There are two methods for creating an access rights Metric:

• Create an Access Rights Metric in Block Explorer
• Create an Access Rights Metric in the Access Rights Configuration Wizard 

To complete your access rights Metric set-up, you also need to create access rights rules. These rules define the areas within your model where data access should be applied or ignored.

• Create Access Rights Rules

Create an access rights Metric in Block Explorer

For this method, you create a Metric in Block Explorer like any other Metric in Pigment. However, an access rights Metric has specific requirements, as described below.

1. In Block Explorer create your Metric with the following criteria:

   • Data type. Access rights
   • Dimension.
     • Select the User Dimension. This must be present so you have different security settings for different users.
     • You also need to select the Dimension to which you’re applying your security. For example, a Dimension called Department, Country, and so on.

   When your new access rights Metric opens, all values are displayed as No Read/ No Write . These are in fact blank values. Even though you see text in these cells, these can be hidden if you select the Hide empty rows and columns option in the Filter panel.

          Next, you need to create access rights rules, specifying where in your model data access should be applied or ignored. When you create a Metric in Block Explorer, you need to locate your access rights Metric in your Application Settings.

2. In your Application, go to Roles, permissions and access, and open the Data access rights tab.
3. Find and hover over your new access rights Metric, and click Apply configuration. The Apply… pane opens. It displays the new access rights Metric, and its prepopulated values No Read/No Write.
4. Select the required data access rights for each Member.
5. When you’re finished assigning the Member access rights, click + Add a rule to apply the configuration.
6. Create rules for your access rights Metric. This is described below in Create Access Rights Rules.

Create an access rights Metric in the access rights configuration wizard

You can also create an access rights Metric using the access rights configuration wizard. It also enables you to create Access Rights rules, specifying where in your model data access should be applied or ignored.

1. In your Application, go to Roles, permissions and access.
2. Open the Data access rights tab and click + Add access rights.
3. Click + Create a new configuration.
4. Select the Dimensions to which you want to assign access rights.
   The User roles Dimension is already selected for you.
5. Click Configure Access. The Step 1/2: Assign access rights pane opens. It displays the new access rights Metric, and its prepopulated values: No Read/No Write
6. Select the required data access rights for each Member.
7. When you’re finished configuring the Member access rights, click Continue to Step 2.

8. The Step 2/2: Apply this configuration to your model pane opens. This is where you create a rule (or rules) to apply your data access right configuration to specific areas of your model.

9. Create rules for your access rights Metric. This is described below in Create Access Rights Rules. 

Create access rights rules

After you create access rights Metric from Block Explorer or from the access rights configuration wizard, you need to create a rule (or rules) to apply your data access configuration to specific areas of your model.

1. Select Apply or Ignore.
   This determines if the access rights rule is used to apply the Metrics configuration to data, or if it’s used to remove your access rights configuration from data.
   For example, if you select only Read access for a rule type, the Write value is ignored in your Metric, regardless of how the Metric is configured.
    

2. Select Read accesses, Write accesses, or Read & Write accesses .

3. Define to which Blocks in your Application the rule applies or does not apply:

   • Specific Metrics. Select one or more Metrics that contain the Dimensions used in your access rights Metric.

     If you created an access rights Metric that used the User list and the Country list, you could select Specific Metric(s) that contained the Country list.

   • Specific List Properties. Define on which Lists and on which Properties of this List these access rights should apply.
     
     For example, you can specify access rights for the Annual Salary property belonging to the Employee List.

   • All Metrics using specific Dimension(s). Assign this rule to all present and future Metrics that contain Dimensions used in your access rights Metric.
     
     For example, if your access rights Metric contained a Dimension called Department, then this rules is applied to all Metrics containing the Department Dimension.
      
   • List Items values. This rule filters out values in the List according to the access rights Metric. It allows you to protect data in List based on its Properties.
     
     For example, you can set Read access on an Annual Salary property based on a Dimension formatted Country Property.  This allows certain Members to view some Salaries depending on the Country Property.
      

4. Enter a name for your new rule.
   We recommend that you give your rule a name that describes its purpose. For example: Restrict employee access to salary data.

5. (Optional) Click + Add another access right rule to add more access rights rules.

6. Click Save configuration when you’re finished.