the Output log (shown here open) and displays (depending upon the current window focus) information for server, database, functional areas, users, and groups.

Views

The Home ribbon's View Group contains functionality to display or hide Server View, Status Bar, and Output Log. Selecting an item displays it. Deselecting an item hides it. Hiding the Server View provides more room for the Functional Areas work space.

ViewsGroup.png

Figure 5.    Views Group

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk