Drop-down list showing only Write-access list members
My client uses the Organization structure as the secured dimension in the model I am working in (Business Unit / Cost Pool / Cost Center) with Business Unit secured.
They have multiple modules (pre-existing model in which I am making major modifications) that contain these lists as line items but are NOT used as a dimension for the data.
There are dashboards where I have employed filters to only show records from these modules that contain the Business Unit selected.
The selectors for the filtering are contained in a basic filtering module, dimensionalized by Users with line items for the various filtering drivers.
Security – setup to Read access ALL Business Units with Write access limited to 1-5 members.
Problem – the filtering drop-downs include ALL Bus, not just the ones where the user has Write-access. This is an issue as it potentially allows someone to make changes in a dashboard to information associated with a BU for which they only have read-access.
Create a series of processes (based on user security) to build a list that is Write-access BU’s rolling to a pseudo User list for each user in the model. This is a mainly automated process but does require some intervention to account for users who have access to “total organization.”
Build the filter for BU based on this new list (Dep DD list).
With a few minor modifications to tie this list to the original BU list this works.
My question – is there an easier and more straight-forward way to only list Write-access list members in a drop-down list? I tried to come up with a way to do this via Dynamic Cell Access but could not find a way to make it work.
My initial thoughts are that DCA should apply to the data shown after the filter selection. So there is the option to view data they have read access to and they can only edit data they have write access to. so where you say "This is an issue as it potentially allows someone to make changes in a dashboard to information associated with a BU for which they only have read-access." - they should not be able to make changes if they have read only access. Can you elaborate further as I fear I may be missing something here?