When you’re working with large datasets or complex models, it's critical to simplify and optimize access rights wherever possible. Dimension replacement enhances manageability and user experience of your security model while also improving performance.

Why apply Dimension replacement in access rights?

The benefits include:

• Reduces the number of access rights Metrics you need to create and maintain.
• Speeds up access rights recalculation and improves model loading time.
• Simplifies security model structure.
• Increases flexibility when working with complex data.

Performance gains are especially significant when replacing a Dimension with few items (like Region) with one that has many items (like Country or Employee).

Dimension replacement supports both hierarchical and custom relationships, allowing you to manage access rights in a more scalable way.

How does it work?

Example 1: Region to Country

You have Dimensions for Region and Country, with each Country linked to a Region via a List Property. You want to apply access rights at the Region level and have them cascade to Countries.

Without Dimension replacement:

1. Create an access rights Metric for User x Region.
2. Create another Metric for User x Country, with a formula referencing User x Region via the mapping.

With Dimension replacement:

You define access rights on User x Region, and Pigment applies them to User x Country using the mapping relationship between Country and Region.

Example 2: Business Unit to Employee and Month

Each employee belongs to a Business Unit, which may change over time. You track these changes using a mapping Metric with Dimensions Employee x Month and values for Business Unit.

You want to apply access rights defined at the Business Unit level and apply them to Employee x Month.

Without Dimension replacement:

1. Create an access rights Metric for User x Business Unit.
2. Create a Metric for User x Employee x Month with a formula pulling in access from User x Business Unit via the mapping.

With Dimension replacement:

You use just the User x Business Unit Metric and apply it to Employee x Month through the replacement feature. This eliminates the need to compute a much larger access rights Metric.

Performance Impact

By reusing a single access rights Metric across multiple Dimensions, you:

• Avoid computing high-cardinality access rights Metrics.
• Reduce the total cell count in your access model.
• Improve model load times and access rights recalculation speed—especially when the replaced Dimension has many items.

In the Business Unit / Employee / Month example:

• 10s of Business Units
• 100s of Months
• 1000s of Employees

This would require a massive access rights Metric, unless you use Dimension replacement. The result? Faster model performance and leaner security configurations.

Use Cases for Dimension mapping in access rights rules

1. Supply Chain Management:
   • Restrict access to specific regions or product categories within a global supply chain model.
   • Map warehouses to delivery zones to ensure users only access relevant information.
2. Financial Models:
   • Assign access based on organizational structures, such as departments linked to budget categories.
   • Grant access to country-specific financial data for regional managers without exposing unrelated regions.
3. Human Resources:
   • Connect employee roles to their specific access requirements, such as linking job titles to sensitive salary data.
   • Map teams to projects so users only see relevant task details.