My client uses the Organization structure as the secured dimension in the model I am working in (Business Unit / Cost Pool / Cost Center) with Business Unit secured.
They have multiple modules (pre-existing model in which I am making major modifications) that contain these lists as line items but are NOT used as a dimension for the data.
There are dashboards where I have employed filters to only show records from these modules that contain the Business Unit selected.
The selectors for the filtering are contained in a basic filtering module, dimensionalized by Users with line items for the various filtering drivers.
Security – setup to Read access ALL Business Units with Write access limited to 1-5 members.
Problem – the filtering drop-downs include ALL Bus, not just the ones where the user has Write-access. This is an issue as it potentially allows someone to make changes in a dashboard to information associated with a BU for which they only have read-access.
Solution –
- Create a series of processes (based on user security) to build a list that is Write-access BU’s rolling to a pseudo User list for each user in the model. This is a mainly automated process but does require some intervention to account for users who have access to “total organization.”
- Build the filter for BU based on this new list (Dep DD list).
With a few minor modifications to tie this list to the original BU list this works.
My question – is there an easier and more straight-forward way to only list Write-access list members in a drop-down list? I tried to come up with a way to do this via Dynamic Cell Access but could not find a way to make it work.
