IMDB - Questions about modelling
Hi everybody,
could anyone of you please help me to get things into order?
I have two users A and B belonging to the same role and profile and having the same access to the available datasources. A starts creating a Model by clicking on the yellow symbol in the left handed menu bar (picture 1) and choosing the option "Advanced Dataflow": SQL-Server as source, little (no) transformation and IMDB as target (picture 2).
Next page then is about Data Model (picture 3): Why is the IMDB now called "source"??
Last page is about security (picture 4): Obviously A can only affect security settings concerning the roles/workgroups he belongs to himself, which seems okay. But it also means, that A cannot provide other workgroups/roles with new data sources, right?
Assuming now A wants that his colleagues from "his" role/workgroup are able to create dicoveries based on this new model/database, I suppose he needs to check both "read" options (like shown in picture 4).
As A wants his colleagues further to be able to see the Data Flow and the Data Model pages, he now saves the model in the Role's folder (Workgroup folder) of the CMS (picture 5).
Unexpectedly however, B now can modify the Data Flow and the Data Model and even change security settings(!), although A has only provided read rights.
Thus, if the right to change a model is depending on where the model has been saved to in the CMS, what are the "Write" checkboxes in picture 4 good for?
In order to wrap them up, I repeat the questions:
1. Why ist the IMDB in picture 3 called source?
2. Can a user provide other workgroups (that he does not belong to) with objects (discoveries, presentations, etc.) or with data sources he creates? The public folder in the CMS is indeed an option, but it's open to all users which might not be wanted.
3. Is the right/possibility to change a data flow and a data model (including its security settings) only depending on where the model has been saved to in the CMS?
4. What are the "Write" checkboxes in picture 4 good for?
BTW: Why are workgroups (groups, i.e. a group of users) called roles (e.g. and especially in the admin section) and a "group of rights" is called a "profile", while it is called a role in other surroundings like SSAS? This might lead to confusion when Pyramid is used as a frontend for SSAS-Cubes.
Many thanks for any help!
Kind regards
Markus
2 replies
-
Hi Markus,
1. The IMDB called "source" (picture 3) because it is the source of the model (the model is based on that IMDB server).
2. Users can give roles only to roles that he is taking part of.
3. When you use ETL there are 2 types of roles. the first type is the roles that will be applied to the model that will be created (picture 4), which means that you give read access to the user that will be able to create a Data Discovery based on this model.
Then the second type of role is the CMS roles. If you give the user access to the CMS item, then he will be able to change and re-execute the ETL file.
That's the difference between the executable file, to the deployed model.
4. The “Write” option is to let the user the ability to append new tables to the same databases that you have created on your ETL. If you mark the “Write” checkbox, then user B can come and create a new ETL file, and chose a destination of SQL Server, and then mark the combo box of the “Existing database” and then he will be able to see your database in his list.
Thanks for your comment about the Role/Group Terminology, We will check if we can make it more clear to the user.
I hope I answer all your questions. Let me know if you have any additional questions.
Thanks,
Shai Ben Ami.